RIoT Solutions offers the following two types of cyber security assessment services, to allow organisations to select the most appropriate option for a particular requirement and budgeted funds for each unique SCADA environment requiring a security review:
- Cyber Security Operations Review
- Security Vulnerability Assessment.
The Cyber Security Operations Review service utilises passive, off-line review methods for ascertaining the security posture of the target SCADA system, and such poses no risk to systems and data in production environments.
The Security Vulnerability Assessment service includes testing activities that utilise network level connections to nominated (and approved) parts of the target SCADA system. Whilst RIoT Solutions takes appropriate precautions and our customised testing methodology takes inherent risks of testing time-critical systems operations of ICS/SCADA into consideration, some risks cannot be completely eliminated. Therefore, whenever possible, active cyber security testing should be performed on a backup or offline systems.
If there are any components of the target SCADA system deemed critical and potentially fragile (e.g. a legacy system with known performance and/or stability issues), RIoT Solutions will work closely with customers in order to come up with an alternative, safe testing approach, such as hands-off security review (e.g. an off-line review of system configuration files and documentation), or testing a spare system in a LAB environment.
|SCADA Cyber Security Operations Review||Review the current state of SCADA cyber security operations against industry best practice guidelines:
NIST Framework for Improving Critical Infrastructure Cybersecurity
|Provide a report showing:
|SCADA Security Vulnerability Assessment||Perform an independent testing of nominated SCADA network segments||Provide a report with: