SCADA (Supervisory Control And Data Acquisition) solutions provide remote access functionality to offsite equipment and is widely used to control industrial equipment, to monitor energy consumption (including smart grid technology) and to manage building services such as air-conditioning and access control.
For certain attack groups, SCADA systems represent a very attractive target; by their very nature they are public facing, have a history of weak security and misuse can have devastating affects. Locking staff out of a building or disabling server room air conditioning will have is just as effective as a more conventional denial of service attack.
The term SCADA covers a concept and there is significant diversity in the underlying technology.
The first stage of any test is to understand the technologies in use, which vary significantly, from old propriety solutions to more modern web-based interfaces, with or without additional authentication solutions.
Once the solution is understood, Portcullis’ consultants will evaluate the potential attack vectors, develop an appropriate test plan and progress to testing. Testing will always be respectful of the system under review appropriate safeguards will be agreed.
Benefits of SCADA testing
- Final report and briefing informs management of risks.
- Prioritized findings and recommendations to maximize improvement of security posture.
- Find and close security gaps before they are exploited.
- Compensating controls for vulnerabilities that cannot be directly addressed.