The ICS security experts at SMSAM Systems have many years of experience in conducting assessments on different industrial system components, from railway systems and electric utilities to oil refineries and chemical plants. We provide tailored services to analyze and understand your industrial processes and operational technologies from field-level equipment to ERP systems. Security research is at the center of everything we do and is performed continuously on some of the world’s largest and most sophisticated networks. Our extensive hands-on investigations have already uncovered more than 200 zero-day vulnerabilities in leading ICS and SCADA systems.
SMSAM Systems offers a full range of ICS-specific security services, including:
ICS Security Assessments
To identify all potential vulnerabilities in an ICS environment, our experts conduct internal penetration testing on an agreed set of systems and components. This testing includes:
- Evaluation of how resilient your network security is to attacks at the data link layer in order to identify weaknesses that might give attackers access to your LAN
- Monitoring and analysis of your network traffic to identify whether attackers can access sensitive information from it
- Identification of all types of devices, operating systems, and applications present on the target LAN segment
- Detection of vulnerable network services
- Discovery of access control weaknesses, such as confidential information stored on poorly protected file servers and inadequate or missing firewall protection
- Review of password usage, including analysis of network traffic data for information that is potentially derived from a password (NTLM, MD5 hash, etc.). This analysis will be used to generate a passive list of passwords that is tested against your ICS components along with a dictionary of common passwords
- Analysis of network infrastructure security levels
- Determination of whether the most critical vulnerabilities found would give attackers the ability to burrow into the network beyond the test segment and gain unauthorized access to critical ICS components, such as SCADA and controllers
Technical ICS Audit
SMSAM Systems ICS specialists employ a wide range of tests to evaluate the existing protection mechanisms in your ICS network and environment. Through a combination of visual inspections, interviews with key personnel, and verification of configuration settings for all ICS components, our team will:
- Analyze your network architecture to check specifically for proper network segmentation (separation between controllers, servers, and workstations)
- Analyze the procedures for applying updates
- Evaluate the effectiveness of your anti-virus protection
- Analyze your usage of counterfeit or third-party software
- Identify workstation accounts and administrator privileges, including assessment of their security levels
- Analyze firewall rules
- Review password policies
- Test automatic job blocking (with the exception of operational workstations)
- Analyze available management interfaces to your PLC, managed switches, and routers
- Check the placement of engineering workstations and servers in a separate room
- Check the security of communication ports on the operator workstation, servers, and engineering stations
- Verify access to the Windows shell on operator workstations
- Check the backup network (switches, routers, firewalls), controllers, and critical servers
- Check the use of undeclared protocols in control segments
- Test security cabinet and telecoms equipment
- Verify accessibility of ICS via wireless and remote access technologies
- Test ICS interaction with external systems
- Check connectivity to the Internet for all ICS components
- Confirm the use of only industrial-grade equipment: routers, switches, firewalls, converters, media, etc.
Of course, during an actual attack, hackers often gain access to key system components by exploiting a combination of vulnerabilities. For this reason, our experts will also demonstrate how data obtained using one vulnerability in your network might be enough, when combined with other weaknesses, to give attackers control of key ICS components.
ICS Safety Study
The first stage of this assessment is conducted in our lab environment. Our analysis identifies technical vulnerabilities in your ICS, including issues with your software and firmware architectures. This will include the identification of all potential points of entry, threat vectors, and points of connection with external information systems.
From these findings, we will provide you with a custom threat model, a set of recommendations for addressing these threats, and a suggested timeframe for remediation.
The second phase of our safety study involves hands-on analysis of your security systems. The exact methods used will vary depending on your network, but are likely to include:
- Analysis of application source code using static, dynamic, and interactive security testing
- In-depth examination of software, firmware, and associated protocols
- Detailed architecture review of embedded devices
- Practical gray-box analysis of user interfaces
- Assessment of application and system software standard configurations
- Analysis of information and joint interaction interfaces with other systems
- Analysis of how identified vulnerabilities can impact the functional security of systems
- Development of attack scenarios
- Reports containing recommendations for eliminating vulnerabilities and improving overall security
This phase will also identify the following weaknesses associated with how system components interact and how information is stored:
- Errors in how user authentication, authorization, and access are implemented
- Lack (or weakness) of mechanisms to counter attacks on users
- Vulnerabilities that can impair how applications and systems function
- Disclosure of confidential information, including specific application functions and software components
- Errors in how end-user application functions are implemented
- Mistakes in how input data is processed allowing remote code execution and denial of service
- Configuration errors or lack of useable built-in and third-party security mechanisms
The results of these laboratory tests will then be verified with field tests to demonstrate, under controlled conditions, the attack scenarios and threat vectors, particularly those associated with interfaces to external systems.
ICS Component Threat Intelligence and Security Feeds
Stay ahead of the hackers with regular security updates direct from our research team including zero-day vulnerability alerts, anomaly detection, and remediation tactics.
Security Benchmarks and Configuration Hardening Guides for ICS Components
Be confident your systems are in peak condition with checklists created by SMSAM Systems, based on our extensive industry knowledge, research, and vendor partnerships. Compare the current configurations of your ICS components including SCADA, PLC, and RTU with our recommended settings for optimum security.
ICS Compliance Checks
SMSAM Systems ICS experts will determine your level of compliance with technical elements of all relevant standards including CIS, NERC CIP, ISA99, and custom standards relevant to your particular industry (such as railways or power generation), your own corporate governance or regulations in the places where you do business.
The output of these assessments is an objective, independent report from our ICS specialists which includes:
- A detailed technical report, including an executive summary of our conclusions and recommendations
- A description of all the tests conducted and vulnerabilities identified
- A full list of found vulnerabilities, ranked in order of severity and likelihood of use, along with a description of the consequences resulting from a hacker exploiting each one
- Recommendations for addressing vulnerabilities, including suggested changes to equipment configurations and settings, use of protective mechanisms, and installation of necessary software updates or changes to policies, procedures, and processes
- A threat model detailing the practical impact on your business if hackers were to exploit the most critical vulnerabilities found