We conduct assessments targeting the existing vulnerability on industrial control devices and industrial infrastructure according to the IEC 62443 standard.
Support in assessing the critical parts of an industrial system
The main purpose of a Vulnerability Assessment is to identify the critical issues in an industrial system and the corresponding desirability in terms of potential cyber attacks.
Vulnerability assessments are part of a broader Cyber Security Risk Assessment process on an industrial control system. This is why our assessment service is based on the pillars of the IEC 62443 standard, from which we adopt the systematic method to manage cyber risk on industrial devices.
Our offer is structured on a complete range of consulting services according to the security lifecycle approach in conformity with the IEC 62443 standard requirements, which is structured into three macro-phases of work:
- Assessment
- Implementation
- Maintenance
The vulnerability assessment is performed in the assessment stage, which is based on the premise that before proceeding with the definition of any countermeasures, the system needs to be analyzed in detail.
The purpose of our vulnerability assessment service is precisely to establish the system’s size and composition in detail and, as a result, identify all the existing vulnerabilities, including their potential exposure to cyber attacks.
The complete assessment includes investigating human factors, often the main vehicle for vulnerability, passive and active scanning, and protocol or package parsing.
In addition to defining which parts of the infrastructure are the most critical, the vulnerability assessment prioritizes the actions to be taken, based on feasibility and the consequences for the business in the event of an attack, thereby paving the way for the implementation of corrective actions to protect industrial devices.

FAQ
The assessment phase is the starting point to establish the actual entity of the threats associated with a system or a plant. The Cyber Security Risk Assessment process is formulated on two different levels, as defined by the IEC 62443 standard:
- High-Level Risk Assessment, the purpose of which is to establish the consequences of a cyber attack at a macroscopic level
- Low-Level Risk Assessment, which aims to examine in depth which threats affect the system and also includes the Vulnerability Assessment.
Among the most common vulnerabilities in industrial systems, we can find, for example, lack of access control, even remotely, bugs inside the source code, obsolete devices or network, and human factors.
The cost for a Vulnerability Assessment project varies based on the complexity of the network infrastructure, the company processes, and the OT devices in use, on which the vulnerability assessment is conducted according to the IEC 62443 standards. We invite you to contact us for a customized estimate.
Related Services

Recommended Posts

The IEC 62443 Standard, the international reference for Industrial Cyber Security
Considering the impact of Industry 4.0 on Industrial Cyber Security, the only way to apply […]
Read more
How Cyber Security and Industry 4.0 are connected
It is necessary to define the context where companies are at the moment and have […]
Read more
High Level Risk Assessment according to Industrial Cyber Security standards
The High Level Risk Assessment is the starting point of an Industrial Cyber Security Risk […]
Read moreWhy Choose us
- Experience in the OT Cyber Security field since 2014
- In-house OT Cyber Security laboratory
- In-house IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
- Pool of automation and OT network specialists
- Wide network of collaborations with the main international OT solution suppliers