Network Security

ICS/OT Penetration Testing

The security of operational technology (OT) and industrial control systems (ICS) is crucial for maintaining the integrity of both IT networks and critical infrastructure. We offer expert penetration testing services that ensure these interconnected systems are protected against cyber threats.

Capability and Benefits of Our ICS and OT Testing

The security of operational technology (OT) and industrial control systems (ICS) are just as important as that of traditional IT networks. These systems often act at critical points in the supply chain and drive essential day-to-day operations of a business. In addition, OT often leaves weak entry points into the IT network, and so the security of OT can complement and reinforce the security of IT.

The level of expertise, experience, and access to the latest tools that a security provider will have will far outweigh any in-house team or commercial tools. At Cyber Citadel we don’t rely just on automated toolboxes such as vulnerability scanners; our experts draw on their knowledge and expertise to rigorously test ICS and OT environments keeping in mind business logic and risk-based prioritization. We will also strive to minimize disruption to any business operations. Our approaches are smart, specific, and seamless.

Specialization and Approach

Human-led Testing: Our approach is driven by experienced, skilled professionals, ensuring a thorough and precise assessment of industrial control systems (ICS) and operational technology (OT).

Specialized Tools and Tactics: We employ a variety of specialized tools and tactics, both automated and manual, all tailored to the unique needs of ICS and OT environments.

Minimized Risk of Disruption: Traditional testing methods can cause systems to become unresponsive or fall offline. Our techniques start with a passive approach, gradually increasing in intensity to ensure minimal disruption.


Minimal Disruption: Initial testing involves passive observation to understand the system without disruption, followed by increasingly active techniques only as needed.

Layered Strategy: We apply a multi-layered testing strategy to identify vulnerabilities and evaluate the resilience of systems, ensuring a comprehensive assessment.

Review of Systems: A thorough review of the existing systems is completed first to understand their architecture, functionality, control, connectivity, and then potential vulnerabilities.

Evaluation of Controls: An examination of the existing controls in place assesses whether they are effective in mitigating risks and protecting critical assets.

Separation of Systems: Analysis of how systems are segmented prevents the lateral movement of threats through a network and facilitates the secure isolation of critical components. This minimizes damage in the event of a security breach.

Connectivity and Design: The assessment of connectivity and overall design of network infrastructure will identify weaknesses or gaps in defences that could be exploited by threat actors.

Real-world Attack Simulation: Leveraging the MITRE ATT&CK for ICS framework we simulate real-world attacks, providing a realistic assessment of system defences and vulnerabilities, and the ability of your security team to respond to a cyberattack.

Risk-Based Assessments: Identified risks are prioritized by potential impact on business operations and sensitivity of data to guarantee the most critical vulnerabilities are addressed first.

Examples of Specialized Approach

Customized Testing Plans: Each engagement is tailored to the specific environment, considering the unique characteristics and requirements of the systems involved.

Use of Advanced Techniques: We employ cutting-edge techniques[t.9]  and tools to detect vulnerabilities that traditional methods might miss. We also develop and deploy proprietary attack techniques known to be effective against ICS and OT environments, providing a unique and rigorous testing process.

Collaboration with Internal Teams: Working closely with internal IT and OT teams ensures a thorough understanding of the environment and effective mitigation of identified risks.

Skills and Expertise

Cross-disciplinary Knowledge: Our team combines expertise in both IT and OT, bridging the gap between these domains to provide comprehensive security solutions covering all parts of a network.

In-depth ICS and OT Understanding: Our extensive knowledge of ICS and OT systems, including SCADA, PLCs, and other control systems, is essential for effective testing.

Firsthand Experience: Extensive knowledge combined with practical experience in real-world environments ensures our team is adept at identifying and mitigating risks unique to ICS and OT settings.

Advanced Level Expertise: This type of testing requires individuals with very advanced skills and specialized knowledge in both IT and OT security to meet the standards required to defend against sophisticated attacks

Risks and Challenges

System Downtime: Incorrect and prematurely aggressive testing methods can lead to unnecessary system downtime, affecting operations.

Complex Environments: ICS and OT environments are complex and often involve legacy systems that require specialized knowledge and handling. These environments are also intricately linked with the IT network, commonly in a sub-optimal way due to accumulation over time.

High Stakes: Failures in ICS and OT security can have severe consequences, including safety risks and operational disruptions, as they often involve critical infrastructure and act as gateways to the supply chain or parts of the IT network.


Enhanced Security Posture: By identifying and mitigating vulnerabilities, we enhance the overall security posture of ICS and OT environments. By extension, this tightens the security of the IT network too.

Operational Continuity: Our careful and methodical approach ensures minimal disruption to operations during testing without compromising the rigor of the tests.

Regulatory Compliance: Our testing helps organizations meet regulatory requirements and industry standards for ICS and OT security.


Our ICS and OT testing services are designed to provide a comprehensive, specialized approach to securing critical industrial systems. By leveraging our expertise and employing a careful, methodical approach, we help organizations safeguard their operations and maintain continuity in the face of evolving cyber threats.