The ICS/SCADA security experts at Cyberkalki Securities have many years of experience in conducting assessments on different industrial system components, from railway systems and electric utilities to oil refineries and chemical plants. We provide tailored services to analyse and understand your industrial processes and operational technologies from field-level equipment to outdated systems.
Security research is at the centre of everything we do and is performed continuously on some of the world’s largest and most sophisticated networks. Our extensive hands-on investigations have already uncovered more than 200 zero-day vulnerabilities in leading ICS and SCADA systems.
We offer a full range of ICS-specific security services, including:
ICS Security Assessments
To identify all potential vulnerabilities in an ICS environment, our experts conduct internal penetration testing on an agreed set of systems and components. This testing includes:
Evaluation of how resilient your network security is to attacks at the data link layer in order to identify weaknesses that might give attackers access to your LAN
Monitoring and analysis of your network traffic to identify whether attackers can access sensitive information from it
Identification of all types of devices, operating systems, and applications present on the target LAN segment
Detection of vulnerable network services
Discovery of access control weaknesses, such as confidential information stored on poorly protected file servers and inadequate or missing firewall protection
Review of password usage, including analysis of network traffic data for information that is potentially derived from a password (NTLM, MD5 hash, etc.). This analysis will be used to generate a passive list of passwords that is tested against your ICS components along with a dictionary of common passwords
Analysis of network infrastructure security levels
Determination of whether the most critical vulnerabilities found would give attackers the ability to burrow into the network beyond the test segment and gain unauthorized access to critical ICS components, such as SCADA and controllers
Technical ICS Audit
Our ICS specialists employ a wide range of tests to evaluate the existing protection mechanisms in your ICS network and environment. Through a combination of visual inspections, interviews with key personnel, and verification of configuration settings for all ICS components, our team will:
Analyze your network architecture to check specifically for proper network segmentation (separation between controllers, servers, and workstations)
Analyze the procedures for applying updates
Evaluate the effectiveness of your anti-virus protection
Analyze your usage of counterfeit or third-party software
Identify workstation accounts and administrator privileges, including assessment of their security levels
Analyze firewall rules
Review password policies
Test automatic job blocking (with the exception of operational workstations)
Analyze available management interfaces to your PLC, managed switches, and routers
Check the placement of engineering workstations and servers in a separate room
Check the security of communication ports on the operator workstation, servers, and engineering stations
Verify access to the Windows shell on operator workstations
Check the backup network (switches, routers, firewalls), controllers, and critical servers
Check the use of undeclared protocols in control segments
Test security cabinet and telecoms equipment
Verify accessibility of ICS via wireless and remote access technologies
Test ICS interaction with external systems
Check connectivity to the Internet for all ICS components
Confirm the use of only industrial-grade equipment: routers, switches, firewalls, converters, media, etc.
Of course, during an actual attack, hackers often gain access to key system components by exploiting a combination of vulnerabilities. For this reason, our experts will also demonstrate how data obtained using one vulnerability in your network might be enough, when combined with other weaknesses, to give attackers control of key ICS components.
ICS Safety Study
The first stage of this assessment is conducted in our lab environment. Our analysis identifies technical vulnerabilities in your ICS, including issues with your software and firmware architectures. This will include the identification of all potential points of entry, threat vectors, and points of connection with external information systems.
From these findings, we will provide you with a custom threat model, a set of recommendations for addressing these threats, and a suggested timeframe for remediation.
The second phase of our safety study involves hands-on analysis of your security systems. The exact methods used will vary depending on your network, but are likely to include:
Analysis of application source code using static, dynamic, and interactive security testing
In-depth examination of software, firmware, and associated protocols
Detailed architecture review of embedded devices
Practical gray-box analysis of user interfaces
Assessment of application and system software standard configurations
Analysis of information and joint interaction interfaces with other systems
Analysis of how identified vulnerabilities can impact the functional security of systems
Development of attack scenarios
Reports containing recommendations for eliminating vulnerabilities and improving overall security
This phase will also identify the following weaknesses associated with how system components interact and how information is stored:
Errors in how user authentication, authorization, and access are implemented
Lack (or weakness) of mechanisms to counter attacks on users
Vulnerabilities that can impair how applications and systems function
Disclosure of confidential information, including specific application functions and software components
Errors in how end-user application functions are implemented
Mistakes in how input data is processed allowing remote code execution and denial of service
Configuration errors or lack of usable built-in and third-party security mechanisms
The results of these laboratory tests will then be verified with field tests to demonstrate, under controlled conditions, the attack scenarios and threat vectors, particularly those associated with interfaces to external systems.
ICS Component Threat Intelligence and Security Feeds
Stay ahead of the hackers with regular security updates direct from our research team including zero-day vulnerability alerts, anomaly detection, and remediation tactics.
Security Benchmarks and Configuration Hardening Guides for ICS Components
Be confident your systems are in peak condition with checklists created by Positive Technologies, based on our extensive industry knowledge, research, and vendor partnerships. Compare the current configurations of your ICS components including SCADA, PLC, and RTU with our recommended settings for optimum security.
ICS Compliance Checks
Cyberkalki Sec ICS experts will determine your level of compliance with technical elements of all relevant standards including CIS, NERC CIP, ISA99, and custom standards relevant to your particular industry (such as railways or power generation), your own corporate governance or regulations in the places where you do business.
The output of these assessments is an objective, independent report from our ICS specialists which includes:
A detailed technical report, including an executive summary of our conclusions and recommendations
A description of all the tests conducted and vulnerabilities identified
A full list of found vulnerabilities, ranked in order of severity and likelihood of use, along with a description of the consequences resulting from a hacker exploiting each one
Recommendations for addressing vulnerabilities, including suggested changes to equipment configurations and settings, use of protective mechanisms, and installation of necessary software updates or changes to policies, procedures, and processes
A threat model detailing the practical impact on your business if hackers were to exploit the most critical vulnerabilities found