Security Analysis of ICS and SCADA Systems

 
Tegnebræt 7-8.png
 

Security Analysis of ICS and SCADA Systems

Evaluate the security posture and protection of critical assets of Industrial Control Systems (SCADA, DCS, PLC)

Improsec delivers an independent security analysis and assessment, providing management and IT security organization with a clear overview of the cyber security posture of IT infrastructure and industrial control systems at industrial plants, factories and processing facilities.

Value

  • Evaluate the security posture and protection of critical assets of Industrial Control Systems (SCADA, DCS, PLC)

  • Determine if the IT and ICS infrastructure is configured according to cyber security best practices

  • Identification of misconfigurations, vulnerabilities and insufficient technical controls

  • Recommendations to strengthen the security level and how hardening can be applied

Product

The deliverable of the analysis is a written report containing the following:

  • A non-technical section with an Executive Summary for management and decision makers

  • A technical section including detailed observations and tangible recommendations to improve the security level and hardening of the system

Method

Our methodology is based on our extensive knowledge and experience with security testing of critical ICS infrastructure and is further supported by the NIST guidelines on ICS security.

The analysis is based on your specific setup and will be planned accordingly. Typically, the analysis will cover the following areas:

  • Network segmentation and segregation

  • Firewall configuration

  • Authentication and authorization

  • Monitoring and logging

  • Usage of secure network protocols

  • Secure configuration

  • Maintenance and patch management

  • Security of the backup solution

  • Physical exposure of critical systems

Furthermore, the current state of compromise from malware, virus, etc. can be assessed together with the effectiveness of implemented security controls.

Involvement

For an effective execution of the engagement, the delivery requires involvement of your ICS-team, who can answer technical questions about the infrastructure.


 
 

Download full description as PDF file