ICS Penetration Tests and Analysis Services

Industrial process-oriented red team tests cover an IT/OT hybrid work for industrial plants. During these activities, vulnerabilities that may cause "loss of visibility" or "loss of control" are detected following penetration to ICS/SCADA networks from the eyes of a real attacker. Detection covers the technology, design, industrial protocol, and process vulnerabilities.

All analyzes and tests required for end-to-end regulation are carried out for the facilities based on the EMRA resolution 8560. These activities are carried out by a specialized team on these industrial facilities, fully compliant with all the requirements and certificates under the regulation since 2017. Analyses include:

• Examination and analysis of the ICS network and architectural structure,
• Social engineering tests for staff working in ICS structures,
• Vulnerability scanning on ICS network,
• Malware analysis on the ICS network,
• ICS wireless network and components tests,
• Exploitation tests on the ICS network.

Unlike red team tests, industrial penetration tests or EKS penetration tests are performed directly on industrial networks and components. During these activities, vulnerabilities that may cause "loss of visibility" or "loss of control" are detected following penetration to industrial networks from the eyes of a real attacker. Detection covers the technology, design, industrial protocol, and process vulnerabilities.

A situation analysis is performed in industrial facilities with reference to the maturity models recognized on a global scale, which can be applied in ICS/SCADA infrastructures. This analysis covers the examination of people, technology, and processes from an industrial cyber security perspective. As a result of this analysis, a cyber resilience roadmap is prepared by identifying the current situation and the targeted maturity level.

Within the scope of industrial cyber security hygiene service, network and host level analyses are performed on ICS/SCADA infrastructures. With this analysis, it is determined whether there is a known or unknown attack or harmful activity within the industrial facility. For this analysis, commercial software and special tools developed by our experts are used.

It is the security inspection of components such as PLC, RTU, IED, and Smart Meter used in industrial facilities based on hardware, protocol, configuration, and architecture in a special laboratory. Tests are performed to detect vulnerabilities, especially on the embedded system.

Consultancy services are provided for the selection and deployment of security products suitable for ICS/SCADA infrastructures within the industrial facility. In addition to the support provided for selection, the effectiveness and safety assurance tests of the deployed components are also carried out.

Consultancy services are provided for the secure design of digitalization, industry 4.0, or direct SCADA and DCS architectures within the industrial facility. The most appropriate option is chosen among the tiered security architecture, PURDUE model, and zero-trust approaches, and architectures are designed.

Asset and risk management, which is one of the essential needs in industrial facilities, is handled directly from the industrial cyber security risk perspective. An integrated risk management process is operated via HAZOP processes for eligible facilities. Within the scope of this service, industrial and information technology assets are identified. The criticality of these assets within industrial processes is determined, and relevant risk assessment and management steps are performed.

Consultancy services are provided for the determination of a cyber security strategy and identification of a roadmap suitable for the industrial infrastructure, for the preparation of policies and procedures in line with this strategy, and for the commissioning of said processes.

Within the scope of this service, anomaly detection, data diode, industrial firewall, or industrial endpoint security products are deployed within the industrial facility with 24/7 support.

IT and OT Cyber Security Operation Centers are handled under a single framework and are joined under Safety Operation Center. Process-based monitoring of industrial facilities is performed.

These are services specific to ICS/SCADA, provided within the scope of cyber incident response, incident recovery, and return to normalcy. This service is provided by a hybrid team of ICS/SCADA and cybersecurity experts.