Traditionally, assessing networks has involved hammering on them using a variety of passive and active techniques and tools. While IT systems can generally survive momentary downtime associated with this type of testing, ICS/SCADA systems generally cannot. The way that most vulnerability assessors and penetration testers have handled these systems in the past is to remove them from the scope of their testing. As more and more ICS/SCADA systems are being connected to corporate networks, in a variety of secure and insecure ways, assessors and testers will probably come across these types of systems more often. This presentation discusses some of my experience from conducting vulnerability assessments and penetration tests on ICS/SCADA systems over the past few years. It discusses our general approach to assessing these types of systems and some of the modifications that we have to make to accommodate them.
Jim Gilsinn is a Senior Investigator at Kenexis. Jim is responsible for conducting assessments and developing designs for ICS/SCADA networks and security. Jim has more than 25 years of electrical engineering, networking, and programming experience with 15 years specializing in ICS performance, reliability, and cyber security. Jim is the developer of the Kenexis Dulcet Analytics test tool for network reliability monitoring. He is also the co-chair of ISA99, developing ISA/IEC 62443. He also has experience with the NIST Cybersecurity Framework, ISO/IEC 2700x, and NIST SP800-53/82.