Strong cyber resilience for critical infrastructure

Penetration testing for sustainable hydrogen production

The challenge

Quest One’s hydrogen electrolysers are part of the energy infrastructure and are therefore classified as critical infrastructure. Such systems are subject to particularly high cyber security requirements. To meet these requirements, Quest One needed an independent review of its existing security mechanisms. The goal of an external penetration test was to validate the security measures already in place, identify potential vulnerabilities at an early stage, and further develop the product’s cyber resilience.

Quest One GmbH

Quest One is a tech pioneer in developing and making PEM electrolysers and electrolysis stacks – key tech for making green hydrogen efficiently and reliably. With locations in Hamburg, Augsburg, and Houston, the company has been active in the hydrogen industry for over 25 years.

How we helped

XITASO conducted a comprehensive black box penetration test for an electrolyzer. A security test in which the systems are tested from the perspective of a potential attacker without detailed prior knowledge. We examined the attack vectors via network interfaces and with direct access to the control terminal. Various perpetrator profiles were simulated, including external attackers and internal threat actors with different levels of authorization. Our security engineers specifically analyzed interfaces and components, identified vulnerabilities, and developed protective measures. Our test results and recommendations for action were summarized in a final report to further strengthen the cyber security of the system.