ICS Penetration Tests and Analysis Services

Industrial process-oriented red team tests encompass a hybrid IT/OT approach specifically designed for industrial facilities. During this assessment, a real attacker perspective is adopted to penetrate ICS/SCADA networks and identify vulnerabilities that may result in "loss of visibility" or "loss of control." Findings cover technology, design, industrial protocol, and process vulnerabilities.

These activities are conducted for facilities falling within the scope of regulations, based on Board Decisions No. 8560. The tests and analyses necessary for end-to-end regulation compliance are performed. Specialized teams have been focusing on these industrial facilities, ensuring full compliance with all requirements and certifications within the scope of the regulation since 2017. The analysis includes:

• Analysis of ICS network and architectural structure
• Social engineering tests targeting personnel involved in ICS structures
• Vulnerability scanning analysis on ICS networks
• Malware analysis on ICS networks
• Testing of ICS wireless networks and components
• Exploitation testing on ICS networks

ICS penetration testing, also known as industrial penetration testing, is specifically conducted on industrial networks and components, distinguishing it from red team tests. The goal is to identify vulnerabilities that may lead to "loss of visibility" or "loss of control" within the industrial network from a real attacker's perspective. The assessments cover technology, design, industrial protocol, and process vulnerabilities.

A current state analysis is conducted in industrial facilities based on globally accepted maturity models applicable to ICS/SCADA infrastructure. This analysis encompasses the evaluation of human, technological, and process aspects from an industrial cybersecurity perspective. The analysis results in identifying the current state and determining the targeted maturity level, which enables the creation of a cybersecurity resilience roadmap.

Under the industrial cybersecurity hygiene service, analyses are performed at the network and host levels within ICS/SCADA infrastructure. This analysis aims to detect any known or unknown attacks or malicious activities within the industrial facility. Our experts utilize specialized tools and commercial software during this analysis.

This consultancy service focuses on the selection and positioning of security products suitable for ICS/SCADA infrastructure within industrial facilities. In addition to providing support in the selection process, efficacy and security assurance tests are also conducted on the positioned components.

These consultancy services are provided for designing secure architectures within industrial facilities, whether related to digitalization, Industry 4.0, or direct SCADA and DCS architectures. This work involves designing feasible architectures by considering layered security, the Purdue model, and zero-trust approaches.

The asset and risk management process, an essential need in industrial facilities, is approached from an industrial cybersecurity risk perspective. An integrated risk management process, including HAZOP procedures, is implemented for suitable facilities. Within this service, industrial and information technology assets are identified, their criticality in industrial processes is determined, and risk assessment and management processes related to these assets and associated industrial processes are executed.

These consultancy services involve determining a cybersecurity strategy and roadmap suitable for industrial infrastructures. It includes developing policies and procedures aligned with the strategy and assisting in the implementation of processes.

Within this service, industrial facilities are supported in the deployment of anomaly detection, data diode, industrial firewall, or industrial endpoint security products, along with 24/7 support services.

IT and OT Cybersecurity Operation Centers are unified and provided under the Safety Operation Center, enabling process-based monitoring of industrial facilities.

These services encompass incident response, recovery, and restoration specific to ICS/SCADA infrastructure. The service is delivered by a hybrid team comprising ICS/SCADA and cybersecurity experts.

Vulnerability Scans and Penetration Testing

All services and offerings mentioned under penetration testing can be provided with the following five different packages, detailed below.

• Vulnerability Management Packages
• Automatic Vulnerability Scanning Service
• Pentest Automation
• Penetration Testing
• Red Team Testing
• MSSP (Managed Security Service Provider)
• Basic Vulnerability Management
• Advanced Vulnerability Management

Automatic Vulnerability Scanning Service: These are tests conducted using vulnerability scanning tools in a fully automated manner. The outputs generated by the tools are transmitted without any interpretation or processing. This service can also be provided through the ASV portal for external scans.

Pentest Automation: This service involves the use of vulnerability scanning tools' outputs in conjunction with automation scripts developed by the Cyberwise Pentest team. The service includes the transmission of reports generated using the Cyberwise Pentest knowledge base.

Penetration Testing: It is a comprehensive penetration testing conducted by a penetration testing expert following the Cyberwise Pentest methodology. Various tools and manual controls are applied in this process, and systems are thoroughly analyzed to generate reports. The aim of these tests is to detect as many vulnerabilities as possible in an optimal timeframe.

Red Team Testing: These are comprehensive assessments conducted by an expert team with the goal of achieving predefined targets. Activities such as developing exploits, conducting penetration attempts, and creating malware are carried out to reach the specified objectives. The tests are orchestrated like a real attacker, spread over a specific period of time.