OT-Security: Reducing safety risks in industrial environments

Do you have any questions or comments? Contact us!

Our vulnerability analysis in the OT/ICS environment

The increasing digitalization and networking of industrial plants also increases the IT security risks against which machines and systems within industrial environments must be protected.

With the help of Industrial Security Assessments, you get ahead of cybercriminals by proactively identifying and closing potential security vulnerabilities.

 Identification of security vulnerabilities in your ICS infrastructure

 Explicit recommendations for remedial action

 Checking for the Top 10 Threats to Industrial Control Systems


Our service modules in the OT/ICS security environment

We offer various modules as part of the assessment, whereby each test includes attack techniques that a real hacker would use.

In addition to the modules listed, we will of course address your specific needs and will be happy to provide you with a customized offer.

Your benefits at a glance

  • Determination of your security maturity level on the basis of recognized standards & best practices
  • Objective analysis & evaluation of the established technical & organizational security measures in the production area
  • Explicit recommendations for action to remedy discovered or potential vulnerabilities
  • Protection against industrial espionage & potential cyber attacks
  • Prevention of financial & reputational damage due to (avoidable) security incidents
  • Continuous improvement of the IT security of your solutions and Industrial Control Systems (ICS) implemented in the industrial sector
  • Benefit from TÜV NORD's & TÜViT's combined industry & IT experience in Industrial Security & Production Security

Aim & result of the assessment

A security assessment has various main objectives. These include, but are not limited to:

  • The identification of vulnerabilities and their risk exposure
  • The assessment of which platforms and systems are used and how the networking and interaction of the systems for manufacturing and process automation work together - as well as with conventional (Office) IT infrastructure - from a security perspective
  • Assessment of the security measures in place in terms of security and safety
  • Assessment of the technical security level of remote maintenance access, established standard IT components and availability requirements of communication networks and their monitoring
  • Assessment of potential threats based on human errors and intentional attacks at device, network and application level. As part of this, our security experts look at, among other things, the degree of networking and the protection of production networks, as well as the misconfiguration and inadequate backup of components.
  • Passive and active attacks on established ICS components such as SCADA systems, PLC, HMI, BFS and MES at system and network level
  • The derivation and evaluation of organizational vulnerabilities, such as insufficient levels of documentation and regulations for IT security in the form of guidelines and processes

We will provide you with a detailed report that identifies specific comprehensible risks and vulnerabilities and proposes appropriate measures for their elimination.

What the final report contains

All results of an analysis are made available to the client in the form of a detailed final report.

The final report is always created individually and in an easily understandable form by our experts (no automatic generation) and contains at least the following information:

  • Introduction: A brief description of the test object and the aim of the pentest.
  • Management/Executive summary: A summary of the results.
  • Risk assessment: Assignment of a degree of risk to each vulnerability (Informative, Low, Medium, High or Critical Risk), with which the criticality of the respective vulnerability is described.
  • Clear representation: Clear representation of all identified vulnerabilities in a table.
  • Detailed description of vulnerabilities & Proof-of-Concept: For each vulnerability there is an individual description that reflects precisely how the vulnerability was found and how it can be exploited by an attacker (proof-of-concept).
  • Evaluation of automated tests: The results of the automated tests are evaluated by the TÜViT experts, checked for false/positive results and then summarized in the report.
  • Recommend measures to remedy the vulnerability: For each vulnerability, there is a recommended measure to eliminate the vulnerability.
  • References: If available, we provide references to vulnerability databases (e.g., CVE).
  • Technical Appendices: If available, further information and files on the tests performed are provided as an Appendix, e.g. the raw results of the port and vulnerability scans.

OT Security: Procedure of the Industrial Security Assessment

The following steps are performed as part of an assessment:

Clarification of specific technical & organizational aspects, as well as the preconditions

Examination of the security measures implemented with respect to their effectiveness & completeness.

Compilation of the results in a final report. With a final presentation as an option.

Check of whether the implemented improvement & defensive measures are working (effectively).

Frequently asked questions (FAQ):

What vulnerabilities do hackers specifically target at industrial companies?

The top 10 threats to industrial control systems in 2019 included:

  1. Infiltration of Malware via Removable Media and External Hardware
  2. Malware Infection via Internet and Intranet
  3. Human Error and Sabotage
  4. Compromising of Extranet and Cloud Components
  5. Social Engineering and Phishing
  6. (D)Dos Attacks
  7. Control Components Connected to the Internet
  8. Intrusion via Remote Access
  9. Technical Malfunctions and Force Majeure
  10. Compromising of Smartphones in the Production Environment

(Source: German Federal Office for Information Security)

What methodology does TÜViT use?

In addition to the automated analysis and attack techniques, manually conducted investigations and verification are always performed. To achieve this, our IT security experts always use the latest attack techniques/tools from the hacker or security scene as well as tools and scripts they have developed themselves. In addition to technical (penetration) tests, interviews as well as inspections of the site, offices, IT rooms, etc. are also used.

What is the BSI ICS Security Compendium?

The Industrial Control Systems (ICS) Security Compendium, which TÜViT designed and wrote on behalf of the German Federal Office for Information Security (BSI), is a fundamental work for IT security in ICS. It covers the necessary basics of IT security, ICS operations, and relevant norms and standards, and highlights best practices related to ICS IT security and essential security measures. 

The compendium is primarily aimed at operators of industrial control systems who can reduce risks in ICS by implementing appropriate IT security measures. 

Why we are a strong partner for you


With us you have one of the leading experts in the field of cyber security at your side, certified by the BSI as an IT security service provider for IS revision and penetration tests.

Industry experience

Due to many years of experience in different branches of industry we can serve companies from a wide range of industries.

Tailor-made for you

We focus on individual services - and solutions - that optimally fit your current company situation and your set goals.

International network of experts

Around the globe: We support you both nationally and internationally. Our global network of experts is ready to help you in word and deed in all IT security issues.


Our employees are not subject to any conflicts of interest, as they are not committed to any product suppliers, system integrators, stakeholders, interest groups or government agencies.
You have questions? We are pleased to help!


Gerald KrebsGlobal Account Manager

Tel.: +49 201 8999-411
Fax: +49 201 8999-666
Alexander PadbergGlobal Account Manager Cyber Security

Tel.: +49 201 8999-614
Fax: +49 201 8999-666