Get to know the assets of the BDIH: Product cybersecurity assessment laboratory

Ikerlan offers Basque companies a comprehensive service for the development, validation and certification of products or systems with cybersecurity requirements. The knowledge of its researchers and the equipment of this laboratory allows to carry out the cybersecure development of industrial products and its subsequent validation by means of different types of tests. These activities serve also to perform a pre-approval of the products and are used also as a reference in the support of business during the certification process with accredited entities.

The companies can make use of the PKI infrastructure of Ikerlan, to be able to perform the lifecycle management of digital certificates, and to carry out implementation tests in the lab. Through these trials, it is also possible to carry out reverse engineering of electronic parts using different techniques. The information obtained is processed to obtain sensitive information of the device and to detect potential vulnerabilities that arise from its implementation.

One of the key services of Ikerlan through this asset are the communication robustness tests. These tests are oriented to saturate the product’s communication interfaces with faulty messages in order to test its robustness and to allow for the detection of new unknown vulnerabilities as a consequence of the observed behaviour’s analysis.

Lastly, this laboratory provides functional security assessment and vulnerability or implementation tests. For the first one, its purpose is to verify that the cybersecurity requirements have been correctly addressed and to evaluate the measures implemented against the detected threats in the cybersecurity risks analysis. By means of these evaluations, the companies can verify the performance, correction and robustness of the cybersecurity measures implemented.

The vulnerability tests consist in the executions of tests to the identification of vulnerabilities in the products or systems under test. These tests are aimed to break the cybersecurity measures implemented and they are approached as black box tests assuming the role of the attacker, that would take advantage of all the public information of the device to exploit one or more vulnerabilities.

Use cases

The following companies, via the BDIH Konexio programme, have gained access to the product cybersecurity assessment laboratory of Ikerlan, in order to test their developments and solutions.

First, Savvy Data Systems, which has performed an industrial communication robustness test with the Achilles platform. Savvy Data Systems is a company dedicated to data engineering and data analysis for industrial environments.

Second, ZIV, which has also carried out tests with the Achilles platform. ZIV is a company dedicated to the development of smart solutions, for HV, MV and LV networks, based on the integration of Protection, Control, Communications and Metering technologies.

Third, RKL integral, an integrated security engineering consultancy, has used this asset to verify the robustness and code integrity of its software development. Ikerlan has carried out pentesting tests and tried to hack its software, to put the system to the test.

In the web of the BIDH you will be able to watch the videos of Savvy Data Systems, ZIV and RKL Integral, where their managers will provide all the details of how they have benefited from the use of Ikerlan’s assets.