SCADA and Smart Grid
Security of America's critical power infrastructure is a top concern to both public and private organizations. IOActive has extensive experience in assessing the electrical power control systems found across that infrastructure. From the management, generation, transmission, and distribution of bulk electrical power to manufacturing floors and offshore platforms, we have accrued the deep field-assessment experience our clients can trust.
Ensuring Control System Security
IOActive combines its collective expertise in software, firmware, and hardware security assessment to provide a breadth and depth of skill that few other services firms can offer. IOActive employs specialized, state of the art tools and techniques that are developed specifically for use on sensitive control system networks. Since these tools and techniques have been developed by our own consultants and are exhaustively field tested, our clients can be confident in the accuracy of our assessments while we take great pains to maintain system stability.
Pioneering Smart Grid Security
The Smart Grid promises a range of benefits, but it is critical to ensure the infrastructure's security, so IOActive is pioneering the industry's efforts at securing the Smart Grid and associated infrastructure. IOActive researchers identified multiple programming errors on a series of Smart Meter platforms ranging from the inappropriate use of banned functions to protocol implementation issues. The research team was able to weaponize these attack vectors and create an in-flash rootkit, which allowed them to assume full system control of all exposed Smart Meter capabilities including remote power on, power off, usage reporting, and communication configurations. The initial attack vector could have been leveraged to deploy a worm, much like the Blaster worm that attacked computer systems in 2003.
Assessing CIPS Compliance
Drawing on expertise from regional entity auditors, IOActive offers elite CIPS compliance gap assessments as well as cyber security and energy management network architecture evaluations. With deep experience in the SCADA security marketplace, IOActive can provide CIPS-compliant vulnerability assessments in even the most sensitive electrical power facilities.
