SCADA/ICS Penetration Testing Providers
SCADA/ICS penetration testing evaluates the security of industrial control systems, supervisory control and data acquisition (SCADA) systems, and operational technology (OT) environments. These systems control physical processes in critical infrastructure including power generation, water treatment, oil and gas, manufacturing, and transportation.
Testing requires specialised expertise as ICS/SCADA environments use different protocols (Modbus, DNP3, OPC, BACnet), have unique safety requirements, and often run legacy systems that cannot tolerate aggressive testing techniques. ICS pen testers assess network segmentation between IT and OT environments, the security of human-machine interfaces (HMIs), programmable logic controllers (PLCs), remote terminal units (RTUs), and engineering workstations.
Testing identifies vulnerabilities that could allow attackers to manipulate physical processes, cause safety incidents, or disrupt operations. ICS/SCADA pen testing follows specialised frameworks and standards including IEC 62443, NIST SP 800-82, and NERC CIP. This testing is increasingly critical as OT environments become more connected to IT networks and face growing threats from nation-state actors and cybercriminals targeting critical infrastructure.
NCC Group
Global cybersecurity consultancy with CREST, CHECK, and CBEST accreditation, renowned for deep technical research and comprehensive penetration testing services.
Nettitude
CREST, CHECK, and CBEST accredited UK consultancy within Lloyd's Register, delivering premium penetration testing for government and critical infrastructure.
Pen Test Partners
The UK's largest independent security testing firm, renowned for IoT/OT research, CBEST red teaming, and CHECK/CREST-accredited penetration testing across all sectors.
PwC Cyber Security
Global Big Four professional services firm delivering CREST, CHECK, and CBEST-accredited penetration testing and red teaming services from London, serving the UK's largest enterprises and regulated organisations.
Dionach
Global enterprise cybersecurity consultancy founded in 1999 in Oxford, holding rare CREST STAR-FS accreditation and delivering penetration testing, red and purple teaming, and PCI QSA services across five international offices.
Aristi
CHECK and CREST-accredited Birmingham-based cyber security consultancy with over 15 years of experience delivering penetration testing, red teaming, and OT security assessments for government and private sector clients.
Thales Cyber Solutions
Cybersecurity division of the Thales Group, with ANSSI, CREST, FedRAMP 3PAO, and NATO-cleared personnel. Defence, government, and critical infrastructure penetration testing worldwide.
CyberLab
Cardiff-based CREST and CHECK-accredited cyber security company delivering penetration testing, red teaming, and OT security assessments as part of the Chess Group.
SEC Consult
Vienna-headquartered Austrian cybersecurity consultancy with a prolific Vulnerability Lab research program and deep expertise in IoT and embedded systems security across the DACH region.
IOActive
Boutique security consultancy specialising in IoT, SCADA/ICS, embedded systems, and hardware security research with world-renowned researchers.
Airbus Protect
Airbus group cybersecurity consultancy with ANSSI PASSI qualification. Aerospace, defence, and critical infrastructure penetration testing across Europe.
SCADA/ICS Penetration Testing FAQs
Is it safe to pen test live SCADA/ICS systems?+
Testing live production systems carries risk. Experienced ICS pen testers use passive techniques on live systems and may use lab environments or digital twins for active exploitation. Safety is always the top priority.
What qualifications should ICS pen testers have?+
Look for testers with ICS-specific certifications like GICSP, knowledge of industrial protocols, and demonstrated experience in OT environments. General pen testing certifications alone are not sufficient.
How often should ICS/SCADA systems be tested?+
Annual testing is recommended as a minimum, with additional testing after significant changes to the OT environment or when new threats emerge targeting your industry sector.