Course Overview

Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. The course explores the procedural and technical differences between traditional IT security and security solutions appropriate for SCADA and plant floor environments.

With the increased use of open standards such as Ethernet, TCP/IP, and web technologies in industrial automation and control systems, cybersecurity risks have expanded. This course addresses how to protect control systems against modern cyber threats.

Course Details

Course #: IC32

Dates: September 14–15

Length: 2 days (14 hours)

Hours: 8:00 a.m. – 4:00 p.m.

CEUs: 1.4

Location: Microsoft, Houston TX

Certificate: Certificate of completion provided

Exam: One exam included with registration

Certificate Program

IC32 is a preparatory course for the ISA/IEC 62443 Cybersecurity Certificate Program.

Who Should Take IC32

– Control systems engineers and managers

– System integrators

– IT engineers and managers at industrial facilities

– Plant managers

– Plant safety and risk management professionals

Learning Objectives

– Describe the importance of securing control systems- Describe the structure and content of the ISA/IEC 62443 standards

– Explain cybersecurity awareness as an effective countermeasure

– Define principles of an effective long-term cybersecurity program

– Discuss basics of risk analysis, industrial networking, and network security

– Explain defense-in-depth and zones & conduits concepts

– Apply risk mitigation techniques such as antivirus, patching, and firewalls

– Explain secure software development strategies

– Validate and verify system security

– Utilize ISA/IEC 62443 security profiles

Topics Covered

– Introduction to control systems security

– Cybersecurity awareness

– ISA/IEC 62443 standards overview

– Models and security levels

– IACS cybersecurity lifecycle

– Security program requirements for asset owners and service providers

– Network security basics and industrial protocols

– Patch management

– Risk assessment for system design

– Secure product and system development

– Security profiles and protection schemes

Exercises

– PCAP live capture analysis

Recommended Resources – Standards

ISA-62443-1-1-2007 – Terminology, Concepts, and Models

ISA-62443-2-1-2009 – Establishing an IACS Security Program

ANSI/ISA-62443-3-2-2020 – Security Risk Assessment for System Design

ANSI/ISA-62443-3-3-2013 – System Security Requirements and Security Levels

Recommended Resources – Books

Industrial Automation and Control System Security Principles, Second Edition by Ronald L. Krutz, PhD, PE

Recommended Prerequisites

No formal prerequisites are required. However, 1–3 years of cybersecurity experience and familiarity with industrial environments are strongly recommended.

ISA courses TS07 and TS12 or equivalent experience are beneficial.

Instructor Note: Students with limited cybersecurity fundamentals may find the pace challenging.