Protect your production infrastructure and ICS components against hacker attacks

TÜVIT, in cooperation with TÜV NORD CERT, was one of the first providers to introduce relevant testing and certification according to the IT security standard IEC 62443. Based on IEC 62443, companies can check the potential vulnerabilities of their industrial automation and control systems (IACS) and effectively develop protective measures.

TÜVIT designed and formulated the ICS Security Compendium upon request from the German Federal Office for Information Security (BSI). For TÜVIT and its customers, security isn’t an option — it’s embedded in virtually everything we do.

Security Checks

• survey of the IT risks of production systems and analysis of the technical data; here our IT security experts consider e.g. which platforms and systems the respective manufacturers use, how the networking and interaction of the systems for production and process automation operate with one another as well as with office network, and what safety measures are in place
• identification of vulnerabilities and the extent of security risk; ongoing business operations are not disrupted here, because the security check is performed without active interference in the IT system
• documentation of vulnerabilities and preparation of a prioritized action plan, with recommendations for elimination of vulnerabilities
• test of conformity with the authoritative standards, e.g. IEC 62443; this standard focuses on the IT security of industrial control systems

Penetration tests

• evaluation of the technical security level of remote maintenance access, established standard IT components, availability requirements for communication networks, and their monitoring
• evaluation of the threat potential based on human misconduct and intentional attacks on device, network and application levels; here our security experts consider amongst other things the degree of networking and the security of production networks, as well as misconfiguration and inadequate backups of components
• passive and active attacks on established ICS components such as SCADA systems, PLC, HMI, BFS and MES at system and network levels
• derivation and assessment of organizational vulnerabilities such as inadequate documentation and IT security regulations in the form of directives and processes

• leverage the breadth of TÜV NORD and TÜVIT expertise in industrial IT security
• with TÜVIT, you have as your partner one of the leading experts in the field of cyber security, which is certified by the German Federal Office for Information Security (BSI) as an IT security service provider for IS audits and penetrationtesting
• efficient performance of security checks and penetration tests using an independently developed test platform, the “Distributed Penetration Platform” (DPP)
• definition of your security maturity level on the basis of recognized standards and best practices (e.g. ICS Security Compendium of the Federal Office for Information Security (BSI), standard IEC 62443)
• objective analysis and assessment of the established technical and organizational security measures in the field of industrial security
• increasing the efficiency and overall security level through individually derived recommendations for action
• fulfilling duties of care in test performance and security and compliance requirements

The top 10 threats for industrial control systems in 2019 include the following

1. Infiltration of Malware via Removable Media and External Hardware
2. Malware Infection via Internet and Intranet
3. Human Error and Sabotage
4. Compromising of Extranet and Cloud Components
5. Social Engineering and Phishing
6. (D)Dos Attacks
7. Control Components Connected to the Internet
8. Intrusion via Remote Access
9. Technical Malfunctions and Force Majeure
10. Compromising of Smartphones in the Production Environment

(Source: German Federal Office for Information Security)