Security testing cyber lab
BSI has developed an industrial control cyber lab, a specialist facility designed to test the security of industrial control systems.
Our cyber lab provides a controlled environment prepared for testing many different elements relating to Industrial Control Systems (ICS) and Internet of Things (IoT).
The lab is managed by a team of Operation Technology (OT) experts who possess specialist IT security knowledge, so they can add real value to the test results.
Cyber testing services provided
A wide range of industrial control and IoT devices can be tested, in order to expose vulnerabilities. Methods for vulnerability discovery provided by our cyber lab include:
- Penetration testing
- Fuzz testing
- White box / black box testing
Code analysis can be applied to industrial control and IoT devices, to ensure the appropriate sanitization. Applications we examine include:
- Control logic analysis (for industrial control devices)
- OWASP benchmarking
To countermeasure the vulnerability findings, we provide remidiation in the form of:
- Physical controls
- Architecture best practices
Testing a wide variety of hardware, software and protocols
Our cyber testing team can examine a variety of hardware, software and protocols.
- Control devices: PLCs, RTUs, and DCUs
- Control network devices: I/O concentrators, control servers
- IoT: smart meters, smart domestic devices
- SCADA: Modbus, DNP3, IEC 60870, Profinet
- Wireless: Wi-Fi, Bluetooth, ZigBee
- SCADA software
- Web applications
- Mobile applications
eDiscovery and digital forensics
Our consultants take a comprehensive approach to managing digital investigations. We leverage specialist skills, proven experience and advanced technology to deliver forensically sound results. Our digital investigations are carried out in our ISO/IEC 27001 certified laboratory, ensuring data security and client confidentiality are maintained at all times.
Our eDiscovery and digital forensics security testing lab is controlled within a sandboxed network and used to conduct:
- Malware analysis
- SCADA forensics
- Secure code development
- Data collection from cloud based sources