Power producers and distributors must address SCADA system security. Assessments should consider both physical and logical borders between the corporate enterprise and the SCADA network, and any other border or perimeter end points that are IP addressable. Using its Network Vulnerability Assessment/Penetration Testing methodology and Social Engineering, Sword & Shield performs a logical and physical security assessment of the borders and/or perimeters surrounding the SCADA system.
Sword & Shield SCADA Assessment Scope and Tasking
- Interview – Sword & Shield will interview key managers in the organization to understand what information and systems are critical and sensitive. The interview is also an opportunity for management to identify any areas of concern to emphasize in the assessment.
- Administrative Security Controls Analysis – Sword & Shield will analyze the client’s written security policies and procedures along with the current state of compliance. We will also analyze security audit results, operations, and service flows related to network services, network and security management (e.g. change management, user administration), and the incident response team and plans. Sword & Shield will identify whether key areas—such as the ability to legally monitor the system—are covered by appropriate policies.
- Technical Security Controls Analysis – Sword & Shield will analyze the current network architecture, interfaces, critical components and services for security weaknesses. This includes examining the service design, placement of security devices, service arrangements with vendors, and technology vulnerabilities to determine whether they conform to industry best practices. We will review configuration of infrastructure systems, the network operating system and all security systems. In addition to analyzing the current network, Sword & Shield will review any future directions the client can describe.
Our Methodology for SCADA Security Testing
Sword & Shield has experience with testing critical infrastructure control networks. We will perform testing in a slow and careful manner that leverages the redundancy in the system. While our scanning is broad-based, we will not run a scan on the entire SCADA subnet all at once, as this often causes SCADA outages. Instead, we run numerous scans on smaller, selected targets to maintain system availability. Sword & Shield SCADA Assessment includes:
Reconnaissance/“footprinting” to identify what is on the network; determines what an outsider or insider could learn about the SCADA system using:
- Company information, Web sites, FTP sites, public servers
- Internet resources such as Sam Spade, Netcraft, ARIN, and Network Solutions
- Resource kit and command line tools such as NBTscan, reg, and UsrToGrp
Broad-based scanning using a variety of tools; identifies well known vulnerabilities across most systems using more than 1,000 tests, including multiple port scans, a wide variety of information gathering utilities, and tests for common vulnerabilities.
Secondary testing and targeted scanning on SCADA servers, EMS servers, HMI, web servers, databases, and other systems is performed using specialized scanning tools will when available.
Questions Our Report Will Answer
- Is my SCADA system sufficiently protected from hackers who may have breached external perimeter?
- Is my SCADA system sufficiently protected from unauthorized internal users?
- Can un-patched systems be exploited to gain unauthorized access to critical infrastructure?
- How do I prioritize the vulnerabilities found, create a plan for improvement and get budget approved?
SCADA Assessment results and analysis are presented in a comprehensive report. The report details the vulnerabilities present and/or exploited in the network, network devices and specific systems. The impact of vulnerability exploitation is discussed and may be used as input for further risk analyses. In addition to describing the current security posture, we provide recommendations for safeguarding SCADA systems, including tools, policies, procedures and information sources.
Real Success Story
During the course of an internal SCADA Assessment for a power producer, Sword & Shield analysts gained access to the SCADA network. An internal firewall managed by corporate IT was installed between the corporate network and the SCADA network. But the firewall had been disabled, providing an open door to the critical infrastructure.
Based on Sword & Shield’s findings, the power producer coordinated with corporate IT to activate and properly configure the firewall to provide adequate protection as a secondary layer of defense.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world
since 1997. Fill out our Consultation Request form or contact us by
phone so we can begin securing your future.
U.S. Toll-free: 800-810-1885
International: 865-244-3500
SCADA
Power producers and distributors must address SCADA system security. Assessments should consider both physical and logical borders between the corporate enterprise and the SCADA network, and any other border or perimeter end points that are IP addressable. Using its Network Vulnerability Assessment/Penetration Testing methodology and Social Engineering, Sword & Shield performs a logical and physical security assessment of the borders and/or perimeters surrounding the SCADA system.
Sword & Shield SCADA Assessment Scope and Tasking
Our Methodology for SCADA Security Testing
Sword & Shield has experience with testing critical infrastructure control networks. We will perform testing in a slow and careful manner that leverages the redundancy in the system. While our scanning is broad-based, we will not run a scan on the entire SCADA subnet all at once, as this often causes SCADA outages. Instead, we run numerous scans on smaller, selected targets to maintain system availability. Sword & Shield SCADA Assessment includes:
Reconnaissance/“footprinting” to identify what is on the network; determines what an outsider or insider could learn about the SCADA system using:
Broad-based scanning using a variety of tools; identifies well known vulnerabilities across most systems using more than 1,000 tests, including multiple port scans, a wide variety of information gathering utilities, and tests for common vulnerabilities.
Secondary testing and targeted scanning on SCADA servers, EMS servers, HMI, web servers, databases, and other systems is performed using specialized scanning tools will when available.
Questions Our Report Will Answer
SCADA Assessment results and analysis are presented in a comprehensive report. The report details the vulnerabilities present and/or exploited in the network, network devices and specific systems. The impact of vulnerability exploitation is discussed and may be used as input for further risk analyses. In addition to describing the current security posture, we provide recommendations for safeguarding SCADA systems, including tools, policies, procedures and information sources.
Real Success Story
During the course of an internal SCADA Assessment for a power producer, Sword & Shield analysts gained access to the SCADA network. An internal firewall managed by corporate IT was installed between the corporate network and the SCADA network. But the firewall had been disabled, providing an open door to the critical infrastructure.
Based on Sword & Shield’s findings, the power producer coordinated with corporate IT to activate and properly configure the firewall to provide adequate protection as a secondary layer of defense.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or contact us by phone so we can begin securing your future.
U.S. Toll-free: 800-810-1885
International: 865-244-3500
Request a Consultation