MENU

Protect your production infrastructure and ICS components against hacker attacks

  1. Services
  2. Cyber Security
  3. Industrial Security

In the context of Industry 4.0 and the Internet of Things (IoT), the networking of systems for process control, production and automation is increasing dramatically. As a result, challenges are also increasing in relation to security. Gateways frequently used by hackers include maintenance access points via the internet, unsecured interfaces to the traditional IT infrastructure, or lack of employee awareness for IT security.

TÜViT offers security checks and penetration tests in order to reduce security vulnerabilities in your production infrastructure.

 

Know-how from a single source

Combining the 150 years´ experience in the industrial sector of TÜV NORD with the 20 years of TÜViT IT security expertise makes us a premium partner to protect your production infrastructure and ICS components against hacker attacks.

TÜViT designed and formulated the ICS Security Compendium upon request from the German Federal Office for Information Security (BSI). For TÜViT and its customers, security isn’t an option — it’s embedded in virtually everything we do.

Our services at a glance

Security Checks

  • survey of the IT risks of production systems and analysis of the technical data; here our IT security experts consider e.g. which platforms and systems the respective manufacturers use, how the networking and interaction of the systems for production and process automation operate with one another as well as with office network, and what safety measures are in place
  • identification of vulnerabilities and the extent of security risk; ongoing business operations are not disrupted here, because the security check is performed without active interference in the IT system
  • documentation of vulnerabilities and preparation of a prioritized action plan, with recommendations for elimination of vulnerabilities
  • test of conformity with the authoritative standards, e.g. IEC 62443; this standard focuses on the IT security of industrial control systems

Penetration tests

  • evaluation of the technical security level of remote maintenance access, established standard IT components, availability requirements for communication networks, and their monitoring
  • evaluation of the threat potential based on human misconduct and intentional attacks on device, network and application levels; here our security experts consider amongst other things the degree of networking and the security of production networks, as well as misconfiguration and inadequate backups of components
  • passive and active attacks on established ICS components such as SCADA systems, PLC, HMI, BFS and MES at system and network levels
  • derivation and assessment of organizational vulnerabilities such as inadequate documentation and IT security regulations in the form of directives and processes

Your benefits at a glance

  • leverage the breadth of TÜV NORD and TÜViT expertise in industrial IT security
  • with TÜViT, you have as your partner one of the leading experts in the field of cyber security, which is certified by the German Federal Office for Information Security (BSI) as an IT security service provider for IS audits, IS consulting, and penetrationtesting
  • efficient performance of security checks and penetration tests using an independently developed test platform, the “Distributed Penetration Platform” (DPP)
  • definition of your security maturity level on the basis of recognized standards and best practices (e.g. ICS Security Compendium of the Federal Office for Information Security (BSI), standard IEC 62443)
  • objective analysis and assessment of the established technical and organizational security measures in the field of industrial security
  • increasing the efficiency and overall security level through individually derived recommendations for action
  • fulfilling duties of care in test performance and security and compliance requirements

What vulnerabilities do hackers target for exploitation in industrial companies?

The top 10 threats for industrial control systems in 2016 include the following

  1. Social engineering and phishing
  2. Infiltration of malware using removable media and external hardware
  3. Infection with malware via internet and intranet
  4. Penetration via remote maintenance ports
  5. Human misconduct and sabotage
  6. Control components connected to the internet
  7. Technical misconduct and force majeure
  8. Compromised extranet and cloud components
  9. (D)DoS attacks
  10. Compromised smartphones in the production environment

(Source: German Federal Office for Information Security)

Leverage of our broad expertise in industrial IT security.

Dennis Schröder

Product Manager Cyber Security Services

+49 201 8999-606
Fax: +49 201 8999-666

d.schroeder@tuvit.de

Gerald Krebs

Sales Manager

+49 201 8999-411
Fax: +49 201 8999-666

g.krebs@tuvit.de

Appointment Request

Further services

Cyber Security Check

The cyber security check utilizes a structured guide to provide a standardized procedure for evaluating IT security in your company. With the cyber security check, we offer you an efficient and cost-effective solution to identify potential vulnerabilities.
Read more

Penetration Tests

As an IT security service provider for penetrationtesting we help to identify organizational and technical security vulnerabilities.
Read more
System and Network Security

System and Network Security

The commonest targets of hacker attacks are the IT systems and data networks of companies. In order to detect attacks as early as possible, TÜViT offers penetration tests on system and network levels.
Read more
Web Application Security

Web Application Security

In order to enable you to secure the applications that drive your business, TÜViT offers penetration tests for web applications tailored to your needs.
Read more
Advanced Persistent Threats

Advanced Persistent Threats

Advanced Persistent Threats (APTs) are highly developed and targeted attacks that operate covertly in order to leave no visible traces. TÜViT offers various modules to prevent Advanced Persistent Threats.
Read more
Enhanced Security Services

Enhanced Security Services

TÜViT offers Enhanced Security Services, to keep your IT security level high at all times: from monitoring and retesting up to Red-Teaming.
Read more

Mobile Security

TÜViT mobile-specific testing approach offers optimal protection for your mobile data. From the analysis of mobile strategy and evaluation of IT infrastructure including mobile device management systems, through to application testing.
Read more
SQ Best Practice Certification Procedure

SQ Best Practice Certification Procedure

With its Security Qualification (SQ), TÜViT offers a standardized and flexible certification procedure that allows the integrated analysis of products and networked system solutions.
Read more
In order to provide you with a pleasant online experience, we use cookies on our website. By expressing your consent at tuev-nord.de you agree to the use of cookies. Further information, e.g. how you can object to the use of cookies at any time, can be found in our cookie guidelines and data protection settings.