Industrial Control Systems (SCADA) Testing
The testing of security controls within Industrial Control Systems (ICS) environments is a necessary, but challenging task, balancing the needs of availability with robust access control, resilience, and accountability.
Traditional penetration testing attempts to make the target behave in a manner outside its intended design, through manipulating inputs, the operating environment itself, and other variables within the attacker's control. As such, tests on any system, other than a perfect one, will result in anomalous behaviour.
The network functionality and applications within embedded systems, such as those deployed in ICS components, are typically designed for closed networks and often do not exhibit resilience to scanning and malformed input.
The recommended focus of ICS testing is on assuring the security of the relevant system components in a manner that does not require intrusive or active testing in a production environment. This includes working closely with relevant staff members to ensure that risks, impacts, and potential operation disruptions are understood and managed appropriately.
Where a suitable test environment is not available, alternative approaches exist to ensure testing is performed in a safe manner, for example:
- Taking passive network captures of the live environment and replaying these against operator console software in a virtual environment.
- Reverse engineering or source code review of embedded IP stacks in PLCs or IP/Serial converters.
- Building small test environments suitable for specific, security-related testing.
- Reviewing security-relevant logging and auditing to assess defective controls.