The IEC 62443 standard states that to test the resilience of a device you have to exploit existing vulnerabilities on the infrastructure.

Penetration Test and Vulnerability Assessment

Request support for PenTest and Vulnerability Analysis

Testing an OT system with a Penetration Test and assessing vulnerabilities is critical to verifying the robustness of such a system.

Testing an OT system with a Penetration Test and assessing vulnerabilities is critical to verifying the robustness of such a system.

Penetration tests allow you to test the resilience of an industrial system to a potential cyber attack by exploiting existing vulnerabilities of the infrastructure.
After identifying the most critical parts of the OT network with the Vulnerability Assessment, we conduct the Penetration Tests in white, grey or black box mode, using different methodologies and tools specific to the industrial environment.

We prepare a detailed plan based on the Penetration Test for the manufacturer, covering the identified vulnerabilities of the devices under analysis and specifying how the threats to which the product is exposed can be corrected.
This set of targeted actions, in addition to testing the resilience of an industrial control system, makes it possible to assess precisely the intervention priorities, which must be taken into account in the subsequent implementation of the most suitable measures for the protection of industrial devices.

 

Try our consulting options to reach your goals.

Faq

In IEC 62443/ISA 99 terms, an OT system is defined as a “control system,” that is, a hardware or software component intended to be integrated into a final industrial automation and control system. PLCs, HMIs, SCADA systems, and safety instrumented systems are examples of OT systems.

The legislative references in the IEC 62443 standard directed at OT device manufacturers are found in IEC 62443-4-1 and IEC 62443-4-2 regarding the design requirements in conformity with legislation for systems, sub-systems, or hardware or software components.

As defined in IEC 62443-4-1, the manufacturer is required to implement certain cyber security practices when developing the product:
  • Specification of Security Guidelines
  • Security by design
  • Secure Implementation
  • Security V&V Testing
  • Security Guidelines

Why choose us

  • We have gained experience in the OT Cyber Security field since 2014
  • We test every solutions thanks to our in-house OT Cyber Security laboratory
  • Our specialists are IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
  • Automation and OT Network Security are some of our most performing competences
  • We have bulit a wide network of partnerships with the main international OT solution suppliers
  • Our BYHON internal division is the ISASecure® accredited certification body

What some of our customers say about us