Rising awareness of securing industrial control systems (ICS) and focus of organizations to roll out ICS cybersecurity programs have prompted a fresh look at the applicability and benefits of penetration (pen) testing. A well designed pen testing project in a controlled environment provides insights and in‐depth findings that cannot be otherwise obtained from traditional risk assessments alone. It complements risk based assessment by taking a deeper look at critical zones and conduits that were identified during the assessment. The results and recommendations help generate cybersecurity requirements specifications and drive standardization of security measures across multiple plants within an organization. This paper highlights the benefits of pen testing in an ICS environment and offers guidelines to design and conduct a pen testing project.
You can also learn more about our aeCyberTest services
Modern Industrial Control Systems (ICS) combine traditional automation technologies (e.g., sensors, actuators, PLCs and industrial protocols like Modbus and CIP) with digital information technologies (e.g., Ethernet, Microsoft Windows PCs and Servers, and Internet protocols like TCP/IP and HTTP). While these newer digital technologies provide many benefits to organizations, they can also inadvertently create exposures to cybersecurity risk, which in turn, if not properly identified and mitigated, could compromise the safety, integrity and reliability of your operations. It makes sense, then, that organizations are increasingly incorporating cyber risk evaluations into their design, engineering, testing and commissioning activities.