TECHNOLOGY FOCUS

Today, the cybersecurity of industrial systems and critical infrastructures is of vital importance. An increasing number of such systems are using devices and channels that interact with the outside world. Sometimes they use equipment that was never intended for external access, not to mention software that was created decades ago and has not been upgraded since! This is a very serious issue because not only is the continuity of the production process at stake; the environment and even human lives can be at risk.

A solution which is capable of ensuring the cybersecurity of the technology cycle at all levels of automated process control is vital. Actively cooperating with manufacturers of automation systems in order to develop equipment that takes new cybersecurity standards and requirements into consideration is also of great importance.

CyberSecurity
CyberSecurity

COURSE CONTENT

This course uses the format of lecturers and demos, and also include interactive methods such as hands-on exercises. Participants will:

  • Receive an overview of the current threat landscape, security issues, human factors, ICS network attacks
  • Learn about network security in IT and ICS environments
  • Learn about network differences between IT and OT and how to bridge the gaps
  • See demos and case studies demonstrating the use of prevention, detection and mitigation techniques
  • Learn about industrial standards, legislation, and security measures
  • Get a deeper understanding of network topologies and how network security technologies work
  • Get an overview of cybersecurity roles and team structures, as well as common security mistakes
  • Gain skills to recognize cyberattacks, analyze ICS network traffic, recognize different protocols, how to use various tools for incident handling, and how to configure network protection

COURSE OBJECTIVES

  • Acquiring basic knowledge and concepts of IT, OT, and IS in the case of a mixed audience
  • Formulating the problem of ICS cyber security threats
  • Formulating the problem of insufficient attention being given to ICE cyber security threats
  • Understanding the ICS cyber security threat landscape
  • Understanding legal and regulatory positions on ICS cyber security
  • Narrowing differences between IT, OT, and IS
  • Gaining basic practical skills in improving ICS cyber security level
  • Providing recommendations on managing ICS cyber security

WHO SHOULD ATTEND

These interactive training modules, case studies and cyber safety games are designed for all employees who interact with industrial computerized systems on the industrial floor, control room or in the back office - and for their managers. Participants should have a basic understanding of technology, networks, and security.

Both days are recommended for:

  • IT and OT professionals
  • IT and OT security professionals

Day 1 is recommended also for managers.

CyberSecurity

We start with an interactive introduction, followed by explanations of the course objectives. The course will:

  • Increase awareness about current cybersecurity issues in industrial control systems and their possible impact on ICS functioning with references to recent incidents
  • Explain the main types of ICS vulnerabilities
  • Show key differences between typical ICS and pure IT networks from the security point of view in order to substantiate further recommendations
  • Explain possible attacks on SCADA systems and show details of real SCADA cybersecurity incidents
  • Give understanding of the network architecture of the ICS with regards to topology, components, and protocols
  • Show the principles of networks protection
  • Give recommendations on the implementation of Defense in Depth
  • Show how the Internet of Things advances may impact the ICS security
  • Explain common practice in the labs to protect ICS infrastructure

DAY 1

Block 1

  • Threats identification - presentation and discussion, identifying gaps
  • Trustworthiness aspects - the nature of incidents, security and safety, risk assessment
  • Vulnerabilities - practical examples
  • The human factor - cybersecurity roles and responsibilities, team structures and common mistakes

Block 2

  • Network basics - architecture
  • IT/OT topology - typical components/technologies/communication protocols + demo
  • Attacker profiles for IT and OT - motivation of the attackers, case studies
  • The Shodan exercise
  • Lessons learned

DAY 2

Block 3

  • Security Policies - Industrial standards and legislation Industrial standards and legislation
  • Countermeasures I - hands-on
  • Example - discussion of an incident
  • Defense in depth
  • Countermeasures II - list of countermeasures: DMZ, segmentation, monitoring, firewall, malware detection
  • Backups
  • Typical mistakes
  • Hands-on: configuration of firewall

Block 4

  • Recognizing and handling incidents
  • Social Engineering
  • Phishing Malware infection, ransomware
  • Hands-on: Social Engineering recognition, how to handle it and point to a typical incident response plan

Block 5

  • Vulnerability assessment and Patch Management
  • Recognize vulnerability with
  • CVE database CVSS v2/v3 - how to analyze
  • Lessons learned
  • Summarizing and next steps