Recently, at the MEA Summit, I had the opportunity to engage in a great discussion with a number of SCADA owners about security testing of their devices. Given all of the big changes underway concerning SCADA equipment, connectivity and the greater focus on these systems by attackers; the crowd had a number of questions about how they could get their new components tested in a lab environment prior to production deployment.
Device and application testing is something that MicroSolved has done for more than a decade. We have tested hundreds of IT hardware products, commercial software loads, web/mobile applications, consumer products, and for the last several years, ICS/SCADA and Smart Grid components. Our lab environments are suitable for a wide variety of testing scenarios and are used by utility companies, manufacturers and software developers from around the world as a trusted source for rational security testing and relevant threat analysis. We have a firm non-disclosure policy for client systems tested and the relevant vulnerabilities discovered and we often work hand in hand with the developers/design engineers to work through both mitigation and/or compensating control development.
ICS/SCADA owners should have any new designs assessed prior to implementation, they should have some form of ongoing security assessment (analysis – NOT scanning…) performed against current deployments/threats, plus they should be engaged in testing all new hardware and software platforms before production adoption. Developers, designers and manufacturers of ICS/SCADA/Smart Grid components should be engaging in a full set of product assessments, attack surface analysis, threat modeling and penetration testing prior to the release of the products to market. This will be a value-add to your customers, and ultimately, to the consumer.
If your organization would like to have a device or software analysis performed, or would like to discuss how to engage with MicroSolved to have new equipment or ICS/SCADA deployment ideas modeled, tested and assessed, please contact us.