SCADA & Control System Penetration Testing

Specialist CREST Penetration Testers

SCADA and Control Systems are critical to operations and must be protected from unauthorised risks. Just like traditional networks, SCADA and Control Systems contain vulnerabilities and security issues that could be exploited to cause issues to Confidentiality, Integrity and/or Availability. Unlike traditional networks, a breach of a SCADA or Control System network would have significant impact, not just on systems and/or information, but on lives.

The specialist Triskele Labs Penetration Testing team have conducted testing of SCADA and Control Systems across Australia, New Zealand and Singapore within critical infrastructure networks to identify issues and ensure these are resolved, prior to the systems entering production. Our methodology ensures an end to end Penetration Test without risking downtime of your critical network.

Why Triskele Labs?
  • CREST Registered Penetration Testing Team
  • Cybersecurity Experts
  • Extensive SCADA & Control System Testing Experience
  • Complimentary Re-Testing For All Engagements

What Systems Do We Test?

Human Machine Interface (HMI)

Known as a master, the HMI manages the whole SCADA network through client software and provides access to almost all of the network. Should an attacker compromise the HMI, they could have access to the whole SCADA network which leads to a significant compromise.

Programmable Logic Controller (PLC)

PLC Penetration Testing consists of assessing the Ethernet connected devices on the SCADA network. This assessment typically identifies network protocol issues and web application vulnerabilities. A successful attack could lead to a full network compromise.

End & Remote

Focused on assessing devices typically on remote networks communicating using modems, radios, serial comms or Ethernet, this testing focuses on identifying issues on devices such as sensors, valves, pumps and alarm panels where communications could be compromised.

We have worked with some of the best companies across the globe

Find out more about some of our amazing work

Regional Australia Bank

As one of Australia's leading mutual banks, it is imperative Regional Australia Bank ensures appropriate cybersecurity controls are implemented. When they needed a cybersecurity partner, the team at Regional Australia Bank turned to Triskele Labs to draw on our vast experience and ensure proactive controls are implemented.

Read More

SCADA Penetration Testing Checklist

  • Are all defaults changed?
  • Are PLCs only accessible to authorised users?
  • Is the SCADA network segregated?
  • Is physical access restricted?
  • Are devices segregated from the Internet?
  • Are clear-text protocols used?
  • Are best practice processes in place?
  • Are all systems patched?
  • Do vulnerabilities exist?
  • Are practices in-place for ongoing security reviews?

Whitebox Testing

Our whitebox Penetration Testing is conducted on systems where full details are provided. This ensures the expected outcomes and audit needs are met for our clients.

Greybox Testing

Greybox testing incorporates a configuration review, along with "safe" tests. The scope of these assessments are always outlined to meet the specific outcomes.

Blackbox Testing

We conduct testing with no knowledge of your system. This testing is only conducted on development networks due to the risk of crashing systems.

Configuration Review

Our team conduct overall hands-off configuration and system reviews to identify potential issues either pre-production or on systems that cannot be tested.

Keep in Touch

Triskele Labs is built on a partnership approach. We appreciate face to face discussions over a Video Conference and ensure regular touch points with all of our clients. Reach out today to discuss any of your cybersecurity needs.

  • Level 4, 210 Kings Way, South Melbourne VIC 3205 Australia
  • 130024CYBER

Customer Review