SCADA & ICS Assessment

Web Application Security
December 22, 2013
Telecom Security
December 24, 2013

Few years ago, organizations were not even aware about the cyber security threats posed to the ICS or critical infrastructures but it has now become a reality. The world has lately witnessed severe cyber attacks against the nuclear plants, water treatment systems, power generation facilities, and other critical infrastructures. Perhaps, the most popular cyber attack against the critical infrastructure was Stuxnet which targeted Iranian nuclear facility and was specifically designed to attack Siemens PLCs which were in use within the nuclear facility.

Industrial Control System (ICS) components were not designed considering various cyber security requirements and hence pose huge risk to the organization. ICS systems are required by many industry verticals, including but not limited to:

  • Nuclear Power Plants & Reprocessing Facilities
  • Water & Electricity Management
  • Waste Treatment
  • Chemical Plants
  • Oil Refineries
  • Gas Processing
  • Food Production
  • Railways
  • Pharmaceutical
  • Wind Turbines

Unlike network or system security vulnerabilities, a successful cyber attack against a misconfigured or insecure industrial control system has catastrophic results. With such severe outcome from insecure ICS systems, it has attracted many anti-national or anti-social elements to launch cyber attacks against the national critical infrastructure or critical industries to cause maximum collateral damage. US ICS-CERT has released a report on the security incidents occurred in the year 2015 against the ICS systems in the US citing various affected business verticals.


Torrid Networks has worked with few of the world’s largest oil and gas companies, powergrids, manufacturing plants and distribution networks to help them safeguard their ICS systems. Our most comprehensive methodology for ICS security assessment helps the organizations to quickly secure their ICS systems:

ICS Security Assessment Benefits

  1. Identify the cyber security threats being posed to your ICS systems so as to quantify the risk and provide adequate security expenditure.
  2. Avoid false-sense of security and learn the real state of security for your ICS systems
  3. Prepare an effective mitigation plan from our actionable ICS security assessment report
  4. Reduce your organization’s cyber security costs and provide a better return on security investment (ROSI) by identifying and resolving vulnerabilities and weaknesses. These may be known vulnerabilities in the underlying technologies or weakness in the design or implementation.
  5. Provide your organization with assurance – a thorough and comprehensive assessment of organizational security covering policy, procedure, design and implementation.
  6. Adopt best practices by conforming to legal and industry regulations.

ICS Security Assessment Deliverable

  • Management Report
    1. A high-level executive summary report highlighting the key risk areas and the impact from successful exploitation of vulnerabilities
  • Technical Vulnerability Report
    1. A detailed report about security issues discovered along with implications and recommendation to address the found issues.
  • Best Practices Document
    1. Guidelines based on industry standards and regulations for ICS Security.