SCADA Testing

Every test assessment is different, and on each occasion a unique approach is required based on the system functionality and type of industry it is deployed in.

SCADA Penetration Testing

A Hybrid Approach

SCADA Penetration Testing with MainNerve is designed to assess the effectiveness of your security controls as applied to NERC-CIP, NIST 800-53 v4 or ISO 27001 through the manual analysis of your SCADA systems and application of best practices to Information Technology and Operational Technology systems for Critical Infrastructure.

SCADA/ICS penetration tests are highly sophisticated due to the combination of customized technology, the criticality of the infrastructure, and the knowledge necessary to test these systems without taking them off-line.

To conduct SCADA/ICS penetration tests, MainNerve assesses these systems with a combination of the disparate knowledge base of the actual SCADA language environment itself as well as industry leading penetration testing expertise to ensure that all vulnerabilities identified and exploited do not jeopardize customer operations or its infrastructure.

Compared to Commercial Penetration Testing

SCADA systems are different from most TCP/IP-based system in that many ICS vendors use proprietary protocols to communicate within their systems. Additionally, due to the differences between commercial and proprietary SCADA/ICS systems, the same vulnerability assessment or penetration testing tools/methods that maybe used in a standard commercial penetration test can have a serious impact on a SCADA/ICS network if improperly applied.

Here at MainNerve, our experts work with the customer’s Assessment Team to understand the implications of testing on a production system and when possible to mitigate operational effects by testing offline or on a backup ICS.

To us, the best possible outcome is the proper testing of a SCADA/ICS that provides adequate details around identified vulnerabilities and the provision of mitigation information for the SCADA/ICS Administrator or Security staff to address them.

Looking for a First-Class
Cybersecurity Expert?
Discover security gaps through safely, and expertly, simulated attacks against your SCADA or Industrial Control Systems (ICS).
Systematic Protection
Our Process

While there are numerous standards that apply to SCADA Penetration Testing, MainNerve’s process takes into consideration the care that must be taken to fully address a SCADA/ICS penetration test. While its personnel and tests conform to NERC-CIP and NIST 800-53 standards, the company’s methodology follows the “Cyber Security Assessment of Industrial Control Systems” published by the Department of Homeland Security.

The SCADA/ICS customer should ensure that the assessment team has two components: qualified personnel from within its own organization from Security, IT and Management as well as qualified persons from the assessment team that are familiar with the standards that apply to the assessment as well as the proprietary protocols and methodologies specific to the customer. It is not unheard of to have a penetration tester assigned to the customer’s side to ensure that the vendor is appropriately certified and can “vet” their personnel. Additionally, MainNerve provides IT Assessment and ICS Assessment personnel that assist in identifying vulnerabilities on the SCADA/ICS network for the penetration testers to exploit.

MainNerve works with the customer’s assessment team to develop a SCADA/ICS test plan so that both the customer and MainNerve know how the assessment will progress. Similar to the test plans developed by MainNerve on its other assessments, key areas that are covered include rules of engagement, attack vectors, in and out of scope areas of IT and OT and Points of Contact for both elements. MainNerve works with the customer to identify attack vectors to focus on that are part of their ongoing cyber assessment program or areas that they want to concentrate on such as DMZ, penetration between corporate and control servers, downstream or remote access or administration etc.

MainNerve will conduct the Assessment according to the test plan and in alignment with the attack vectors identified in a process composed of three stages: reconnaissance, exploration and exploit. The reconnaissance phase is usually conducted with passive detection scanners and monitoring/mapping software that can identify key vulnerabilities as well as assessing the networking equipment used, as well as authentication mechanisms and firewall rules. The exploration phase then commences where MainNerve penetration testers with ICS and IT experts alongside them, attack the system to determine which vulnerabilities identified during the reconnaissance phase are actually exploitable thru methods such as buffer overflows, improper authentication and improper access controls. Based on those findings the assessment team will then opt to develop an exploit and to deploy that exploit based on the Rules of Engagement.

At MainNerve, we consider the final phase of the SCADA/ICS penetration testing process, reporting, to be the most crucial and instrumental step. Due to the varying audiences that may see the report i.e. Management, Security, Customers and the public, MainNerve takes great care to ensure we effectively communicate our findings and mitigation strategies as clearly as possible and, when necessary, can provide varying levels of reporting based on the audience. MainNerve’s reports are considered some of the best in the industry by our vendors and are written by the actual penetration tester or ICS/IT Assessor that was on the team. As part of a comprehensive risk assessment, MainNerve can provide consultants to advise as to how to integrate findings into an Information security plan. Our main goal is to ensure that all information is clearly understood and that a roadmap toward remediation/mitigation is crystal clear.

Compliance Solutions

MainNerve’s compliance solutions are designed to help fill one of the biggest challenges for businesses: staying in alignment with the exhaustive list of Governance, Risk Management, and Compliance (GRC) requirements. From PCI DSS and HIPAA, to CJIS and FINRA, MainNerve can help your business navigate the GRC landscape with specialized penetration tests.

Web App Penetration Testing

Web application penetration testing is designed to assess and test the state of your web-facing applications, and provide actionable remediation recommendations for enhancing your security. Ensure that your web applications are protected from malicious cyber threat actors. MainNerve web app pen tests are designed to review all types of web servers.

Social Engineering

Social engineering, in the context of information security, is commonly defined as the of persuasion and/or manipulation techniques in order to influence people into performing actions or divulging confidential information. Ensure that your business is secure by testing and evaluating your employees against general phishing and “spear-phishing” attacks.

Customers & Partners that Trust MainNerve

What Our Clients Say

Don B.
MainNerve Partner & CEO of FrontierIT

We value our professional relationship with MainNerve. Their employees are friendly and extremely responsive. They always take care of our clients as if they were their own, while maintaining the penetration and social engineering testing. We couldn’t ask for a better Cybersecurity partner. 

Investment Management Company

In 12 years of tests, you are the first company that found anything higher than a low risk. Phone and cameras were never discovered in the test, let alone accessed. Great to always get a different perspective from a test. 

Managing Partner
Data Warehouse Platform Company

This is a very well written report! Very impressive!

Network Administrator
Enterprise Administration Software Company

The report looks great!

IT Manager
Property Management

I felt the whole project was done in a professional manner.

IT Manager
Insurance Company

Sheena was very kind, quick with replies, and patient with my questions. That is why I also introduced your service to other company.

VP Engineering
Health Care Software and Billing

All the correspondence with MainNerve was great and the staff were very professional and helpful.

Director of Information Technology
Data Analytics Company

I appreciate the level of detail your team incorporates into your findings.

Bug Sweep Specialist

MainNerve crew is top notch.

Chief Technology Officer
Tech & Energy Company

Working with MainNerve has been great and I look forward to a long term partnership to maintain the integrity of our operations.

Office Manager
Investigation Firm

We had our backs to the wall on a “government” contact with an unreasonable time frame. MainNerve team understood the gravity of the problem and made the impossible happen. We are extremely grateful.

Insurance Company

This is the second time we have engaged MainNerve. Both times they have done a great job and I would recommend them for pen testing. They were prompt and delivered the reporting required by our customers at part of our data security program. We will certainly use them in the future.

MainNerve Partner-MSP
We love working with MainNerve.  They are prompt in responding to our requests and help us get pen tests set up for our clients quickly.

MainNerve provided an extremely fast turn around when speed was our biggest factor. The project went smoothly and I would highly recommend them!

Vice President
Actuarial Firm
Our local partner that normally provides us with vulnerability and penetration testing was unable to help us this year. We were lucky enough to find MainNerve as a solution to our problem. MainNerve was very responsive to us and worked under a very tight timeframe to perform vulnerability and penetration testing for us and help us out of a tough situation. They went above and beyond. They provided us with some additional guidance in other security areas as well. We will continue to use MainNerve each year now for our security testing needs. We are glad we found them.
Dental Office

I would highly recommend MainNerve for all of your network system testing needs. From my initial contact, all the way through the end of the services I received, everyone I encountered was courteous, professional, knowledgeable, patient, and very helpful. As a small business owner, who’s business was shut down as a result of the Covid-19 pandemic, MainNerve’s service fees were extremely reasonable making it affordable to ensure my network is secure from hackers. I will definitely be a repeat customer!! Thanks MainNerve!!

Software Engineer
IT/ Saas

Sheena was great in guiding us though what was a new process for us. A client had asked us for a third party penn test report and she was very helpful in helping us choose the correct product and in determining the scope.

References available upon request.