OT Pen Testing

For Utilities and Vendors

Problem

Problem

Solution

Solution

Approach

Approach

Problem

How do you know the device you are installing does not have any obvious vulnerabilities or weaknesses? What about the settings and configuration used on the device? Can you turn to the IT department, an IT firm, or even a general ICS firm to adequately answer those questions? In some cases, even though a vulnerability may be present on a power system asset, the way it is configured makes the vulnerability no longer applicable and therefore should not be prioritized. Since most power system assets (remote terminal units, protection relays, automation controllers, etc.) are unique to our industry.

Solution

Imagine a team you can turn to who understands the uniqueness of your power system environment and is capable of promptly identifying and accurately prioritizing vulnerabilities based on how those assets are being used in your system.

Approach

Our interdisciplinary team of licensed power system engineers, security analysts, and certified ethical hackers have the experience and industry knowledge required to properly a) discover the presence of a vulnerability or weakness b) determine the applicability and severity of the vulnerability and c) provide strategies for mitigating the risk. In determining applicability and severity, we review how the asset is being used in your operational environment and given our experience designing and building power systems can determine the exact impact to the system should the vulnerability or weakness actually be exploited by a malicious actor.

Note: We do not perform live penetration tests on active systems.