
Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security solutions appropriatefor traditional IT environments and those appropriate for SCADA or plant floor environments.
With the move to using open standards, such as Ethernet, Transmission Control Protocol/Internet Protocol (TCP/IP), and web technologies, in supervisory control and data acquisition (SCADA) and process control networks (PCN), systems are being exposed to the same cyberattacks facing corporate information systems, protecting control systems is more important than ever.

Who Should Attend IC32?
- Control systems engineers and managers
- System integrators
- IT engineers and managers in industrial facilities
- Plant managers
- Plant safety and risk management personnel
View Offerings by Format
Classroom (IC32)Length: 2 days |
Virtual Classroom (IC32V)Length: 2 days |
Instructor-Guided Online (IC32E)Length: 8 weeks |
Self-Paced Modular (IC32M)Length: 12 Modules, (25-65 minutes each) |
Visit our course formats page for a detailed description of each format.
Note: A one-day overview version of this course is available as part of a custom training solution. Contact ISA Customer Service at info@isa.org or by calling +1 919-549-8411.
Learning Objectives
- Describe the importance of security control systems.
- Describe the structure and content of the ISA/IEC 62443 series of documents.
- Explain the importance of awareness as an effective countermeasure.
- Define the principles behind creating an effective long-term security program.
- Discuss the basics of risk analysis, industrial networking and network security.
- Discuss the concepts that form the basis for the ISA/IEC 62443 standards (defense-in-depth and zones and conduits).
- Describe how to apply key risk mitigation techniques such as anti-virus, patch management and firewalls.
- Explain how secure software development strategies make systems inherently more secure.
- Describe how to validate or verify the security of systems.
- Describe how security profiles for ISA/IEC 62443 can be utilized.
Topics Covered
- Introduction to control systems security
- Cybersecurity awareness
- ISA/IEC 62443 series of standards
- ISA/IEC 62443 models and security levels
- IACS cybersecurity lifecycle
- Security program requirements for IACS asset owners
- Evolving security standards, practices and regulations
- Network security basics
- Industrial protocols
- Introduction to patch management in the IACS environment
- Introduction to security risk assessment for system design
- Security program requirements for IACS service providers
- Developing secure products and systems
- Security profiles for ISA/IEC 62443
- IACS security protection scheme
Exercise
Packet Capture (PCAP) Live Capture Analysis
Note: this hands-on exercise is only available for the in-person classroom-format. The exercise will be presented as a demonstration for all online course formats.
Recommended Resources
Standards
- ISA-62443-1-1-2007, Security for Industrial Automation and Control Systems – Part 1-1: Terminology, Concepts and Models
- ISA-62443-2-1 (99.02.01)-2009, Security for Industrial Automation and Control Systems – Part 2-1: Establishing an Industrial Automation and Control Systems Security Program
- ANSI/ISA-62443-3‑2-2020, Security for Industrial Automation and Control Systems – Part 3‑2: Security Risk Assessment for System Design
- ANSI/ISA-62443-3-3 (99.03.03)-2013, Security for Industrial Automation and Control Systems – Part 3-3: System Security Requirements and Security Levels
Books
Recommended Prerequisites
There are no required prerequisites for taking this course; however, it is highly recommended that applicants meet one of the three recommended requirements to be successful in this course.- A minimum of one to three years of experience in the cybersecurity field and some experience in an industrial setting
- Successful completion of ISA courses:
- Knowledge and/or experience equivalent to that of the previous bullets is strongly recommended