Course Overview

Industrial Automation Control System (IACS) Cybersecurity Design & Implementation (IC34) focuses on the design and implementation phase of the ISA/IEC 62443 cybersecurity lifecycle. This course builds on the results of cybersecurity risk assessments and Cybersecurity Requirements Specifications (CRS) to design, implement, and validate cybersecurity countermeasures that achieve target security levels for each zone and conduit.

Participants learn how to translate cybersecurity requirements into practical system designs, select appropriate technologies, and perform acceptance testing to ensure systems meet security objectives.

Course Details

Course #: IC34

Dates: September 23–25

Length: 3 days

Hours: 8:00 a.m. – 4:00 p.m.

CEUs: 2.1

Location: Microsoft, Houston TX

Certificate: Certificate of completion provided

Exam: One exam included with registration

Certificate Program

IC34 is the third course in the ISA/IEC 62443 Cybersecurity Certificate Program.

Successful completion of the course and exam earns the ISA/IEC 62443 Cybersecurity Design Specialist certificate.

Required Prerequisites

Successful completion of IC32 – Using the ISA/IEC 62443 Standards to Secure Your Control Systems

Passing the ISA/IEC 62443 Cybersecurity Fundamentals Specialist exam

Recommended: IC33 – Assessing the Cybersecurity of New or Existing IACS Systems

Who Should Take IC34

– Control systems engineers and managers

– System integrators- IT engineers and managers in industrial facilities

– Plant managers

– Plant safety and risk management personnel

Learning Objectives

– Interpret cybersecurity risk assessment results

– Develop a Cybersecurity Requirements Specification (CRS)

– Develop conceptual and detailed cybersecurity designs

– Explain the Security Development Lifecycle (SDL)

– Design secure remote access solutions

– Perform basic firewall configuration and commissioning

– Develop system hardening specifications

– Implement basic intrusion detection systems (IDS)

– Develop cybersecurity acceptance test plans (CFAT/CSAT)

– Validate achieved security levels using ISA/IEC 62443

Topics Covered

– IACS cybersecurity lifecycle overview

– Assessment, implementation, and maintenance phases

– Interpreting risk assessment results

– Cybersecurity requirements specifications

– Conceptual and detailed design processes

– Firewall, remote access, and intrusion detection design

– System hardening and secure architecture

– Cybersecurity Factory Acceptance Testing (CFAT)

– Cybersecurity Site Acceptance Testing (CSAT)

– Using ISA/IEC 62443-3-3 to validate security levels

Hands-On Activities & Exercises

– Firewall configuration and commissioning

– Remote access design exercises

– Intrusion detection implementation

– Network device hardening

– Developing and executing CFAT/CSAT

– Validating achieved security levels (SL-A)

Recommended Resources – Standards

ISA-62443-1-1-2007 – Terminology, Concepts, and Models

ISA-62443-2-1-2009 – Establishing an IACS Security Program

ANSI/ISA-62443-3-2-2020 – Security Risk Assessment for System Design

ANSI/ISA-62443-3-3-2013 – System Security Requirements and Security LevelsRecommended Resources – Books

Industrial Automation and Control System Security Principles, Second Edition by Ronald L. Krutz, PhD, PE

Recommended Additional Preparation

Strong understanding of cybersecurity fundamentals, risk assessment methods, and prior experience with

industrial automation systems will help participants succeed in this advanced course.