Pen testing a SCADA system requires a pen tester with knowledge and experience of working with and programming PLCs and RTUs (Remote Telemetry Units).

In an ideal situation there would be a test rig, if you’re to avoid making errors with potentially serious consequences.

So, a hacker could attack a SCADA system over IP, using a compromised PLC programmer’s laptop, or maybe via a GPRS enabled serial-IP converter, or even through a poorly implemented wireless set-up.