Cyber Security Testing for Industrial Equipment

Industrial Equipment Cyber Security Testing is a process that analyzes potential vulnerabilities and attack vectors that could be exploited in an industrial network environment.
It verifies whether core security functions—such as access control, authentication, session management, encryption, and network communication protection—are implemented and operating according to the required Security Level (SL).
We evaluate various industrial equipment, including EV Chargers, Industrial Control Devices (PLC/RTU), Industrial Gateways, and Field Devices, against major threats based on actual attack scenarios, such as unauthorized access, configuration tampering, data manipulation, and Denial of Service (DoS). This assessment confirms whether the equipment meets the necessary security standards for the industrial environment.

Test of Objectives

- Objective verification of security vulnerabilities such as unauthorized access, configuration tampering, and data manipulation that may occur in an industrial network environment.
- Assessment of the appropriateness and effectiveness of core security functions implemented by the equipment, including access control, authentication, and communication protection.
- Confirmation of compliance with IEC 62443-based Security Level (SL) requirements and securing technical documentation as evidence for certification.

Target Equipment

- EV Chargers (OCPP-based chargers / AC slow chargers, DC fast chargers)
- Industrial Control Devices (PLCs, RTUs, ICS/SCADA components)
- Industrial Gateways and Field Devices
- Network-connected equipment in the manufacturing, energy, and transportation sectors
- Industrial and facility equipment with remote monitoring and control capabilities
- Other OT (Operational Technology) and IIoT (Industrial IoT) equipment

Key Testing Items

- Vulnerability Assessment and Risk Evaluation
- Penetration Testing for attack vector feasibility verification
- Security Feature Validation
- Firmware and Software Security Review
- Protocol Security Testing

Testing Standards (Specifications)

- IEC 62443-3-3: Sys_security requirements and security levels (SLs) for Industrial Control_Sys (IACS).
- IEC 62443-4-1: Secure product development lifecycle (SDLC) requirements.
- IEC 62443-4-2: Technical security requirements for IACS components (AC, UC, SI, DC, RE, RA, etc.)

Test Preparation Requirements

- Required Documents:
- Product structure/function description
- Network diagram and data flow diagram
- User/Admin manuals
- API/Protocol specifications
- Firmware or software version information

Testing and Certification Procedure

1. Contract and Scope Definition – Determine the applicable standards and Security Level (SL) for the target equipment.
2. Security Requirements Analysis – Derive test items and review security based on the standards.
3. Test Execution – Perform security feature validation, vulnerability analysis, and attack testing on the sample.
4. Issuance of Test Report – Provide an official test report detailing the test results.
5. Certification Support – Support for the certification process through ICR Polska (NB 2703), if required.