ICS penetration testing services
Our services include penetration testing, vulnerability assessment of control systems and network health verification.
Penetration testing services
Our ICS penetration testing services enable you to find weaknesses in your network perimeter. The penetration testing commences by scanning the network to determine what types of hardware are connected and the operating systems being used. Then we search for unpatched vulnerabilities in those devices and attempt to exploit those vulnerabilities to gain access to the network. The penetration testing services are supported by our ethical hackers group, who have a background in IT and engineering, and certification according Certified Ethical Hacker (CEH), GXPN, GPEN, Global Industrial Cyber Security Professional (GICSP).
Securing control systems, preventing cyber security breaches
A common design principle is to ensure that programmable logic controllers (PLCs) and the network infrastructure that is used to connect them, operate in a secure environment (i.e. sealed from malicious attackers). In practice, ICS are often inadvertently connected to other networks, which can allow remote access through open networks or the Internet. Our ICS penetration testing services will identify such weaknesses, consider the possible impacts and then suggest corrective actions.
The competence of DNV GL within ICS and IT architectures is unmatched when examining critical parts of control system networks. Our ICS penetration tests aim to reveal vulnerabilities, regardless of whether they can only be exploited by: a highly skilled malicious attacker; a determined hacker; a disgruntled employee; or even a hardware/software failure. Our cyber security approach is based on recognized standards and recommendations, such as ISO 27000 series, IEC 62443, NIST 800 framework, among others.
Our ICS penetration testing services:
- ICS penetration testing and testing of network segregation
- Stress and robustness testing
- Phishing campaigns
- Screening running services, patches and firmware
- Authentication weaknesses
- Portable media security
- Known and unknown vulnerabilities
- Traffic anomalies
- Degradation of networked equipment
- Software quality