Detect Weaknesses in IoT and OT Systems with Pentesting

According to Gartner, as many as 24% of organizations with Operational Technology systems experienced a breach in 2021 that resulted in access by a malicious actor. This number is certainly increasing each year as IoT and OT systems expand globally.

Using our experience with highly specialized Operational Technology systems, Raxis can help uncover cybersecurity vulnerabilities at every level of the system. When scoped correctly, Raxis examines the embedded systems themselves, the network devices that facilitate communication, and any servers that handle data for the OT systems.

Raxis provides a detailed IoT/OT pentest report that details a step-by-step storyboard of how we performed the hack, along with details on options on closing the security gaps.

Contact Us


IoT and OT systems are often left unpatched in order to reduce downtime, making them more vulnerable to outages from attacks.


Raxis takes special care while pentesting IoT and OT systems to avoid pushing systems offline, while working closely with you to discover potential gaps in security.

It's Critical to Penetration Test Operational Technology Systems Correctly

Much like the impact from a cybersecurity breach, a small mistake made while performing a penetration test against a critical Operational Technology (OT) system can cause a significant problem. In today's technology powered world, Operational technology (OT) is the key component in keeping critical infrastructure and industrial systems functioning. You'll find OT systems used extensively in manufacturing, transportation, oil and gas, power generation, and utilities.

If you're operating critical technology like SCADA, PLCs, and other IoT systems, you know it's important to be selective in who you choose for a penetration test. Raxis has performed OT penetration tests both remotely and on-site all over the world.

Contact us and let's talk about how we can help.

Ship traveling through the canal locks in Miraflores

The Miraflores Locks at the Panama Canal, photo by Mark Puckett

It is Critical to Pentest Operational Technology Systems

Historically, Operational Technology systems were generally closed systems and completely air-gapped from untrusted networks such as corporate networks and the internet. These systems operated on their own, segmented from other technology, in order to keep them safe from attacks. Driven by the need for additional functionality, it became necessary to securely integrate OT systems with corporate systems, the internet, and other OT systems across a wide area. A firewall and other advanced security devices facilitate this network communication while blocking these systems from attacks, however, hackers have discovered ways to bypass these controls.

A Raxis OT penetration test will safely examine each aspect of the system, including the embedded devices, network configuration, and any servers that handle related data.

Raxis has performed OT pentests in many different industries

Power Generation Plants — Generating electricity involves many different SCADA systems to facilitate the complex process that is required to safely create a large amount of power. Raxis has worked with coal, combined-cycle, nuclear, wind energy, and landfill gas energy plants across the country. In addition, Raxis has worked with EMCs to secure power delivery and monitoring OT systems.

Health Care– Medical systems heavily utilize Operational Technology systems for monitoring, labs and treatment automation. These OT systems almost always interact with traditional servers and desktops across the organization, making it difficult to airgap the embedded systems. Raxis has extensively tested these systems in hospitals, doctor's offices, and medical labs.

Industrial Technology – From large scale refrigeration to flying in a helicopter to an oil platform, Raxis has performed extensive OT penetration testing against SCADA, IoT, embeded systems, and supporting servers to help customers locate and remediate cybersecurity gaps.

Safe, Comprehensive OT Pentesting

We realize how important it is to maintain uptime and proper operation of production OT systems. Raxis works closely with clients to ensure that each step of the test is within their specified parameters. It is our goal to help close security gaps, however, we certainly do not want the cure to be worse than the disease. We've seen cases where a simple port scan can cause performance issues or even an outage when targeting IoT devices.

Does Raxis have to be onsite to perform an Operational Technology Pentest?

No, not unless you'd prefer us onsite. Thanks to our Transporter device, Raxis now performs more Operational Technology penetration tests remotely. Your team simply plugs our Transporter into the appropriate network, and the Raxis pentesters are ready to get to work. If you're working with an air-gapped network, we have used a dual interface Transporter in the past to achieve connectivity and access to the OT network. If this is not acceptable, then we do have the option of flying someone onsite to perform the pentest.

Need separate, segmented networks tested? Your team can move the Transporter at appropriate times during the test, or Raxis is happy to send your team several devices. We’ve even worked with a large international corporation that flew their Transporter to several locations around the world for multiple tests. You explain your environment, and the Raxis team will tailor a solution to your needs.

Take a look at our Transporter for more information on remote pentesting.


Operational Technology (OT) Penetration Test Specifications

  • Powered by Raxis One, a secure web interface for all Raxis services
  • Support for all OT and IoT systems that operate in some form using TCP/IP, including but not limited to PLC, RTU, ICS, DCS, HMI, SCADA and IoT
  • Raxis utilizes the same tools and techniques as a blackhat hacker
  • Predictable timeline for the assessment, typically starting at 5 days of effort
  • Exploitation, pivoting to other in-scope systems, and data exfiltration in scope
  • Special care taken against OT systems due to sensitive TCP/IP stacks
  • Executive debrief conference provided, if desired
  • Optional re-test to validate remediation
  • All Raxis tests are based on the MITRE ATT&CK penetration testing framework
  • Meets or exceeds requirements for NIST 800-53, NIST 800-171/CMMC, PCI, HIPAA, GLBA, ISO 27001, and SOX compliance
  • Available as a one-time service, multi-year agreement, or continuous monitoring/Penetration Testing as a Service
  • Self-managed testing via the Raxis One portal
Contact Us
©2023 Raxis LLC - All rights reserved.