This page provides more information on pen testing OT infrastructures. Industrial Automation (ICS SCADA systems, PLCs, DCS systems, Robotics, HMIs. IEDs and RTUs) is often used for production environments in industry and public areas. The availability and reliability of these types of systems is essential, but security is just as important. Operational technology (OT) is used to control, automate and optimize critical manufacturing and industrial systems. With the rise of cyber-physical systems, more and more OT devices have gained network connectivity and have become increasingly susceptible to cyber attacks as a result. Therefore, it is important to secure these systems against malicious activity as well. Technical resilience testing of Operational Engineering can be performed by NFIR’s ethical hackers.
There are a lot of systems that run within Industrial Automation. Some examples of systems that can be tested by the ethical hackers during an OT pen test include: bridges, locks, weighbridges, centrifuges, treadmills, automated storage systems, pumps, pumping stations, levees, and traffic control systems. Would you like to gain insight into the security of one of the above environments? Please contact us.
What attack scenarios are possible for OT pen testing?
The most common attack scenario for an OT infrastructure is a combination of a Black and Grey Box. An illustrative example is provided below for both attack scenarios.
Black Box of the external OT infrastructure
With minimal information, a picture will be formed of vulnerabilities in the publicly available OT infrastructure. Through open source research (OSINT) as much information as possible will be collected, in order to discover possible vulnerabilities.
Grey Box of the internal OT infrastructure
Testing the internal OT infrastructure is at least as important as the external environment. This scenario simulates what a malicious hacker or malware might do if it gains access to the internal network through, for example, phishing or a social engineering attack. Questions that can be answered with this are for example: What vulnerabilities are present and is it possible to access or even influence centrifuges, treadmills, automated storage systems or pumps? During an intake the requirements will be mapped in order to choose a suitable scenario.
NFIR uses the Penetration Testing Execution Standard (PTES) and best practices, like IEC 62443, for pen testing OT infrastructure. These standards and best practices give you the guarantee that the pen test is complete and carried out according to the correct standards. We find it important to be as transparent as possible about the execution of the pen test. For this reason, we offer a checklist for various pen testing standards which is added to the report. This allows you to see which checks have been carried out, which could not be carried out and which, if any, were not applicable.
Sample OT Pentesting Report
A sample report (NL/EN) of an internal black box pen test is available. In this report, a pen test was performed on a fictitious environment, whereby vulnerabilities were made transparent.
Which systems can you have tested by NFIR's experts?
Which systems can you have tested by NFIR’s experts? Our ethical hackers check the technical resilience of (web) applications, websites, IT and OT infrastructures, API links and mobile apps. If you have a different environment that you would like to have controlled, we will be happy to discuss it with you.