With the move to using open standards, such as Ethernet, Transmission Control Protocol/Internet Protocol (TCP/IP), and web technologies, in supervisory control and data acquisition (SCADA) and process control networks (PCN), systems are being exposed to the same cyberattacks facing corporate information systems. This course provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.
Who Should Attend IC32?
- Control systems engineers and managers
- System integrators
- IT engineers and managers in industrial facilities
- Plant managers
- Plant safety and risk management personnel
View Offerings by Format
Classroom (IC32)Length: 2 days |
Virtual Classroom (IC32V)Length: 2 days |
|
Instructor-Guided Online (IC32E)Length: 8 weeks |
Self-Paced, Modular (IC32M)Length: 12 Modules, (25-65 minutes each) |
Learning Objectives
This course includes a broad list of learning objectives you will be able to achieve upon completing this course.
- Discuss the principles behind creating an effective long-term program security
- Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
- Define the basics of risk and vulnerability analysis methodologies
- Describe the principles of security policy development
- Explain the concepts of defense in depth and zone/conduit models of security
- Analyze the current trends in industrial security incidents and methods hackers use to attack a system
- Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks
- Describe how secure software development strategies can make systems inherently more secure
- Explain how systems security is verified
Topics Covered
- Understanding the current industrial security environment
- Establishing an industrial automation and control systems security program
- Regulations & standards, ISA/IEC 62443 series and ISA99 committee
- Networking basics
- Network security basics
- Industrial protocols
- Introduction to patch management in the IACS environment
- Security risk assessment and system design introduction
- Security program requirements for IACS service providers and developing secure products
Exercise
- Packet Capture (PCAP) Live Capture Analysis (Note: this hands-on exercise is only available for the in-person classroom-format. The exercise will be presented as a demonstration for all online course formats.)
Resources Included
Standards
- ISA-62443-1-1 (99.01.01)-2007, Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
- ISA-62443-2-1 (99.02.01)-2009, Security for Industrial Automation and Control Systems Part 2-1: Establishing an Industrial Automation and Control Systems Security Program
- ANSI/ISA-62443-3-3, Security for industrial automation and control systems: System security requirements and security levels
Book
- Industrial Automation and Control System Security Principles, Second Edition, by Ronald L. Krutz, PhD, PE (Note: this book is included with courses IC32M and IC32E only. It is recommended reading for courses IC32 and IC32V)
Recommended Reading
Recommended Prerequisites
- There are no required prerequisites for taking this course; however, it is highly recommended that applicants have at least one to three years of experience in the cybersecurity field and some experience in an industrial setting
- ISA courses IT and OT Survival Basics for I&C Personnel (TS06), and IT and OT Advanced Skills for I&C Personnel (TS12), or equivalent knowledge/experience are strongly recommended