As industrial control systems become interconnected to networks and the internet, they are becoming a very attractive target for potential attackers. The results of such attacks can be catastrophic to production and may cause time irreparable damage to equipment. Furthermore, in some cases it can be a serious treat not only for business, but also for national security. Current statistics show a constant rise in the number of officially registered and disclosed security incidents with ICS/SCADA some with catastrophic consequences. This however is not the full picture and is only the tip of the iceberg as most incidents are probably not reported.
As many SCADA devices have proprietary protocols and these are becoming interconnected with TCP/IP, many security professionals are not able to conduct effective penetration testing against these devices. Often testing of ICS/SCADA devices become very challenging due to the fact that they are being utilized in productive environments and cannot be taken down for testing. Additionally, it is very dangerous to utilize standard penetration testing tools to test ICS/SCADA devices because they can cause your ICS/SCADA systems to crash since they are not able to handle the requests of these tools.
From utilizing specific tools for ICS/SCADA environments to fuzzing and reverse engineering proprietary protocols, Blue Frost Security can provide a comprehensive research based approach to the testing of these devices to ensure that they are operating securely and reduce the attack surface of potential intruders.