Cyber CitadelCyber Citadel

ICS/OT Penetration Testing

Specialised security testing for Industrial Control Systems and Operational Technology environments.

The security of operational technology (OT) and industrial control systems (ICS) is crucial for maintaining the integrity of both IT networks and critical infrastructure.

OT and ICS are just as important as traditional IT networks. These systems often act at critical points in the supply chain and drive essential day-to-day operations of a business. In addition, OT often leaves weak entry points into the IT network, so securing OT complements and reinforces the security of IT.

At Cyber Citadel we don't rely just on automated toolboxes such as vulnerability scanners; our experts draw on their knowledge and expertise to rigorously test ICS and OT environments, keeping in mind business logic and risk-based prioritization. We will also strive to minimize disruption to any business operations.

Our approaches are smart, specific, and seamless. We identify vulnerabilities without disrupting operations or compromising the safety of personnel or equipment.

Capabilities

ICS/OT Testing Areas

SCADA & PLC Security

Assessment of SCADA systems, PLCs, RTUs, and other control system components for vulnerabilities and misconfigurations.

Industrial Protocol Analysis

Testing of protocols including Modbus, DNP3, OPC UA, EtherNet/IP, and PROFINET for authentication and integrity issues.

IT/OT Boundary Testing

Assessment of network segmentation, firewalls, and data diodes that separate your IT and OT networks.

Safety System Review

Evaluation of Safety Instrumented Systems (SIS) to ensure they cannot be tampered with or bypassed by an attacker.

What Sets Us Apart

Our Specialized Approach

Human-led Testing

Our testers use human ingenuity and specialised knowledge of ICS/OT environments to uncover vulnerabilities that automated tools miss.

Specialized Tools and Tactics

We use proprietary attack techniques and tools specifically designed for industrial control system testing.

Minimized Risk of Disruption

Traditional testing methods can cause systems to become unresponsive or fall offline. Our techniques start with a passive approach, gradually increasing in intensity to minimize any risk to operational systems.

How We Work

Our Methodology

Minimal Disruption

Passive to active approach, gradually increasing test intensity.

Layered Strategy

Multi-layered testing covering all attack surfaces.

Review of Systems

Architecture, functionality, control, and connectivity analysis.

Evaluation of Controls

Assessing effectiveness of existing security controls in mitigating risks.

Separation of Systems

Analysis of IT/OT segmentation and isolation.

Real-world Attack Simulation

Leveraging MITRE ATT&CK for ICS framework.

Our Team

Skills and Expertise

Cross-disciplinary Knowledge

Bridging IT and OT security domains.

In-depth ICS and OT Understanding

Deep knowledge of SCADA, PLCs, DCS, and industrial protocols.

Firsthand Experience

Years of experience testing critical infrastructure across energy, manufacturing, and utilities.

Advanced Level Expertise

Certifications and research in industrial control system security.

Ready to protect your company and launch your SOC-as-a-Service?

Get StartedUnsure? Talk to a cyber security expert