Industrial Cybersecurity & IEC 62443 Consulting in Germany and Switzerland

CRA Compliance. OT Security. Certification Readiness.

Industrial cybersecurity is no longer optional. Connected products and industrial systems must meet the requirements of the Cyber Resilience Act (CRA) and align with IEC 62443. Companies that integrate cybersecurity from the start reduce operational risk, ensure business continuity, and maintain market access.

We help manufacturers, system integrators, and asset owners in Switzerland and across Europe to secure their industrial systems by taking a structured approach to IEC 62443, OT penetration testing, and CRA compliance.

Request your assessment

Where OT Systems Face Challenges

In industrial assessments, we regularly encounter:

• Outdated firmware
• Embedded devices with default credentials
• Flat networks without trust boundaries
• Remote maintenance interfaces exposed beyond intended zones
• Industrial protocols lacking authentication or integrity protection

These weaknesses can lead to downtime, compromised data, and safety risks.

Live testing and research show how embedded systems and industrial networks can be exploited when segmentation or authentication assumptions fail.

Selected examples:

Pwning the Synology BC500 – embedded firmware exploitation

Switching 400’000 Volts with a TCP Packet – weaknesses in IEC 61850 and IEC 60870-5-104

ICS honeypot research – observed attacker behavior in industrial environments
 

Cyber resilience must be validated under realistic conditions, not assumed from architecture diagrams.

Cyber Resilience Act & IEC 62443

The European Cyber Resilience Act (CRA) defines mandatory cybersecurity requirements for products with digital elements. Swiss companies exporting into the EU must demonstrate compliance.

The CRA defines what must be achieved. IEC 62443 standard structures how to achieve it:

• Risk-based security architecture
• Security levels SL1 to SL4 based on attacker capability
• Zone and conduit segmentation models
• Technical component requirements
• Secure development lifecycle integration

Independent validation ensures both are met in practice.

Our Industrial Cybersecurity Services

Industrial cybersecurity requires technical depth and measurable results, not just theoretical compliance.

• Structured threat modeling for industrial systems
• Risk analysis aligned with IEC 62443-3-2
• Security Level definition SL1 to SL4
• Identification of architectural and operational gaps

• Review of zones and conduits design
• Defense-in-depth assessment
• Verification of implemented network segregation
• Validation of remote access boundaries

 

• Industrial protocol testing (IEC 61850, IEC 60870-5-104, MQTT, Modbus, OPC UA, Serial. 2/3-wire serial protocols)
• Embedded firmware and hardware analysis
• Authentication and access control validation
• Controlled lateral movement simulation between zones

 

• Gap analysis against IEC 62443
• Evidence generation for audit readiness
• Technical remediation guidance
• Independent second opinion before certification

 

Sample Report Pentest Device IEC 62443
Download the sample IEC 62443 assessment report to see how findings are mapped and prioritized for remediation.

How We Work

We bridge real-world attack simulation and structured compliance alignment. This ensures your implementation withstands both audits and adversaries.

Compass Security has more than 25 years of cybersecurity experience securing internet-exposed systems, critical infrastructure, and embedded technologies.

It requires deep understanding of industrial processes, attacker capabilities, and regulatory expectations. Our work focuses on measurable resilience, not theoretical alignment.

  1. Assess risk and architectural assumptions
  2. Validate controls through hands-on testing
  3. Map findings to IEC 62443 requirements
  4. Deliver prioritized, actionable remediation guidance

Our goal is measurable risk reduction, not theoretical compliance.

Business Impact

Structured validation translates technical findings into measurable business risk reduction.

• Reduced likelihood of production downtime
• Improved resilience against ransomware and targeted attacks
• Clear roadmap toward CRA compliance
• Independent validation of implemented security controls
• Stronger credibility with partners and customers

Industrial cybersecurity protects availability, operational continuity, and market access.

Strengthen Your Industrial Cyber Resilience

If you require OT penetration testing, IEC 62443 consulting, or CRA compliance support, contact us: 

Start securing your industrial systems today.

 

Hear directly from customers about their experience with our services: Testimonials

We are glad to answer your questions personally: Your contact person