Ensuring that the cybersecurity aspects of industrial automation and control systems (IACS) are properly managed within a project is a multi-step process that starts at the very beginning, even before a supplier is selected.
Simply defining cybersecurity requirements is not enough, as the maturity and quality of the solutions used to meet those requirements can vary significantly from one supplier to another.
To manage the cybersecurity risk of an IACS project effectively, proposed solutions must be reviewed and technically validated by specialists who understand industrial automation environments. We provide security FAT and SAT testing services, tailored to your cybersecurity requirements, to help ensure that the cybersecurity aspects of IACS projects are properly addressed and implemented. Specific FAT and SAT security test procedures are developed so they can be incorporated into your cybersecurity framework and policies.
It is important to note that during our testing, no changes are made to the systems under test, except where specific settings are required for authentication testing.
The result of these security FAT and SAT tests is a set of reports that may include the following:
- Non-compliance issues against the agreed requirements checklist, included in the FAT and SAT reports
- After the FAT: identified vulnerabilities and weaknesses in the design and configuration of the systems being tested, including items to be resolved, mitigated, or accepted as part of risk treatment
- After the SAT: an issue verification report indicating whether previously identified risks have been resolved, remain unresolved, or should be accepted as residual risk and/or mitigated in another way; any newly discovered issues are also documented
Contact us for more information.