iSEC: ICS Security Assessment

Non-disruptive assessment of your ICS network for vulnerabilities and threats to industrial applications

Features

Radiflow Expertise

Assessment performed by Radiflow’s dedicated team of ICS/SCADA cyber-security experts

Non-intrusive

Non-intrusive network traffic recording, with no interruption to ongoing production (OT) operations

Full Visualization

Clear, drill-down visualization of the OT network topology including all connected assets

Threat & vulnerability detection

Detection of all known SCADA-specific threats, logical changes in PLCs & open remote SSH sessions

Standards-based

Entire process is structured and standards-based, e.g. ISA/IEC-62443 (Formerly ISA-99)

Reporting & Mitigation

Upon completion the user is provided with a detailed threat and vulnerability report and mitigation roadmap

How Secure is Your ICS Network?

Critical Infrastructure Protection (CIP) has in recent years become a national priority in terms of funding, regulation and general awareness. However, devising an ICS protection plan can be a daunting task. There’s no one-size-fits-all solution, and in many cases operators have incomplete visibility into their networks.

An effective ICS/SCADA protection plan requires comprehensive identification and mapping of all devices, connections, ports and other network assets. Only then will you be able to detect vulnerabilities and exposures and assess them in terms of severity and potential impact if compromised.

Radiflow’s assessment procedure is performed by our top security experts. It employs the most up-to-date methodologies and is based on the company’s portfolio of dedicated ICS/SCADA products.

Upon completion of the assessment, the customer is presented with a detailed report that includes all the information collected and logged, the findings resulting from the analysis, and a comprehensive cybersecurity plan of the organization.

Here’s how it works:

1. Preparation

In-person meeting with key stakeholders to review the network structure and components, delineate known problems, and define a custom-tailored data-collection project plan.

2. Analysis

Analysis of all data traffic from across the network (collected non-intrusively) for creating a baseline operational model and detecting all vulnerabilities and potential attack vectors. 

3. Report

Extensive vulnerability, risk and threat report is issued, along with detailed mitigation plan including actions for eliminating the problems found and increasing cyber protection.

The iSEC Security Assessment Process

Radiflow’s security assessment is a structured, standards-based (e.g. ISA/IEC-62443) process executed by experienced professionals.

1. Pre-Assessment

  • Preparation and coordination: pre-assessment review of self-reported network topology, SCADA equipment vendors, and other relevant information.
  • On-site visit and meeting with key stakeholders: review network structure and components, delineate known problems, and define a test plan and workflow. During this time our team will record samples of your network traffic for topology mapping and analysis.

2. Analysis

An operational activity baseline is created based on the analyzed network traffic, to detect vulnerabilities and possible attack vectors. This phase typically lasts 2-4 weeks, during which the Radiflow team will:

  • Identify and map all network devices, operating systems, applications and connections, down to the deep IT & OT protocols and components
  • Analyze the current security measures to determine whether attackers can extract sensitive information from network traffic, and verify network segmentation between controllers, servers and workstations
  • Evaluate the resiliency of the data-link layer security, to identify weaknesses that may expose your LAN
  • Analyze all management interfaces to PLCs, managed switches and routers
  • Verify separation between engineering workstations and servers
  • Examine the security of communication ports
  • Verify accessibility of the ICS via wireless and remote access technologies
  • Review the ICS’ interaction with external systems
  • Examine the Internet connectivity of all ICS components
  • Check the use of undeclared protocols
  • Inspect security cabinets and telecom equipment
  • Confirm the exclusive use industrial-grade equipment: routers, switches, firewalls, converters, media, etc.
  • Discover network and device vulnerabilities, as well as possible exposures
  • Discovery of access control weaknesses, such as confidential information stored on poorly-protected file servers and inadequate or missing firewall protection
  • Analyze password usage to find information that is may be derived from a password (NTLM, MD5 hash, etc.). This will be used to generate a passive password list and a dictionary of common passwords
  • Test attackers’ ability to burrow into the network and gain unauthorized access to critical ICS components
  • Review asset compliance with security standards, e.g. ISO/IEC 27001 and ISA-99

3. Report and Secure

An extensive report is submitted to the operator, and actions are taken to eliminate found threats and vulnerabilities. The report includes an executive summary dashboard-style presentation of our conclusions and recommendations meant for senior management, as well as a comprehensive technical report that includes:

  • A clearly-presented description and drill-down of all data collected
  • A full list of found vulnerabilities ranked in order of severity and likelihood of use, along with a description of the consequences of a hacker exploiting each
  • A threat model detailing the practical impact on your organization in the event that hackers were to exploit the most critical vulnerabilities found
  • A programmatic mitigation plan with recommendations for addressing vulnerabilities and bridging security gaps. This includes suggested changes to equipment configurations and settings, use of detection/protection mechanisms, installation of necessary software
  • Updates on devices (PLCs, RTUs, HMIs, etc) and changes to policies, procedures, and processes.

Your Custom ICS Cyber-Threat Assessment Report

At the end of the iSEC Security Assessment the operator will receive a detailed threat and vulnerability report, which includes both a full current network status report and a security vulnerability review. Here are just a few of the many parameters and measurements included in the iSEC report: