Contact

OT/IoT and embedded security 

From the factory to the connected vehicle, protecting and ensuring the resilience of critical systems. 

Our approach, based on proven experience and systematic consideration of state-of-the-art technology, enables us to anticipate threats, protect your data, and ensure the resilience of your systems while ensuring compliance with regulations and standards. 

Our partners:

Innovation Squad: the DNA of Innovation in Cyber Defense 

Technical Lab: our precision arsenal
- A sanctuary dedicated to the most advanced offensive testing
- Evaluate every product, every calculator to identify vulnerabilities
- Turn potential threats into protection opportunities 

Knowledge Base: our Collective Intelligence
- Capitalization of tests on various OT/IOT and embedded protocols
- Systematic optimization of test phases
- Guaranteed reproducibility: each test is a reference 

Because in the world of cybersecurity, standing still is a risk. 

Industry 4.0/5.0 security image

Industry 4.0/5.0 security

Protect the future of your critical infrastructure. 

 With 25% ofcyberattacks targeting the manufacturing sector and recent major incidents (water treatment, automotive), the urgency is real. 

Our consultants deploy pragmatic solutions tailored to the specific characteristics of your industrial environments: network segmentation, secure protocols, robust identity management, and advanced intrusion detection. 

Anticipate tomorrow's threats with our Zero Trust approach, specially designed for modern industry. 

Image embedded systems security

Embedded systems security

Invisible protection, visible confidence

From aviation to surgical robots, embedded systems require flawless security in critical environments. Protection against cyberattacks must be integrated from the design stage and comply with rigorous standards (ISO 26262, DO-178C, IEC 62443, NIST 800-53). 

Our consultants guide you through this complex challenge: identifying requirements, analyzing risks, auditing code, and validating through comprehensive penetration testing —including on communication buses and auxiliary channels. 

Anticipate threats to your embedded systems with our expertise. 

Security of payment systems image

Payment system security

Excellence at the service of your transactions

The spectacular rise of digital payments (mobile, instant transfers, e-commerce, cryptocurrencies) has been accompanied by an explosion in fraud—nearly €585 million in the first half of 2024, 43% of which was related to bank cards. 

In the face of this threat, our expertise is your best ally. We secure your payment systems by providing rigorous support to ensure regulatory compliance ( PSD2, DORA, NIS2) and international standards (PCI). 

Ouraudit servicescover the entire electronicpayment ecosystem , and our statusas a major player in the REMPARTS program (GIE-CB) guarantees the excellence of our work. 

IoT & Product Security image

IoT & Product Security

 For a secure everyday life 

By 2025, 25 billion connected objects will transform our daily lives (smart homes, smart cities, industrial and medical IoT). This revolution brings considerable added value to businesses, but hides a major risk: 60% of these devices have vulnerabilities that could lead to production stoppages, massive data leaks, or industrial espionage. 

Our consultants offer a comprehensive approach: in-depth auditing, security reinforcement (robust encryption, segmentation, hardening), and continuous monitoring and surveillance of emerging threats .  

Frequently Asked Questions

Several common fundamental pillars enable the protection of critical infrastructure, smart devices, and industrial systems against cyber threats and failures. 

  • Security by Design: Integrate cybersecurity from the development phase by applying penetration testing, code analysis, and least privilege principles. 

  • Hardware and software security: Protect physical components from reverse engineering, fault injection, and side-channel attacks, and ensure the integrity of embedded software through secure boot and firmware encryption. 

  • Securing communications and networks: Ensuring the confidentiality and integrity of exchanges between devices via secure protocols and limiting the spread of threats by separating IT/OT flows.  

  • Secure update management: Ensure update reliability with secure OTA mechanisms, digital signatures, and integrity checks. 

  • Resilient architectures: Ensure business continuity with redundant systems, fail-safe architectures, and rapid recovery strategies. 

  • Compliance with standards and regulations: Comply with specific safety standards such as IEC 62443 (OT), ISO 26262 (auto), DO-178C (aeronautics), and NIST IoT Security Framework. 

  • Threat monitoring and detection: Deploy intrusion detection systems (IDS/IPS) and SIEM/SOAR solutions tailored to embedded and industrial environments to anticipate cyberattacks. 

Threat Analysis and Risk Assessment (TARA) is a specialized method for embedded and critical systems, focusing on the analysis of potential attacks and their impact on cybersecurity and operational safety.  

This methodology is required in various standards such as ISO/SAE 21434 (automotive), DO-326A (aeronautics), IEC 62443 (industry), and ISO 14971 (medical).  

A TARA, like other risk analysis methodologies, identifies assets, potential threats, and specific attack vectors, including analysis of attackers' tactics and techniques (MITRE ATT&CK, STRIDE, etc.). Attack scenarios are then used to perform a detailed risk assessment based on the impact on safety and cybersecurity. 

There are several regulatory, normative, or industry standards frameworks in this field:   

Internationally: 

  • ISO/SAE 21434 – Safety of connected and in-vehicle systems (automotive). 

  • ISO 14971 – Risk management for medical devices (incorporating cybersecurity). 

  • ISO 27001/27002 – Information security management, applicable to connected systems. 

  • ISO 27019 – Security for energy infrastructure (SCADA). 

  • ISO 81001-5-1 – Cybersecurity of health information technology software and systems. 

  • IEC 62443 – Security of industrial and OT systems. 

  • ITU-T X.509 & X.1400 – Cybersecurity standards for IoT and OT. 

  • NIS2 Directive – Securing critical infrastructure, including IoT and OT. 

  • NIST SP 800-82 – Security of Industrial Control Systems. 

At the European level:  

  • Cyber Resilience Act (CRA) – Regulations on the security of digital products and IoT. 

  • EU GDPR – Personal data protection (impacts IoT). 

  • RED (Radio Equipment Directive) - Article 3.3(d,e,f) – Cybersecurity of radio equipment and IoT (mandatory from 2024). 

  • UNECE WP.29 – Regulations on automotive cybersecurity 

Our comprehensive offering covers all industrial systems and connected objects, including: 

ICS (Industrial Control Systems) 

Industrial control systems that monitor and control industrial equipment and processes. We protect these critical infrastructures against cyber threats. 

SCADA (Supervisory Control and Data Acquisition) 

Data acquisition and control systems enabling remote monitoring and control of industrial facilities. We enhance their security to prevent any malicious intrusion. 

Automated systems (including PLCs - Programmable Logic Controllers) 

Programmable logic controllers that automate industrial processes. Our expertise helps secure these essential components against targeted cyberattacks. 

IoT (Internet of Things) 

Connected devices deployed in various environments (industrial, medical, home automation). We identify and correct their vulnerabilities to prevent them from becoming entry points into your network. 

Calculators 

Embedded computing units in critical systems. Our support guarantees their reliability and resilience in the face of sophisticated threats.