OT/ICS Security Testing
Security assessment of Operational Technology (OT) and Industrial Control Systems (ICS) including SCADA, PLCs, HMIs, and industrial protocols. Critical infrastructure requires specialized knowledge and extreme caution.
Critical Infrastructure Warning
What You'll Learn
- ICS architecture and Purdue model
- Industrial protocols (Modbus, DNP3, OPC UA)
- PLC/RTU vulnerabilities
- Safety-conscious testing methodology
What is OT/ICS?
Operational Technology (OT)
Hardware and software that monitors and controls physical devices, processes, and events. Includes manufacturing systems, building automation, and industrial equipment.
Industrial Control Systems (ICS)
Systems used to control industrial processes. Includes SCADA, DCS, PLCs, RTUs, and HMIs. Found in energy, utilities, manufacturing, and transportation sectors.
ICS Architecture
Purdue Model Levels
| Level | Name | Components |
|---|---|---|
| 5 | Enterprise Network | Internet, Business systems, Email |
| 4 | Site Business | ERP, Site operations, IT systems |
| 3.5 | DMZ | Historians, Patch servers, Jump hosts |
| 3 | Site Operations | SCADA servers, HMI, Engineering WS |
| 2 | Area Control | Area PLCs, Supervisory controllers |
| 1 | Basic Control | PLCs, RTUs, DCS controllers |
| 0 | Process | Sensors, Actuators, Physical equipment |
Guide Sections
Reconnaissance
Passive discovery of ICS systems, Shodan, and asset identification.
Industrial Protocols
Modbus, DNP3, OPC UA, BACnet, and other ICS protocols.
Network Architecture
Purdue model, segmentation, and network security assessment.
PLC/RTU Attacks
Controller vulnerabilities, logic manipulation, and firmware attacks.
SCADA/HMI Security
SCADA server attacks, HMI vulnerabilities, and historian exploitation.
Safety Considerations
Safety instrumented systems, testing boundaries, and risk management.
Tools
ICS-specific security tools, simulators, and testing frameworks.
Common ICS Components
PLC
Programmable Logic Controller - Industrial computer for automation. Controls machinery and processes.
RTU
Remote Terminal Unit - Interfaces with sensors/actuators in remote locations. Reports to SCADA.
HMI
Human Machine Interface - Graphical interface for operators to monitor and control processes.
SCADA
Supervisory Control and Data Acquisition - Centralized monitoring and control of distributed systems.
DCS
Distributed Control System - Integrated control architecture for continuous processes.
Historian
Time-series database storing process data for analysis, trending, and compliance.
ICS vs IT Security
| Aspect | IT Systems | ICS/OT Systems |
|---|---|---|
| Priority | Confidentiality > Integrity > Availability | Safety > Availability > Integrity > Confidentiality |
| Uptime | 99.9% acceptable | 24/7/365, no maintenance windows |
| Patching | Regular patch cycles | Rare, requires extensive testing |
| Lifespan | 3-5 years | 15-30+ years |
| Impact | Data loss, financial | Physical damage, safety incidents, environmental |
Key Standards & Frameworks
- IEC 62443 - Industrial automation and control systems security
- NIST SP 800-82 - Guide to ICS Security
- NERC CIP - Critical Infrastructure Protection (power grid)
- ISA/IEC 62443 - Security levels and zones
- MITRE ATT&CK for ICS - Adversary tactics and techniques for ICS
Lab Environment
⚠️ Legal Disclaimer
OT/ICS security testing can cause physical harm if performed incorrectly. Only test systems you own or have explicit written authorization to test. Always use isolated lab environments for learning and follow safety protocols.