Select Page


Industrial control systems often have an installed lifespan of several decades. Older systems were frequently designed to communicate via small, dedicated networks isolated from the public Internet under the same physical security as the plant itself. Even newly-built systems may incorporate software that was originally written when these assumptions were valid.

Internet connectivity and an increase in malicious activity have radically changed the cybersecurity landscape. Industrial control systems may still run on separate networks, but physical isolation is becoming the exception rather than the norm. Even with no direct connection, some malware can bridge air gaps.

Security has often struggled to keep up with these emerging threats, and for industrial control systems, the consequences could be critical. Attackers will not hesitate to disclose or destroy data. With control of your plant, they could dramatically disrupt production and, through many installations, cause physical damage to your equipment. Depending on the nature and design of the system, there may also be health and safety risks to consider.

Attacks on critical national infrastructure are increasing in frequency and sophistication. The Stuxnet worm and more recent attempts against electrical power services in Ukraine have demonstrated that nation-states are willing to engage in cyber warfare as an alternative or adjunct to conventional military action.

How Can We Help You?

LRQA Nettitude delivers in-depth penetration testing and security assessments for industrial control systems, including appropriately cautious testing of live production environments if required. Our approach will help you and your organisation investigate and answer the following crucial questions:

  • Does your company use industrial control / SCADA systems?
  • Are they connected to a network?
  • Have you assessed the security of your control network?
  • Could it be hijacked or used by malicious users?
  • Have you looked for, and found, vulnerabilities that may be present?
  • Have you assessed what the impact could be, in terms of lost production, damaged equipment, and personal injury if the control network were attacked?
If you need to provide a level of assurance to your board, customers, industry, or regulators that you have tested your systems for cybersecurity weaknesses, then an assurance exercise is an essential element of your risk governance process.

What Does SCADA & ICS Security Testing Involve?

Industrial control systems security testing shares techniques with many other testing systems. There are, however, significant differences that can leave you vulnerable to attacks:

  • Tools that are used for testing Windows-based servers and workstations are often unsuitable for testing embedded control devices such as PLCs.
  • Devices from different manufacturers – or even the same manufacturer – are often incompatible with each other. There are also many incompatible control network protocols in widespread use.
  • If there are side effects of testing, these are potentially more severe than on a typical corporate network, especially in a live production environment.

To accommodate these differences, ICS /SCADA testing employs a more tailored approach than other types of security testing. Security companies without the experience of ICS / SCADA testing are unlikely to achieve worthwhile results and could cause serious harm to your systems.

Why Is ICS and SCADA Security Testing Needed?

Industrial control systems are at risk from ever-evolving threats if they are not adequately secured. Key strategies for effectively managing this risk include:

  • Protecting the large capital investment that they, and the equipment which they control, represent.
  • Ensuring business continuity by avoiding the direct and indirect costs which would result from any production loss.

Security testing is an important component of this process:

  • It can be used to direct resources towards where the risk is greatest.
  • It can be used as a validation tool to check whether a system has been adequately secured.

Can You Test live Systems?

LRQA Nettitude will always recommend the safest method of testing. Ideally, this would be either the production system when it is down for maintenance or a representative test system built to the same configuration. When required, LRQA Nettitude’s experts can perform tests on live systems.

Devising a safe but effective test plan first requires a detailed risk assessment. This will identify any fragilities within the system under test, detail any possible mitigations, and allow you to make an informed trade-off between thoroughness and risk. Options for testing include:

  • Normal penetration testing
  • Active port scanning
  • Active enumeration (ARP scanning)
  • Active testing of network isolation
  • Passive enumeration
  • Physical inspection
  • Design review (paper exercise only)
For example, port scanning is normally considered a low-risk method of testing, and network hosts should not crash when exposed to one, however, some types of the programmable logic controller have been known to do exactly that. If necessary, LRQA Nettitude can mitigate the risk by performing safety trials beforehand against the specific device models that are connected to the network under test.

Difficult decisions may be needed to achieve the best results, but doing nothing is not a safe option. By having your security system tested by an expert, rather than an attacker, you can mitigate the harm which an attacker would cause.

How Your Business Benefits

LRQA Nettitude have tested Industrial Control Systems (ISC) / SCADA systems across multiple industry sectors such as utilities (electricity, gas, water) manufacturing and waste disposal.

We test systems in various states of operation, ranging from live systems where great care is required, to those where thorough penetration testing is possible. In addition, LRQA Nettitude has recently commenced a program of vulnerability research against ICS devices such as PLCs and is undertaking a joint research project with Lancaster University concerning how connectivity up and down the supply chain affects ICS security.

More generally, LRQA Nettitude conducts over a thousand penetration tests and security assessments each year against software applications, products, and environments. These include web apps, mobile apps and hardware devices, software applications, social engineering engagements, wireless, and many other areas.

We also conduct hundreds of security assessments and audits of systems and environments against a range of industry standards including NCSC, PCI (DSS and PA-DSS), ISO27001, Finance/Banking (UK and US), SANS Critical Controls, NIST, and US Healthcare standards.

LRQA Nettitude have performed research and in-depth testing of consumer tablets and phones released on the high street (both at hardware and OS/Application level), banking systems such as ATMs and payment card devices, hardware security modules (HMSs), payment applications, and many other types of mobile and end-user systems where sensitive data is used.

Backed by the Payment Card Industry Security Standards Council (PCI SSC), LRQA Nettitude is certified to perform Payment Application Data Security Standard (PA DSS) assessments on authorised payment applications and conduct regular assessments throughout the year.

LRQA Nettitude is an award-winning global leader in the delivery of cybersecurity assurance testing, risk management, consultancy, incident response, and threat intelligence services. We provide our clients with infrastructure, application, mobile, and social engineering penetration testing services.


Frequently Asked Questions about Industrial Control Systems in Cybersecurity

What if something goes wrong in testing?

No security service is 100% risk-free, but at LRQA Nettitude we will always advocate for the safest method of testing. It is riskier to let attackers be the first to challenge your system. We will always inform you of any high-risk decisions which may affect your data. Our penetration testing methods are employed by our cybersecurity experts to help ensure your organisation is cyber-secure. 

How long will it take to complete testing and receive my report? 

Our testing services are highly tailored to your circumstances. This means that no two tasks are the same, so the duration depends on the complexity of the system and the depth of testing involved. We strive to be both efficient and thorough in our ICS and SCADA testing services.

What if my system deals with sensitive financial information?

LRQA Nettitude is certified by the Payment Card Industry Security Standards Council (PCI SSC) to perform Payment Application Data Security Standard (PA DSS) assessments. This qualifies us to assess systems that deal with sensitive financial information with professionalism and discretion. We have extensive financial cybersecurity accreditations which means you can rest assured that the security of your business and the privacy of your clients are in good hands. 

Frequently Asked Questions about Data Privacy Security

What is an incident response policy?

An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. LRQA Nettitude follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.

Why is data privacy security important?

Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.

Does LRQA Nettitude practice sustainability?

As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.

Get in touch via the form below and get a free quote from us for our Red Team Security Testing services.

General Enquiry