The Industrial Control System is playing a significant role in critical infrastructure industry due to its critical function to control the plant, ensure the safety operations and achieving the business goal. Some industries such as oil and gas, petrochemical, refinery, nuclear, and power generation are using the SCADA ICS as their backbone operations.
The ultimate risk of SCADA ICS operations failure will lead to HSE (Health, Safety and Environment) risk exposure, therefore the SCADA ICS usually treated as the critical asset that will define their operations maintenance philosophy.
In order to ensure the security assurance in SCADA ICS environment, one of the approach is to perform SCADA ICS Security Audit and Assessment. This activity is full of technical exposure and tasks execution that will define more clear regarding the security posture of the assessed system.
Two common activities that being performed frequently in IT security industry to explore and validate the threats and vulnerabilities in an IT environment, there are vulnerability assessment and penetration testing. Adopting these activities into SCADA ICS environment is bringing some risk exposure that probably cannot be absorbed by the organization, therefore this presentation trying to depict the big picture of “Risk, Method and Recommended Practices” of performing Vulnerability Assessment and Penetration Testing in SCADA ICS Environment.