ICS / OT & SCADA Security

The threat is real. The threat is now.

In April 2026, seven U.S. agencies issued an emergency joint advisory: Iranian state-sponsored hackers are actively inside American water treatment plants and energy grids. Not "could be." Inside, right now.

Book a free consultation Read our ICS threat intel ↗
What's happening

Attackers are manipulating SCADA while the dashboard stays green

IRGC-affiliated actors are exploiting internet-exposed Rockwell and Allen-Bradley PLCs, manipulating the SCADA and HMI screens that operators rely on to run a plant. An operator in Ohio could be watching a perfectly green dashboard while an attacker quietly changes the chemical mix in the city's water supply.

This is not a forecast or a tabletop exercise. It is happening today, across U.S. utilities that assume "we're too small to be a target." You are exactly the target.

Who is at risk?

If you operate industrial control systems, you are a target

Water treatment facilities

Internet-exposed PLCs and chemical-dosing controls make drinking-water plants a top target.

Wastewater systems

SCADA and HMI manipulation can disrupt treatment and discharge safely-critical processes.

Electric utilities

Fragmented grids with thin cyber oversight are squarely in the adversary's sights.

Natural gas pipelines

Remote-access pathways and legacy controllers expose distribution and metering systems.

Manufacturing plants

Connected production lines and OT networks are exploited for disruption and extortion.

Building automation systems

BAS, HVAC, and access controllers are an overlooked foothold into broader OT networks.

Our ICS Security Assessment

A non-invasive threat hunt, zero impact to operations

We find the attacker without touching your process. Every phase is designed to run safely alongside live operations.

Phase 1

Discovery & Inventory · Week 1

  • Asset inventory of PLCs, RTUs, HMIs, and SCADA
  • Network topology mapping
  • Internet-exposure check (Shodan)
  • Identify Rockwell, Siemens, and Schneider equipment
Phase 2

Passive Monitoring · Weeks 1 to 2

  • Non-invasive network monitoring
  • Capture EtherNet/IP, Modbus, DNP3, and OPC UA
  • Baseline what "normal" looks like
  • Zero impact to operations
Phase 3

Threat Hunt · Week 2

  • Hunt known Iranian IOCs (CyberAv3ngers, Handala TTPs)
  • Unauthorized access attempts
  • Anomalous commands
  • After-hours activity
Phase 4

Vulnerability Assessment

  • Firmware checked against known CVEs
  • Default credentials
  • Network segmentation
  • Remote-access pathways
Deliverables

You get answers your board can act on

  • Executive summary (board-ready)
  • Technical findings with evidence
  • Prioritized remediation roadmap
  • Threat briefing for your team
Ongoing monitoring

Stay protected after the assessment

  • 24/7 ICS network monitoring
  • Real-time alerting
  • Monthly posture reports
  • Quarterly threat hunts
  • Threat-intel updates (CISA, industry)
  • Incident response on-call

Lightweight, in-environment monitoring: all data stays in your network, analysts connect over a secure tunnel, and you own everything. No appliances, no data leaving your facility, no vendor lock-in.

Why RedEye

Built for utilities. Run by experts.

Real experience

Our team has defended Fortune 500 companies, federal agencies, and critical-infrastructure operators, against the same adversaries now targeting water and energy.

We build the SIEM

Detections run on Caver, our enterprise SIEM on an open OCSF lakehouse with 4,000+ rules. Your data stays on storage you own; detection runs where your telemetry already lives.

Local focus

Based in Tennessee, we understand regional water and energy utilities and how they actually run.

Grant-ready

Deliverables map to AWIA §2013 and the federal programs that fund this work (SLCGP, state SRF), so the assessment is something your budget can approve.

"The government's answer was 'disconnect PLCs from the internet.' That's not a solution, it's an admission of failure."

Let us help you secure your systems properly.

Call 629.249.5437 Email info@redeyesecurity.com
"The United States has hundreds of fragmented electric companies. Hundreds of water companies. All separate. All running different systems. All with barely any cyber oversight."