CyberSecurity, Information Governance, Legal Risk Management and Compliance with ISO Records Management Controls

Introduction

This training course will provide a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

The course will provide you with:      

• An understanding of industrial control system components, purposes, deployments, significant drivers, and constraints.
• Hands-on lab learning experiences to control system attack surfaces, methods, and tools
• Control system approaches to system and network defense architectures and techniques
• Incident-response skills in a control system environment
• Governance models and resources for industrial cybersecurity professionals.

Objectives

When examining the greatest risks and needs in critical infrastructure sectors, the course authors looked carefully at the core security principles necessary for the range of tasks involved in supporting control systems on a daily basis. While other courses are available for higher-level security practitioners who need to develop specific skills such as industrial control system penetration testing, vulnerability analysis, malware analysis, forensics, secure coding, and red team training, most of these courses do not focus on the people who operate, manage, design, implement, monitor, and integrate critical infrastructure production control systems.

With the dynamic nature of industrial control systems, many engineers do not fully understand the features and risks of many devices. In addition, IT support personnel who provide the communications paths and network defences do not always grasp the systems' operational drivers and constraints. This course is designed to help traditional IT personnel fully understand the design principles underlying control systems and how to support those systems in a manner that ensures availability and integrity. In parallel, the course addresses the need for control system engineers and operators to better understand the important role they play in cybersecurity. This starts by ensuring that a control system is designed and engineered with cybersecurity built into it, and that cybersecurity has the same level of focus as system reliability throughout the system lifecycle.

When these different groups of professionals complete this course, they will have developed an appreciation, understanding, and common language that will enable them to work together to secure their industrial control system environments. The course will help develop cyber-secure-aware engineering practices and real-time control system IT /OT support carried out by professionals who understand the physical effects of actions in the cyber world.

Training Methodology

This is an interactive course. There will be open question and answer sessions, regular group exercises and activities, videos, case studies, and presentations on best practice. Participants will have the opportunity to share with the facilitator and other participants on what works well and not so well for them, as well as work on issues from their own organizations. The online course is conducted online using MS-Teams/ClickMeeting.

Who Should Attend?

This Intensive five-day program covering the educational needs of Instrumentation and Control Engineers & Technicians, Communication Engineers, Operation Engineers, Process and Utility Supervisors, Technical Management, and Technical Supervisory personnel involved in Configuring, securing and Testing Smart Field Devices.

Course Outline

Day 1: ICS Overview

• Global Industrial Cybersecurity Professional (GICSP) Overview
• Overview of ICS
  • Processes & Roles
  • Industries
• Purdue Levels 0 and 1
• Controllers and Field Devices
• Programming Controllers
• Exercise: Programming a PLC
• HMIs, Historians, Alarm Servers
• Specialized Applications and Master Servers
• Differences in Location and Latency
• Exercise: Programming an HMI
• ICS Life Cycle Challenges
• Purdue Levels 2 and 3
• DCS and SCADA
• IT & ICS Differences

• Physical and Cyber Security
• Secure ICS Network Architectures
  • ICS410 Reference Model
  • Design Example
  • Exercise: Architecting a Secure DCS

 Day 2: Field Devices and Controllers

• ICS Attack Surface
  • Threat Actors and Reasons for Attack
  • Attack Surface and Inputs
  • Vulnerabilities
  • Threat/Attack Models
• Purdue Level 0 and 1
• Purdue Level 0 and 1 Attacks
• Control Things Platform
• Exercise: Finding Passwords in EEPROM Dumps
• Purdue Level 0 and 1 Technologies
• Purdue Level 0 and 1 Communications
• Fieldbus Protocol Families
• Exercise: Exploring Fieldbus Protocols
• Purdue Level 0 and 1 Defenses
• Ethernet Concepts
• TCP/IP Concepts
• Exercise: Network Capture Analysis
• ICS Protocols over TCP/IP
• Wireshark and ICS Protocols
• Attacks on Networks
• Exercise: Enumerating Modbus TCP
• Ethernet and TCP/IP

Day 3: Supervisory Systems

• Enforcement Zone Devices
  • Firewalls and NextGen Firewalls
  • Data Diodes and Unidirectional Gateways
• Understanding Basic Cryptography
• Crypto Keys
• Symmetric and Asymmetric Encryption
• Hashing and HMACs
• Digital Signatures
• Satellite and Cellular
• Mesh Networks and Microwave
• Bluetooth and Wi-Fi
• 3 Eternal Risks of Wireless
• Sniffing, DoS, Masquerading, Rogue AP
• Wireless Technologies
• Historians and Databases
• Exercise: Bypassing Auth with SQL Injection
• HMI and UI Attacks
• Web-based Attacks
• Password Defenses
• Exercise: Password Fuzzing
• Wireless Attacks and Defenses
• Exercise: Network Forensics of an Attack
• Purdue Level 2 and 3 Attacks

Day 4: Workstations and Servers

• Patching ICS Systems
  • Patch Decision Tree
  • Vendors, CERTS, and Security Bulletins
• Defending Microsoft Windows
• Windows Services
• Windows Security Policies and GPOs
• Exercise: Baselining with PowerShell
• Differences with Windows
• Daemons, SystemV, and SystemD
• Lynis and Bastille
• Antivirus and Whitelisting
• Application Sandboxing and Containers
• Exercise: Configuring Host-Based Firewalls
• Windows Event Logs and Audit Policies
• Syslog and Logrotate
• Exercise: Windows Event Logs
• Attacks on Remote Access
• Honeypots
• Exercise: Finding Remote Access
• Defending Unix and Linux
• Endpoint Security Software
• Event Logging and Analysis
• Remote Access Attacks

Day 5: ICS Security Governance

• Building an ICS Cyber Security Program
  • Starting the Process
  • Frameworks: ISA/IEC 62443, ISO/IEC 27001, NIST CSF
  • Using the NIST CSF
• Creating ICS Cyber Security Policy
• Policies, Standards, Guidance, and Procedures
• Culture and Enforcement
• Examples and Sources
• DR and BCP Programs
• Modification for Cyber Security Incidents
• Quantitative vs Qualitative
• Traditional Models
• Minimizing Subjectivity
• Six Step Process
• Disaster Recovery
• Other ICS Courses by us
• Netwars
• Measuring Cyber Security Risk
• Incident Response
• Exercise: Incident Response Tabletop Exercise
• Final Thoughts and Next Steps