The IEC 62443 standard states that to test the resilience of a device it is necessary to exploit existing vulnerabilities on the infrastructure.
Request support for PenTest and Vulnerability Analysis
Testing an OT system with a Penetration Test and assessing vulnerabilities is critical to verifying the robustness of such a system.
Penetration tests allow you to test the resilience of an industrial system to a potential cyber attack by exploiting existing vulnerabilities of the infrastructure.
After identifying the most critical parts of the OT network with the Vulnerability Assessment, we conduct the Penetration Tests in white, grey or black box mode, using different methodologies and tools specific to the industrial environment.
We prepare a detailed plan based on the Penetration Test for the manufacturer, covering the identified vulnerabilities of the devices under analysis and specifying how the threats to which the product is exposed can be corrected.
This set of targeted actions, in addition to testing the resilience of an industrial control system, makes it possible to assess precisely the intervention priorities, which must be taken into account in the subsequent implementation of the most suitable measures for the protection of industrial devices.
In IEC 62443/ISA 99 terms, an OT system is defined as a “control system,” that is, a hardware or software component intended to be integrated into a final industrial automation and control system. PLCs, HMIs, SCADA systems, and safety instrumented systems are examples of OT systems.
The legislative references in the IEC 62443 standard directed at OT device manufacturers are found in IEC 62443-4-1 and IEC 62443-4-2 regarding the design requirements in conformity with legislation for systems, sub-systems, or hardware or software components.
As defined in IEC 62443-4-1, the manufacturer is required to implement certain cyber security practices when developing the product:
- Specification of Security Guidelines
- Security by design
- Secure Implementation
- Security V&V Testing
- Security Guidelines
The IEC 62443 Standard, the international reference for Industrial Cyber Security
Considering the impact of Industry 4.0 on Industrial Cyber Security, the only way to apply […]Read more
What is ISASecure® Certification
ISASecure® is a third-party conformity assessment scheme based on the ISA/IEC 62443 series of standards […]Read more
ISASecure® Certification benefits
The certification issued by an ISASecure® Accredited Certification Body is the highest global recognition for […]Read more
Follow us on
Why Choose us
- Experience in the OT Cyber Security field since 2014
- In-house OT Cyber Security laboratory
- In-house IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
- Automation and OT network specialists
- Wide network of collaborations with the main international OT solution suppliers
What some of our customers say about us
"Their flexible and innovative approach to Cyber Security Risk Assessment had been the key for the success of our conformity project according to IEC 62443 standards."
"We recommend H-ON Consulting because they are a firm that shares inspiring values, such as continuous professional growth and innovation seeking."
"The biggest benefit our company received working with H-ON Consulting was a combination of on-going flexibility and most of all speed of delivery."
Sirio Sistemi Elettronici
"We highly recommend H-ON Consulting service for their expert industrial knowledge concerning machines, process, digital data."
"The collaboration was a very successful experience for both companies."