Embedded and industrial devices are some of the most common yet impactful systems society uses. But not many people notice or realise they exist, and that's the beauty of them. They sit there silently waiting to react to one of your needs from monitoring your production line to deploying your airbag during a road traffic accident.
Attackers come in many forms from cyber terrorists to hostile governments, trolls to insider threats and embedded devices need to stay secure for years. But this is not possible in a world that moves as fast as ours, so what can you do? Apply defence-in-depth by researching unknown threats.
ICS, SCADA & OT
One of the most ubiquitous applications of embedded technology is as Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) devices. They exist throughout the manufacturing industry and even as building management systems in financial institutions — all of which form of Operation Technology (OT).
As these and Industrial IoT (IIoT) devices permeate more of the manufacturing space — it's creating new and increasingly exposed interfaces that attackers can leverage. Critical business systems, including those that preserve and protect human life, are frequently being attacked.
We want to help you reduce the attack surface and discover dangerous vulnerabilities within the software. We can do it with or without access to source code or cooperation with the original manufacture — in many cases because they've been merged or shut down.
The 5G interface is making its mark with autonomous vehicles too, and this is through the Vehicle-to-everything (V2X) interface. Not only this, increasingly complex entertainment management systems, but keyless entry and artificial intelligence algorithms are also making their way into your vehicles — potentially compromising safety.
5G and autonomous vehicles are also introducing a new concept called platooning — this is where your vehicle forms a platoon with others through something called PC5. We are experienced with this technology from engine management systems through to core controllers in the cellular network. Securing it is hard, and a problem we'd love to help you solve.
Critical National Infrastructure (CNI) is one of the most demanding security environments in which to operate. Typically it comprises of carrier-grade telecommunications operators, essential manufacturing businesses and energy generation plants.
CODA researchers have extensive experience working with CNI, which many security consultancies do not have. We hold the necessary security clearances and understand the associated risks to normal business operations. We can supply any of our listed services to any environment from offshore wind farms to sensitive CNI sites.
How we can help
- Evaluate CNI designs for weaknesses
- Identify and discover vulnerabilities in ICS, SCADA and OT networks
- Provide due diligence for your business during the procurement of industrial sites or businesses
- Assess your industrial, automotive and CNI incident response processes
- Evaluate data critical data transmission paths
- Conduct security tests on industrial networks
- Validate telecommunications interfaces
- Penetration testing of ICS, SCADA, OT, Automotive and CNI systems