Industry Control Systems (ICS) as well as critical infrastructures are often summarized by the buzzword SCADA. They usually consist of multiple high specialized devices that monitor and control industrial processes. Even the smallest production lines have Programmable Logic Controllers (PLC), actuators or sensors. The increasing connectivity like it is propagated in Industry 4.0 leads to new targets and new security relevant issues.
During an audit, we analyze relevant attack vectors and verify identified vulnerabilities by exploiting them if desired. In order to assess the security of your plant, we not only have a look at SCADA relevant vectors like manipulation of actuators or sensors, but also at traditional targets like web servers. An additional focus lies in separating OT/IT-networks as well as Defense-In-Depth.
A SCADA and critical infrastructure audit is a security audit where the following properties apply.
Control systems, critical infrastructures, industrial networks
White, grey- or blackbox
External or internal
Direct attack attempts or covert attack
Full or focused (concentrate on specific aspects of security)
Passive, polite, aggressive or paranoid