Our work analyzes the potential threats and security challenges facing EPICS systems. Currently we focus on the broad topic of security testing with three sub-tasks. First, we apply static analysis and fuzzing tools to search for potential bugs and vulnerabilities that may not be detected by current testing mechanisms. Second, we are adopting and developing several EPICS-related testbeds to evaluate security problems and solutions with respect to performance and resilience. Third, we are devising formal models for CA and the PV Gateway. We will summarize our current progress and planned next steps.