The purpose of IEC 62443 is to protect the end user. The standard states that in order to achieve the goal, it is necessary to test the resilience of a system by exploiting its vulnerabilities.
Request support for PenTest and Vulnerability Analysis
Testing an OT system with a Penetration Test and assessing vulnerabilities is critical to verifying the robustness of such a system.
Penetration tests allow you to test the resilience of an industrial system to a potential cyber attack by exploiting existing vulnerabilities of the infrastructure.
After identifying the most critical parts of the OT network with the Vulnerability Assessment, we conduct the Penetration Tests in white, grey and black box mode, using different methodologies and tools specific to the industrial environment.
We prepare a detailed plan based on the Penetration Test for those responsible for integration in the final plant, covering the identified vulnerabilities of the devices under analysis and specifying how the threats to which the system is exposed can be corrected.
This set of targeted actions, in addition to testing the resilience of an industrial control system, makes it possible to assess precisely the intervention priorities, which must be taken into account in the subsequent implementation of the most suitable measures for the protection of industrial devices.
In IEC 62443/ISA 99 terms, an OT system is defined as a “control system,” that is, a hardware or software component intended to be integrated into a final industrial automation and control system. PLCs, HMIs, SCADA systems, and safety instrumented systems are examples of OT systems.
The legislative references in the IEC 62443 standard directed at OT device manufacturers are found in IEC 62443-4-1 and IEC 62443-4-2 regarding the design requirements in conformity with legislation for systems, sub-systems, or hardware or software components.
As defined in IEC 62443-4-1, the manufacturer is required to implement certain cyber security practices when developing the product:
- Specification of Security Guidelines
- Security by design
- Secure Implementation
- Security V&V Testing
- Security Guidelines
Why Choose us
- We have gained experience in the OT Cyber Security field since 2014
- We test every solutions thanks to our in-house OT Cyber Security laboratory
- Our specialists are IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
- Automation and OT Network Security are some of our most performing competences
- We have bulit a wide network of partnerships with the main international OT solution suppliers
- Our BYHON internal division is the ISASecure® accredited certification body
What some of our customers say about us
"Their flexible and innovative approach to Cyber Security Risk Assessment had been the key for the success of our conformity project according to IEC 62443 standards."
"We recommend H-ON Consulting because they are a firm that shares inspiring values, such as continuous professional growth and innovation seeking."
"The collaboration was a very successful experience for both companies."
"The biggest benefit our company received working with H-ON Consulting was a combination of on-going flexibility and most of all speed of delivery."
Sirio Sistemi Elettronici
"We highly recommend H-ON Consulting service for their expert industrial knowledge concerning machines, process, digital data."