Industrial control risk based assessments
Industrial control risk assessment
With the increase of cybersecurity incidents to industrial production systems, the need for risk assessments in order to defend them is critical.
The differences between Information Technology (IT) and Operation Technology (OT) means that poor results are often obtained when applying traditional IT security standards to your Industrial Control Systems (ICS).
We have developed a risk-based assessment methodology from a collection of industrial cybersecurity best practices and most used standards. This methodology addresses thespecific requirements of OT systems, without losing track on the IT systems they link to.
The risk assessment is particularly important in physical production sites, where threats like ransomware or DDos are increasing.
ICS risk assessment methodology
Our methodology covers a range of OT systems in areas including:
- System modeling: we break down your industrial control systems into smaller logic areas, so we can accurately assess them
- System monitoring and logging: our methodology analyses traffic, identifying relevant packets in SCADA protocols and detecting anomalies
- Network segregation: we provide channels to test segregation between IT and OT networks
- Threat analysis: the threats for acompanies industrial control system are different to those in IT systems. Our methodology takes these differences into account, and provides a throrough threats analysisresulting in a fully encompassing risk assessment
- Remediation: we recommend controls that will protect your network, without affecting your control systems performance
Industrial control security testing services
We have the capability to test the security of industrial control systems in a controlled environment prepared for testing many different elements relating to Industrial Control Systems (ICS) and Internet of Things (IoT).
Our lab is managed by Operation Technology (OT) experts who possess specialist IT security knowledge, so they can add real value to the test results. We offer the following cyber testing services:
A wide range of industrial control and IoT devices can be tested, in order to expose vulnerabilities. Methods for vulnerability discovery provided by our cyber lab include:
- Penetration testing
- Fuzz testing
- White box / black box testing
Code analysis can be applied to industrial control and IoT devices, to ensure the appropriate sanitization. Applications we examine include:
- Control logic analysis (for industrial control devices)
- OWASP benchmarking
To countermeasure the vulnerability findings, we provide remediation in the form of:
- Physical controls
- Architecture best practices