Introduction to Industrial Control Systems Cybersecurity Training

Print Friendly, PDF & Email
Introduction

Introduction to Industrial Control Systems Cybersecurity Training Course Description

This Introduction to Industrial Control Systems Cybersecurity Training will help you to support and defend your industrial control system to operate in a threat-free environment and resilient against emerging cybersecurity threats. Cyber-attacks on critical infrastructures and industrial control systems especially Supervisory Control and Data Acquisition (SCADA) are becoming more common for organization and governments.

These types of attacks can severely impact service, data integrity, compliance and public safety. Therefore, it is needed for every organization to implement a cybersecurity approach to identify risks and manage them in order ensure the protection of industrial control systems.

This Introduction to Industrial Control Systems Cybersecurity Training course also offers a set of real-world case studies, hands on experiments and class discussions in order to give you a clear idea about ICS and SCADA security, and makes you prepared for challenges in your organization.

Duration: 3 days

Introduction to Industrial Control Systems Cybersecurity Training Related Courses

Customize It

• We can adapt this Introduction to Industrial Control Systems Cybersecurity Training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this Introduction to Industrial Control Systems Cybersecurity Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Introduction to Industrial Control Systems Cybersecurity Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Introduction to Industrial Control Systems Cybersecurity Training course in manner understandable to lay audiences.

Audience / Target Group

Industrial Control System (ICS) and SCADA Cybersecurity training is a 3-day course designed for:

• IT and ICS cybersecurity personnel
• Field support personnel and security operators
• Auditors, vendors and team leaders
• All individuals who need to understand the ICS and SCADA Protection concepts
• Electric utility engineers working in electric industry security
• System personnel working on system security
• System operators and individuals in electric utility organizations
• Independent system operator personnel working with utility companies
• Electric utility personnel who recently started career involved with ICS security.
• Technicians, operators, and maintenance personnel who are or will be working at electric utility companies.
• Investors and contractors who plan to make investments in electric industry considering security standards.
• Managers, accountants, and executives of electric industry.

Introduction to Industrial Control Systems Cybersecurity Training - Objectives:

After completing this Introduction to Industrial Control Systems Cybersecurity Training course, attendees will be able to:

• Understand fundamentals of Industrial Control Systems (ICS) and SCADA systems
• Understand vulnerabilities and attacks for ICS and SCADA
• Learn about attack architectures in SCADA and ICS
• Explain risk management procedures applied to SCADA and ICS
• Identify risks in SCADA and ICS systems and conduct risk assessment
• Apply physical protection principles to SCADA and ICS systems
• Learn about security standards applied to ICS and SCADA such as NIST, ISA and CPNI
• Learn different types of servers used in ICS and SCADA and apply security concepts to servers
• Explain the concept of security in SCADA/ICS networks and preventing the attacks to networks in these structures
• Develop and deploy security programs for SCADA and ICS
• Understand the security related issues to the wireless system in SCADA and ICS

Introduction to Industrial Control Systems Cybersecurity Training - Course Content:

Fundamentals of ICS and SCADA

Industrial Control Systems Overview
Global Industrial Cybersecurity Professional (GICSP)
Roles and Responsibilities of ICS
Real-time Operating Systems
Programmable Logic Controllers (PLC)
Distributed Control Systems (DCS)
Supervisory Control and Data Acquisition (SCADA)
Master Servers
Industrial Computing Applications and SCADA Systems
Communication Protocols
Network Design
Types of SCADA Networks
SCADA Network Operations and Management
Communications Media and Signals
SCADA Reliability, Redundancy and Safety
Planning and Managing SCADA Projects
SCADA Technical Operations
SCADA Characteristics, Threats and Vulnerabilities
Comparing SCADA and IT Systems
SCADA and DCS Comparison
Physical Security of SCADA Systems
ICS Network Architecture

ICS/SCADA Vulnerabilities

ICS Attack Architecture
Attacks on Human Machine Interface (HMI)
Attacks on User Interfaces
Potential SCADA Vulnerabilities
Policy and Procedure Vulnerabilities
Platform Vulnerabilities
Network Vulnerabilities
SCADA Network Communication Attacks
Risk Factors
Standardized Protocols and Technologies
Increased Connectivity
Insecure and Rogue Connections
Public Information
Possible Incident Scenarios
Sources of Incidents
Documented Incidents
Web Attacks
ICS Server Attacks
Attacks on ICS Remote Devices
Firmware Attacks

Risk Management Basics

Risk and Industrial Control Systems
Threat Identification
Vulnerability Management
Industrial Consequences of Vulnerabilities
Risk Classification
ICS Risk Assessment
Planning
System and Services Acquisition
Certification, Accreditation, and Security Assessments
Operational Controls
Personnel Security
Physical and Environmental Protection
Contingency Planning
Configuration Management
Maintenance
System and Information Integrity
Incident Response
Awareness and Training
Identification and Authentication
Access Control
Audit and Accountability
Asset Classification
System and Communications Protection

Selecting and Implementing Controls for ICS Security

ICS Security Assessment
ICS Vulnerability Assessment
Configuration Assessment and Auditing
Risk Reduction
Standards and Security Controls Applied to ICS (NIST, ISA and CPNI)
ICS Security Technologies

ICS/SCADA Server Security

Different Server Types Used in ICS
Windows Operating Systems in ICS
Linux/Unix Operating Systems in ICS
Endpoint Protection
Automation and Auditing
Log Management for ICS Servers

ICS/SCADA Network and Device Security

Fundamentals of Networks
Ethernet, TCP/IP Protocol
ICS Protocol Architectures
Firewalls and Gateways
Honeypots
ICS Wireless Systems
Satellite, Mesh, Wi-Fi, and Bluetooth Systems
SCADA Security Network Architecture
Firewalls and Logically Separated Control Network
Network Segregation
Specific SCADA Firewall Issues
Data Historians
Remote Support Access
Multicast Traffic
Single Points of Failure
Redundancy and Fault Tolerance
Preventing Man-in-the-Middle Attacks

SCADA Security Program Development and Deployment

Business Case for Security
Potential Consequences
Key Components of the Business Case
Resources for Building Business Case
Presenting the Business Case to Leadership
Developing a Comprehensive Security Program

Wireless Security Applied to SCADA

Overview of Current Wireless Technologies
11, 802.15 and 802.16 Technologies
Overview of Wireless Security
WEP
TKIP and the WPA/WPA2
IEEE 802.11i
Authentication, Encryption, and Integrity Methods
Cellular/Mobile Interworking
LTE application in SCADA

Hands On, Workshops

Labs
Workshops
Group Activities

Sample Workshops and Labs for Industrial Control Systems and SCADA Security

ICS Risk Assessment Exercise
ICS System Identification and Classification Case Study
ICS Vulnerability Assessment and Compliance Auditing
Risk Assessment Case Study for ICS and Selecting Security Controls
Host Based Intrusion Prevention Systems
Industrial Firewall Inspection Case
Modbus Communication Network Attacks
Incident Response and Risk Management Case Study

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment

0