ICS Cybersecurity Vulnerability Assessment

An ICS Cybersecurity Vulnerability Assessment is an exercise to define, identify, and classify the security vulnerabilities in an industrial control system and its related network infrastructure. Gathering this information is a critical step in evaluating cyber risk (see ICS Cybersecurity Risk Assessment) and developing a practical mitigation plan. An ICS CVA evaluates the ICS design, implementation, configuration as well as its operation and management in order to determine the adequacy of security measures and identify security deficiencies.

ICS CVA can be performed offsite, onsite or a combination of both. An onsite assessment is more thorough and is preferred for existing (i.e. brownfield) systems as there are almost always documentation gaps in operational systems. aeSolutions understands the critical and sensitive nature of ICS applications and uses only non-intrusive, passive forms of data collection when performing an ICS CVA on an operational systems.

For new systems or major retrofits, the ICS CVA is performed at various stages of the project (e.g. design, implementation and commissioning). For these projects, more aggressive techniques can be used to test the system before it is fully commissioned and operational. See ICS Cybersecurity Acceptance Testing for more information.