Industrial Control Systems (SCADA) Assessment

Traditional approaches to penetration testing are not always applicable to an ICS system, as the tools and techniques that work on traditional network devices can introduce unknown or performance-impacting results in an embedded or low-usage network device.

Feisty Fox Security understands the limitations on testing embeeded systems and components that are not resilient enough to handle large amounts of network traffic, nor capable to handle malicious and malformed input operands. Testing needs to be undertaken in a balanced and controlled manner with the full input of an organisation’s security and architecture team.

Feisty Fox Security has traditionally undertaken source code reviews of the PLC’s used within an organization and runs many PLC’s in our secured test laboratory, building small test environments suitable for specific, security-related testing that mimick existing conditions. Combined with passive network collection activities, Feisty Fox Security also uses virtualized instances to test non-production environments safely.