Find the weak spots in your Industrial IT Security and Critical Infrastructures
Today, industrial automation and control systems can be built from standardized hardware and software components. These open systems facilitate integration and reduce dependence on suppliers. Standardized components enable the networking of control systems, production equipment and office IT even over large distances. Integrated communication accelerates production, provides for a clearer overview and cuts development and operating costs.
The challenge: Open systems are more vulnerable.
Since Stuxnet – probably the most famous computer worm – at the latest, we have been aware that industrial automation and control systems are vulnerable to attacks. How can we protect these systems from malicious attacks, sabotage and espionage? Analyses, assessments and tests play a key role in implementing appropriate security controls against these threats. We at TÜV SÜD assist you in meeting this challenge. We analyze your equipment and processes, assess vulnerabilities and risks and test the security of your systems. TÜV SÜD for permanently strong, immunity-inspired systems.
TÜV SÜD’s Security Check is a rapid and reliable approach to identify vulnerabilities by analysing your entire Industrial Control System (ICS). It is based on our extensive experience and best practices according to IEC 62443, IEC 62351, ISO/IEC 27001 and DIN VDE V 0831-10X. During the Security Check our experts analyse the security of your process and the technical environment to determine the actual security level of your ICS. All identified vulnerabilities are assessed and documented. Non-conformities to relevant security standards are identified and a prioritized action plan is provided.
To effectively defend yourself against malicious attacks, you need to understand how attackers work. We test the security of intelligent electronic devices (IEDs), using penetration tests – the same methods as potential attackers. In other words, when we carry out penetration testing of IEDs we assume the role of a qualified attacker. In our penetration laboratory, we further simulate environments typical of production facilities. This enables us to extend penetration tests to essential IT infrastructures used in the production environment.
Increasingly frequent malicious attacks are resulting in growing awareness of Industrial IT Security. Questions that must be asked include: What are the risks involved? What do we have to protect? How serious are the potential consequences? We apply generic methods to risk assessment in industrial IT security, differentiating between industry-specific threat scenarios, damage categories and probabilities. Risk assessment aims at identifying the customer-specific risks.
TÜV SÜD has established relevant tests and certifications according to the new IT security standard IEC 62443. On the basis of this new standard IEC 62443 companies can check potential weaknesses of their automation and control technology and develop effective protection measures for it. The standard focuses on IT security of “Industrial Automation and Control Systems” (IACS) which are necessary for reliable and secure operation of automated systems and infrastructures.
Our IT Security training according to IEC 62443 provides insights into the security standards, taking into account issues related to control and automation systems.