Industrial Cyber Security Risks and Defense

Categories: Online
Wishlist Share
Share Course
Page Link
Share On Social Media
Course Info
Curriculum

About Course

The training program described below, focuses on the cyber security aspects of Industrial Control Systems (ICS), also known as Operation technology (OT). These systems are deployed in range of architectures:
  • Supervisory Control and Data Acquisition (SCADA)
  • Building and Energy Management Systems (BEMS)
  • Distributed Control Systems (DCS)
The solutions include products such as: Programmable Logic Controllers (PLC), Remoter Terminal Units (RTU) Intelligent Electronic Devices (IED) Safety Instrument Systems (SIS), Human Machine Interface (HMI), Automation Servers (AS) etc. Among Industrial control verticals are the following:
  • Electricity production and distribution
  • Water distribution and Sewage treatment
  • Oil and gas facilities
  • Manufacturing…
The training program described below, focuses on the cyber security aspects of Industrial Control Systems (ICS), also known as Operation technology (OT). These systems are deployed in range of architectures:
  • Supervisory Control and Data Acquisition (SCADA)
  • Building and Energy Management Systems (BEMS)
  • Distributed Control Systems (DCS)
The solutions include products such as: Programmable Logic Controllers (PLC), Remoter Terminal Units (RTU) Intelligent Electronic Devices (IED) Safety Instrument Systems (SIS), Human Machine Interface (HMI), Automation Servers (AS) etc. Among Industrial control verticals are the following:
  • Electricity production and distribution
  • Water distribution and Sewage treatment
  • Oil and gas facilities
  • Manufacturing plants
  • Smart cities and public safety
  • Communication networks, and more

Course Delivery Dates
June 2022
June 20 (Tentative) 12:00 PM - 3:00 PM (EST)
June 23 (Tentative) 12:00 PM - 3:00 PM (EST)
June 27 (Tentative) 12:00 PM - 3:00 PM (EST)
June 28 (Tentative) 12:00 PM - 3:00 PM (EST)
* All sales are final. Refunds are only issued if a course is cancelled.
DOWNLOAD COURSE OVERVIEW

What Will You Learn?

  • Understanding the ICS-OT technology as related to cyber risks and defense, and ICS architecture, related components and communication
  • Understanding of the unique threat factors applicable for the ICS-OT facilities and the principal technologies used for cyber secured ICS-OT systems
  • Learn about how to select effective methods and specific network defense architectures and techniques matching specific industrial vertical;
  • Learn about hardening of ICS computers and controllers using end-point protection, securing memorable data or updating systems;
  • Understanding principles of Business continuity planning (BCP), Disaster recovery Preparedness (DRP) and Incident-response (IR) for industrial environments
  • Understanding principles of the ISA/IEC 62443 international standards for protecting industrial, utility and manufacturing operations.
  • Learn about how IR process can be conducted in an industrial facility through coordinated collaboration among on-site teams.

About the instructor

instructor avatar
Cyber Defense Trainer at Secure Communications and Control Experts
Daniel Ehrenreich, B.Sc. Engineering, MBA, CISSP, ISO27001 Lead Auditor, SCCE- Secure Communications and Control Experts. Daniel brings over 29 years of experience with SCADA & ICS, deployed for electric power, water, sewage, oil, and gas. Since 2010 he has combined his engineering activity with cybersecurity and has consulted and delivered training sessions in Israel and across the world. Previously he held senior positions with leading firms in Israel such as Waterfall Security, Siemens, and Motorola Solutions dealing with cyber defense for industrial operations.

Course Curriculum

Session 1: Introduction to ICS Technology

  • Introduction ICS (SCADA, OT) system architecture
  • Introduction on the main ICS-OT applications & verticals
  • Field Control units PLC, RTU, IED and Remote I/Os
  • Designing SCADA, ICS, DCS operations in plants
  • Conducting maintenance and upgrades for ICS Operations

Session 2: Introduction to ICS Defense

  • System design matching operating Safety and Reliability
  • Introduction to typical ICS Security Vulnerabilities
  • ICS and IT systems differences related to cyber risks
  • Correct use of defense mechanism: Firewalls, DMZ in ICS
  • External & Internal attacks: MitM, DOS, DDoS, GPS

Session 3: Introduction to ICS Defense

  • Principles of Encryption and Authentication for ICS
  • Secure operation at each level of the Purdue model
  • Industrial Cyber Kill Chain attack process
  • Introduction to the MITTRE ATT&CK process
  • Operation Safety and Cyber Security considerations

Session 4: Cyber-attacks and Defense solutions

  • Attack paths ICS Communications and Process risks
  • Cyber defense with: IDS, DMZ, UGW, Sensor inspection
  • Coordinated operation with SIEM, SOAR, SOC
  • Step by step attack on industrial plants
  • Cyber security assessment for industrial plants

Session 5: Cyber-attacks and Defense solutions

  • Best practices to enhance ICS-IIoT cyber security
  • Principles of Secure development for industrial systems
  • Conducting Secure Maintenance for ICS Cyber defense
  • Cyber-attacks on ICS operations in past decade
  • Introduction to ISA 62443 standard principles

Session 6: Cyber-attacks and Defense solutions

  • Known unsolved vulnerabilities risking ICS facilities
  • Protecting the plant according to RDC-CIA, SRP Triads
  • Basic principles of Forensics for ICS
  • Principal Introduction to BCP, DRP and IR
  • Introduction of an IR Table-top exercise

Session 7: Cyber-attacks and Defense solutions

  • Managing Cyber secured Industrial operation
  • IT and ICS Cyber security solutions – What next?
  • 1-1/2 hour exam on the presented topics
  • Repeating of topics raised by students
  • Summary Q&A
$1999

Material Includes

  • Online (siberxchange.ca)
  • 21 Academic Hours Conducted in Seven 3 Hour Sessions
  • Certificate Upon Successful Completion

Requirements

  • The content will be customized for the participating audience and taking into consideration their knowledge and background. Slides will be provided.
  • Apply for formal internationally recognized certification classes such as CISO, GIAC, CISSP and others as applicable for their own business activity or activities, and the needs of their organization.
  • Management Certificate upon successful completion.

Audience

  • People intend to oversee IT and need to know more on ICS risks and defense to assure better collaboration among these teams.
  • People intend to be ICS engineers involved with design, maintenance of industrial plants and manufacturing processes
  • People intend to be operators dealing with control of renewable plants, water and sewage plants, desalination and other chemical process plants
  • For a broad range of managers interested upgrading their technical knowledge to make correct and cost-effective investment decisions