Penetration Test

OT Penetration Testing
Along with a Vulnerability Assessment, we conduct Penetration Tests to detect the resilience of OT industrial control systems to certain types of cyber attacks.

Penetration Testing on industrial control systems

Penetration Tests put the resilience of an industrial system to a potential cyber attacks to the test, exploiting the existing vulnerabilities in the infrastructure.

Penetration Testing is part of a broader Cyber Security Risk Assessment process on an industrial control system.

This is why our service is based on the pillars of the IEC 62443 standard, from which we adopt the systematic method to manage cyber risk on industrial devices.

Our offer is structured on a complete range of consulting services according to the security lifecycle approach in conformity with the IEC 62443 standard requirements, which is structured into three macro-phases of work:

    • Assessment
    • Implementation
    • Maintenance

Penetration Testing falls under the assessment stage downstream of the vulnerability assessment. Once the most critical parts of the OT network have been identified via the Vulnerability Assessment, we conduct Penetration Tests in white-box, grey-box, and black-box mode, using various methods and specific tools for the industrial field.

The Penetration Testing campaign is defined in a detailed plan that considers the relevance and criticality of each vulnerability found in the assessment stage in order to provide an accurate specification of real threats that affect the system.

In addition to testing the resilience of an industrial control system, the order of these targeted actions allows for the accurate evaluation of the priority of work, which is to be taken into account in the subsequent implementation of the most suitable measures to protect industrial devices.


The assessment phase is the starting point to establish the actual entity of the threats associated with a system or a plant. The Cyber Security Risk Assessment process is formulated on two different levels, as defined by the IEC 62443 standard:

  • High-Level Risk Assessment, the purpose of which is to establish the consequences of a cyber attack at a macroscopic level
  • Low-Level Risk Assessment, which aims to examine in depth which threats affect the system and also includes the Vulnerability Assessment.

In black-box mode, the tester simulates an average hacker, that is, without knowledge of the system being attacked or the source code, with the purpose of identifying the vulnerabilities that an attacker could exploit from outside the network. In grey-box mode, the tester simulates having access levels, knowledge of the network and network documentation as being inside the network. Finally, in white-box mode, the tester has full access to the source code and network architecture, screening large amounts of data among which to identify the weakest points.

The Penetration Test service is usually accompanied by the vulnerability assessment and, as such, the cost of the project varies based on the complexity of the network infrastructure, the company processes, and the OT devices in use, on which the assessment and tests are performed according to the IEC 62443 standards. We invite you to contact us for a customized estimate.

Recommended Posts

IEC 62443 industrial cyber security
cyber security industria 4.0
Cyber Security Risk Assessment High Level

Follow us on

Why Choose us

  • Experience in the OT Cyber Security field since 2014
  • In-house OT Cyber Security laboratory
  • In-house IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
  • Pool of automation and OT network specialists
  • Wide network of collaborations with the main international OT solution suppliers

For more information about this service or to request a quote