Minimise the risk of a cyber incident by employing systematic testing services, including ethical hacking, to identify and help prioritize and mitigate cyber security gaps in your people, processes and technologies.


Meet and exceed compliance requirements for projects and operations through proactive and systematic testing and verification of critical infrastructure.

Build confidence through independent verification that your systems, products, and components are secure by achieving compliance with specific standards, regulation or client requirements.

Identify and fix potential breach points in your operational technology (OT) or IT environments that may lead to a cyber incident as a result of human error or third-party attack, and demonstrate to stakeholders that your projects and operations are safe and secure.


Knowledge to build a powerful force of defence

DNV’s structured approach to cyber security testing and verification provides organizations with peace of mind that their systems and products are secure and aligned to best practices.

Our team of cyber experts identifies weaknesses in OT and IT systems and networks via ethical hacking (penetration testing), using the same tools and techniques employed by malicious hackers to test the integrity and security levels of networks.

Drawing on our extensive background and expertise in testing and verification in the maritime, renewables, electricity infrastructure and distribution, and manufacturing industries, we evaluate products, components, systems and networks against national and international industry standards and regulations, DNV Class rules and company requirements. In addition, we advise on which standards, regulation or requirements to apply or mandate, and how to interpret applicable standards (such as IEC 62443) across specific industries, asset types and components.


Our testing & verification services

From technical misconfigurations, insecure password protocols, poor internal awareness or lack of network segregation, we test and verify the security of relevant people, processes and technology from the ground up, including:

  • Cyber security verification
    Reduce the likelihood and consequences of cyber attacks through independent and in-depth assessments of your critical infrastructure against industry best practice, selected standards, and DNV recommended practices.
  • Penetration testing
    Put the integrity and security of your OT and IT environments to the test through ethical hacking to identify and address vulnerabilities and exploitable breaches.
  • Product evaluations
    Gain knowledge of your compliance status, or what you need to do to achieve compliance with relevant standards, regulation and/or requirements, such as IEC 62443, ISO 27001/27002/27031, or the NIST 800-series.
  • Cyber security incident preparedness
    Prepare your organization to tackle incidents before they occur through proactive planning, training and testing of cyber security incident management processes.
  • Maritime cyber secure class notation
    Demonstrate cyber security capabilities and IMO compliance with DNV Cyber secure class notation. The class notation has been developed to address the cyber security of a vessel’s main functions and the owner’s operational needs. It establishes recognized requirements for vessels and offshore units in operation and newbuilds across different segments and security levels. Find out more

Why work with DNV?

Underpinned by in-depth industrial control system knowledge and a systematic approach, DNV’s independent testing and verification services are trusted by companies across the world to ensure and improve the cyber security properties of critical assets and systems.

Our cyber security services

 

Strategy & programme

Develop effective cyber security strategies and programmes, even when you face tight deadlines

 

Testing & verification

Test and verify the resilience of systems, networks and components, and access practical, unbiased advice to enable you to prioritize mitigation of vulnerabilities

 

Safety & security risk management

Ensure security and safety in the design of new and existing projects

 

Governance, risk & compliance

Implement robust governance, risk and compliance

 

Detection, response & investigation

Respond and recover effectively from cyber attacks

 

Insights & training

Ensure that you have the right insights and training in place to build awareness across the full lifecycle of your operations