SolaSec partners with energy producers, utilities, manufacturers, and critical infrastructure operators to identify and mitigate cybersecurity risks across operational technology (OT) and industrial control system (ICS) environments. Our specialists combine deep embedded and control-system expertise with regulatory insight to help clients align with NIST 800-82, IEC 62443, NERC CIP, and TSA pipeline security directives.
Performs full-stack testing on programmable logic controllers, remote terminal units, safety instrumented systems, and other field devices from Allen-Bradley, Siemens, Schneider Electric, GE, Honeywell, and ABB. Our team validates secure boot, engineering protocol exposure, authentication controls, and hardware debug interfaces against vendor lab equipment and isolated test cells.
Assesses Modbus, DNP3, EtherNet/IP, OPC UA, S7Comm, BACnet, and IEC 60870-5-104 traffic for authentication gaps, function-code abuse, and integrity weaknesses. Testing covers unauthenticated legacy protocols and the secure variants deployed in modern OT networks, with results mapped to IEC 62443-3-3 security requirements.
Performs static and dynamic analysis of PLC, RTU, and safety controller firmware to evaluate signed-update enforcement, cryptographic key handling, hardcoded credentials, and third-party component exposure. Update mechanisms are tested for resilience against modification, downgrade, and unauthorized reflash.
Evaluates OT networks across the Purdue model, from enterprise IT through Level 3.5 DMZ down to Level 1 control. Engagements typically begin with passive analysis of mirrored traffic to map devices and trust relationships without transmitting at production equipment, then escalate to active testing only with documented operational risk plans in place.
Assesses HMI consoles, SCADA workstations, historians, and engineering laptops for credential exposure, patch posture, removable-media controls, and cleartext remote-access protocols. Findings are documented against remediation paths that fit vendor-coordinated change windows and plant turnaround schedules.
Maps the attack surface across the full industrial environment, from corporate IT down to physical process, identifying trust boundaries, segmentation gaps, and the assumptions each layer makes about the layer above it. Supports compliance planning under IEC 62443-3-2 risk assessment requirements and informs prioritization of remediation work across long change windows.
