All SkillsGet Started Free
Performing Ot Network Security Assessment
This skill covers conducting comprehensive security assessments of Operational Technology (OT) networks including SCADA systems, DCS architectures, and industrial control system communication paths. It addresses the Purdue Reference Model layers, identifies IT/OT convergence risks, evaluates firewall rules between zones, and maps industrial protocol traffic (Modbus, DNP3, OPC UA, EtherNet/IP) to detect misconfigurations, unauthorized connections, and attack surfaces in critical infrastructure.
MCP get_skill({ skillId: "performing-ot-network-security-assessment-e2ac5f0a" })Use this skill with your agent
Create a free account and connect via MCP
# Performing OT Network Security Assessment
## When to Use
- When conducting an initial security baseline of an OT/ICS environment for a new client
- When evaluating the security posture of a facility after an IT/OT convergence initiative
- When preparing for IEC 62443 or NERC CIP compliance audits
- When assessing risk following a merger or acquisition involving industrial facilities
- When investigating whether an OT network has been compromised or has unmonitored pathways to corporate IT
**Do not use** for IT-only network assessments without OT components, for application-layer vulnerability scanning of IT web applications (see performing-web-app-penetration-test), or for active exploitation of live OT systems without explicit authorization and safety controls in place.
## Prerequisites
- Written authorization from the asset owner and operations management for all assessment activities
- Understanding of the Purdue Reference Model and IEC 62443 zone/conduit architecture
- Passive network monitoring tools (Nozomi Guardian, Dragos Platform, or Wireshark with industrial protocol dissectors)
- Access to network diagrams, firewall rule sets, and asset inventories (or the ability to perform passive discovery)
- Safety briefing on the physical processes controlled by the OT systems under assessment
## Workflow
### Step 1: Establish Assessment Scope and Safety Boundaries
Define the scope based on the Purdue Reference Model levels and identify safety-critical systems that must not be actively scanned. OT assessments differ fundamentally from IT assessments because active scanning can crash PLCs, disrupt safety instrumented systems (SIS), and cause physical harm.
```yaml
# OT Assessment Scope Definition
assessment:
facility: "Chemical Processing Plant - Site Alpha"
purdue_levels_in_scope:
- level_0: "Physical process sensors and actuators (passive observation only)"
- level_1: "PLCs, RTUs, safety controllers (passive only, no active scanning)"
- level_2: "HMI stations, engineering workstations, historian (limited active with approval)"
- level_3: "Site operations - OPC servers, application servers (active scanning permitted)"
- level_3_5: "DMZ - data diodes, jump servers (active scanning permitted)"
- level_4: "Enterprise IT connecting to OT (active scanning permitted)"
safety_exclusions:
- "Safety Instrumented Systems (SIS) - Triconex controllers"
- "Emergency Shutdown (ESD) systems"
- "Fire and Gas detection systems"
- "Any Level 0/1 device during active production"
authorized_activities:
passive:
- "Network traffic capture and analysis via SPAN ports"
- "Industrial protocol deep packet inspection"
- "Wireless spectrum analysis"
- "Physical walkthrough and visual inspection"#mukul-cybersecurity-skills#security#cybersecurity#networkpythonpipwiresharknmapscapy