Supervisory Control And Data Acquisition (SCADA) relates to hardware and software components used within industrial plants and national infrastructure.
We offer SCADA penetration testing of operator systems, network infrastructure, PLCs, Modbus protocols, application testing of control software and build reviews.
Historically SCADA systems were within closed networks without any outside connectivity. Nowadays almost all SCADA systems are IP enabled and are subject to internal and external attacks.
As SCADA systems often looks after critical infrastructure essential for manufacturing or national infrastructure, penetration testing should be performed to ensure no vulnerabilities exist within internal systems, applications and from the Internet.
SCADA penetration testing can provide assurance that the systems and security controls tested have been configured in accordance with best security practice and that there are no common or publicly known vulnerabilities in the target system at the time of the test. If vulnerabilities are found these can be rectified before an attack or security breach occurs.
Penetration testing will enable you to:
- Manage vulnerabilities
- Protect critical infrastructure
- Avoid extra cost and reputation damage from a security breach
- Provide evidence of compliance with regulatory and certification standards
- Provide assurance to customers and suppliers that their data is secure
Armadillo Sec are a CREST approved member company and our security consultants are fully certified by CREST to the highest level in application and infrastructure testing. This allows our consultants to give complete assurance when testing any elements of your environment. We have many years of experience leading large complex government and commercial cyber security tests. Our lead consultants will work with your from start to finish on the project to ensure all requirements are met.
Frequently Asked Questions
Our testers are fully certified by CREST to the highest CCT level in both application and infrastructure testing.
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
It is recommended that SCADA testing should be conducted annually as cyber threats are constantly evolving.
If major changes are made to the SCADA applications or systems, then it is recommended that additional testing is conducted. This ensures that any recent changes are not introducing new vulnerabilities into the environment.
Some certifications such as ISO 27001 or PCI DSS, require a certain frequency of testing to remain compliant.
SCADA testing is bespoke depending on the goal or outcome you wish to achieve, therefore there is not an off-the-shelf price.
For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full testing report, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- Detailed technical findings - A complete list of all issues identified
- Affected hosts - A list of all hosts or applications affected
- Risk level - Impact, likelihood and overall risk ratings are listed for each issue
- Examples - Output or screenshots to demonstrate the issue
- Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.