OT Security Assessment

You keep the factory running. We ensure hackers don't disrupt it. From silicon level to SCADA systems – we know every layer of your OT environment.

Security from sensor to SCADA

Hardware Lab – Our Capabilities

  • ChipWhisperer for side-channel analysis
  • Oscilloscopes and logic analyzers
  • JTAG/SWD debugging on embedded devices
  • Fault injection and glitching

Deep Dive OT Expertise

  • Siemens S7 silicon-level analysis
  • Physical attacks on embedded systems
  • Firmware extraction and reverse engineering
  • Protocol fuzzing at bus level

Can you break a replica of our installation for research?
Yes. In fact, we prefer to build a complete test setup of your critical systems. Then we can execute realistic attacks without touching your production environment.

Frequently Asked Technical Questions

Q: "Do you have experience with Siemens S7 at silicon level?"

A: Yes. We know memory protection bypass techniques, firmware modifications, and hardware backdoors.

Q: "Can you perform physical attacks on embedded systems?"

A: Yes. From PCB-level modifications to chip decapping. Our lab is equipped for hardware security testing.

Q: "Who performs the assessment?"

A: Always a senior lead with at least 10 years of OT experience. No PowerPoint consultants, but engineers who program PLCs themselves.

Engineers, Not IT Cowboys

In OT, availability is sacred. A five-minute production stop can cost more than a week of office downtime.

Neo Security consists of engineers who grew up among field equipment. You won't get IT cowboys crashing your SCADA with an aggressive scan, but realistic assessments that improve safety without disruption.

What is an OT Security Assessment?

An OT assessment is not just looking for CVEs. It's understanding why one PLC sends a strange packet every Tuesday at 03:47 and how an attacker can manipulate your batch process.

Erik Homma

Senior IT Consultant & OT Security Expert

We examine the cybersecurity of PLCs, HMIs, historians, and MES systems.

The Usual Suspects

  • Outdated firmware that cannot be patched
  • Default passwords on critical components
  • Flat networks: no separation between systems
  • USB sticks moving between office and control room

The Blind Spots

  • Remote access (e.g., TeamViewer) on engineering stations
  • Forgotten 'temporary' Modbus links
  • Passwords in Excel on the control room PC
  • Test PLCs still connected to production

Why OT is Different from IT

In IT, it's about CIA (Confidentiality, Integrity, Availability). In OT, it's AIC or SIC: Safety first, then Availability.

Availability is sacred

no patching during production

Legacy is reality

old systems must keep running

Safety over security

emergency stops must always work

Real-time behavior is critical

no latency from firewalls

The Neo Approach: From Shop Floor to Boardroom

Phase 1: Introduction (Week 1)

Walkthrough of the factory, understanding critical processes, and inventory of crown jewels.

Phase 2: Passive Discovery (Week 2-3)

Analyzing network traffic without active scanning (passive monitoring) and identifying communication patterns.

Phase 3: Targeted Testing (Week 3-4)

Configuration reviews and access control testing, only where safe and agreed upon.

Phase 4: Practical Roadmap (Week 4-5)

No thick book of theory, but quick wins, a phasing that fits maintenance windows, and training for operators.

What Do You Get?

For the Control Room

  • Security checklist for operators
  • Incident response card
  • Workable USB policy

For Engineering

  • Hardening guides
  • Network segmentation plan
  • Secure remote access design

For Management

  • Risk assessment in production terms
  • Business case for investments
  • Compliance status (NIS2, IEC 62443)

Real-World OT Threats

IT/OT Convergence

Ransomware jumping from office to factory via an ERP link.

Insider Threats

Accidental infection by a maintenance engineer with a laptop.

Supply Chain Attacks

Suppliers with forgotten VPN access.

Targeted Attacks

Nation-state actors targeting industrial systems (like Stuxnet/Triton).

Specific Industries

Water & Energy

SCADA

Process Industry

DCS, batch

Manufacturing

MES, robotics

Building Automation

BMS, HVAC

Transport

Traffic management

Start with a no-obligation conversation

We'd love to come by for a coffee in your control room. You tell us what keeps you up at night, we translate that into solutions.

Call:

+31 20 716 5487

Schedule intake

P.S. Yes, we know what a safety PLC is. And no, we won't scan it during production.

OT & ICS pentest (SCADA/PLC) | OT Security Assessment Nederland | Neo Security