ICS & Systems Testing Lab
About The Lab
For more than 25 years, MSI has been performing deep security assessments, testing and research across a variety of platforms. The lab has tested industrial control systems (ICS), SCADA environments, automation components, healthcare devices, weapons systems, voting equipment, banking tools like check imaging, ATM, wire transfer and alarms, telecommunications and networking devices, telemetry, remote control mechanisms, satelite and microwave protocols, commercial printing and manufacturing equipment and hundreds of software, web, mobile and API implementations.
The lab has the capability to test hardware from the chip and bus level up (yes, we even wrote our own proprietary hardware level fuzzer called Proto-Predator™), firmware and software, protocols and communications and all the way to end points and process demarcs. Our team has a variety of experience, from miltary systems to highly sensitive commercial processes responsible for billions of dollars and even human health and safety. We apply these skills to create real world testing scenarios, threat baselines and testing techniques. If you need systems to be secured beyond a checklist, MSI is the team you should be talking to.
Threat Modeling, Vulnerability Assessment & Penetration Testing
Our team can deep dive into your system, looking for potential ways in which an attacker could tamper with it. We can check for known and unknown vulnerabilities, misconfigurations or unintended behaviors. Our team can even emulate nation-state level attackers, perfoming real world attacks to expose weaknesses deep within the system. Clients get full detailed reports of our efforts, our findings and a mitigation for every issue identified (if possible). We don't think it's fair to tell you something is broken, without telling you how to fix it.
Hardware Supply Chain Validation & Research
The lab is capable of doing a wide variety of hardware analysis and design validation. We can do BOM comparisons, ensure that what you ordered is what you received, perform unit and user testing and identify potential supply chain risks and security issues before they impact your business.
Combined with our professional services, we can also monitor your designs and other propreitary intellectual property for leaks, exposures and other intelligence-related threats.
Software & Hardware Quality/SDLC Integration
We've built products ourselves, so we know how important iteration and ongoing improvement can be to success. As such, we know that quality and security issues can creep in anywhere along the way. That's why our lab offers ongoing services to specific clients, allowing us to integrate into their teams on a perpetual basis, continually testing and improving their products over time. Think of it as a partnership with a world-class organization whose sole purpose is to make your product better for the world.
Reverse Engineering, Tampering Detection & Digital Rights Management
When you need additional security for your products in the real world, our team can design a variety of controls to help you prevent, detect, respond to and recover from attempts to tamper with your intellectual property. Whether it's simply a matter of protecting your revenues or if the integrity of the device or software affects human health and safety, our team has the experience and insights to help your team protect what's important.
ICS - Electric Grid & Smart Meters
End To End Security Assessment
Complete testing of a continental electric grid, from SCADA to consumer and commercial meters, including all communications hardware and software applications. This was a multi-year testing engagement. Identified several 0-day vulnerabilities and worked with the client, manufacturers and regulators to mitigate the weaknesses and harden the cricital infrastructure environment. Worked with relevant parties to publish updates and best practices.
Voting - Electronic Voting Systems
Black Box Penetration Testing
Tested all electronic voting systems that were in use in the client state. Scope ranged from voter registration to polling and through calculation, certification and communication with the public. Identified several 0-day vulnerabilities, as well as a variety of misconfigurations and malfunctioning controls. Worked with the stakeholders to create mitigations and implement prevention and detection techniques. Client published results to lead a national-level reform initiative.
Healthcare - Drug Inventory & Distribution System
Quality & Security Testing
Deep testing and analysis of a drug handling system, including automation devices, software and APIs. Identified multiple quality and operational issues. Created novel tampering techniques that could impact human safety and data confidentiality and integrity. Worked hand-in-hand with both hardware and software development teams to demonstrate and mitigate the issues. Designed custom detection and monitoring techniques to alert stakeholders to dangerous activity in the field.
Ways To Engage
One Time & Ad-Hoc Engagements
Engagements can be scoped and individually priced. Pricing varies by complexity, lab equipment needs, staffing requirements and resource availability.
Engagements with the lab at this level of service are on an as available basis.
You can pre-purchase a block of resource hours which can be used flexibly, or purchase a set of reperformance engagements for the same service on the same product.
Discounts are available at different levels of subscription commitment, as are increased priortization.
Retainer & Process Integration
Select teams may also retain the lab and our resources for deeper integration and more flexible engagements. This allows our teams to engage in knowledge transfer, significant process improvements and more effective reporting and communications.
These clients receive priority for lab testing slots.