Case Study :- Banking web application portal
SCADA based automation plant testing
||Manufacturing vendor to automation industry
||Firm manufactures electronic equipments/products Products include SCADA systems, RTUs and automation plants Product includes web interface for monitoring automation systems
|Time to solution
The manufacturing firm based at Mumbai and is one of the eminent manufacturers of automation equipment. They approached Valency Networks for the purpose of performing serious and elaborate penetration testing to see if their SCADA systems and the automation plant built around those, is really secure from internal and external attacks. Purpose was also to come up with checklist to action, which would result in improved security and security monitoring.
- Valency Networks started work via a kickoff meeting with stakeholders and studied given network and plant automation scenario.
- A list of possible security attack vectors was created. The list was further segregated into intrusive and non-intrusive vectors, to decide which test would result into a plant shutdown.
- A test laboratory to simulate plant and its infrastructure was created for IT components which were crucial from plants operation perspective.
- The SCADA lab infrastructure was subjected to elaborate security penetration tests and results were recorded. These results were further utilized to create map of tests to be performed on the actual infrastructure.
- In the presence of customer’s IT support team, Valency Networks subjected actual plan infrastructure to non-intrusive tests and gathered results.
- Subsequent serious tests were performed without stopping plant operations or jeopardizing IT functionality. List of sever items was prepared for IT support team to action and were facilitiated with technical help as and when required.
- Another round of re-testing was performed to ensure all the vulnerabilities were fixed.
- Finally a detailed audit and test report with problems found and their solutions suggested was presented in front of the customer's management. IT architecture changes were suggested in the report too, with action dates and plans.
- Customer's senior management gained confidence in their products and SCADA based system offerings, from cyber security standpoint. This also resulted in providing a noble selling point and marketing pitch to the customer's sales team.
- Customer's clients especially in the industry verticals such as petrochemical and power generation, gained confidence towards a better cyber security.