Events for September 21, 2021

Home/Events/
Loading Events

Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32)

September 13, 2021 - November 14, 2021

 

Length : 2 Days

CEU Credits : 1.4

Course Hours : 8:00 a.m.-4:00 p.m

Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.

Certificate Program: Part of the ISA/IEC 62443 Cybersecurity Certificate Program

Your course registration includes your registration for the exam.

Description:

The move to using open standards such as Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has begun to expose these systems to the same cyberattacks that have wreaked so much havoc on corporate information systems. This course provides a detailed look at how the ANSI/ISA99 standards can be used to protect your critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

You will be able to:

  • Discuss the principles behind creating an effective long term program security
  • Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
  • Define the basics of risk and vulnerability analysis methodologies
  • Describe the principles of security policy development
  • Explain the concepts of defense in depth and zone/conduit models of security
  • Analyze the current trends in industrial security incidents and methods hackers use to attack a system
  • Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks

You will cover:

  • Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
  • How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
  • Creating A Security Program:  Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • Risk Analysis:  Business Rationale | Risk Identification, Classification, and Assessment
  • Addressing Risk with Security Policy, Organization, and Awareness: Cyber Security Management System Scope | Organizational Security | Staff Training and Security Awareness
  • Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
  • Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
  • Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS
  • Validating or Verifying the Security of Systems: What is being done? | Developing Secure Products and Systems

Classroom/Laboratory Demo:

  • PCAP Live Capture Analysis

Includes ISA Standards:

  • ANSI/ISA-62443-1-1 (ANSI/ISA-99.00.01-2007), Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
  • ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009), Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • ANSI/ISA-62443-3-3, Security for industrial automation and control systems: System security requirements and security levels

Recommended Pre-Requisites:

There are no required prerequisites for taking this course; however, it is highly recommended that applicants have at least one to three years of experience in the cybersecurity field with some experience in an industrial setting.

ISA Courses: TS06, TS12, or equivalent knowledge/experience would be beneficial.

Note from the Instructor: One of the challenges I have had in teaching IC32 is students attending without any or limited knowledge of TS04, TS06, TS12 or cybersecurity general principles. IC32 is a 14-hour boot camp style class and there is not a lot of time to teach basic comms and cybersecurity.

Recommended reading in preparation for course:

Cybersecurity Library

Which Security Level (SL) would have been required to prevent the attack?

Not sure this particular course is for you?

pre-instructional survey is available for you to evaluate your level of understanding of the course material and to show you the types of questions you’ll be able to answer after completing the course.

To Register : https://myisa.force.com/ISA/s/community-event?id=a1U1I00000CXP46UAH#/Course%20Description

Register

Organizer

Glen Wood

Phone

N/A

Email

glnwd15@gmail.com

Venue

Burns McDonnell,1898 & Co.

1700 West Loop South,

Houston , - 77027

United States. + Google Map

IACS Cybersecurity Design & Implementation (IC34) Houston

September 21, 2021 - September 23, 2021

 

Length : 3 Days

CEU Credits : 2.1

Course Hours :

Certificate Program: Part of the ISA/IEC 62443 Cybersecurity Certificate Program

Your course registration includes your registration for the exam.

Description:

The second phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) focuses on the activities associated with the design and implementation of IACS cybersecurity countermeasures. This involves the selection of appropriate countermeasures based upon their security level capability and the nature of the threats and vulnerabilities identified in the Assess phase. This phase also includes cybersecurity acceptance testing of the integrated solution, in order to validate countermeasures are properly implemented and that the IACS has achieved the target security level.

This course will provide students with the information and skills to select and implement cybersecurity countermeasures for a new or existing IACS in order to achieve the target security level assigned to each IACS zone or conduit. Additionally, students will learn how to develop and execute test plans to verify that the cybersecurity of an IACS solution has properly satisfied the objectives in the cybersecurity requirements specification.

You will be able to:

  • Interpret the results of an ICS cybersecurity risk assessment
  • Develop a cybersecurity requirements specification (CRS)
  • Develop a conceptual design based upon information in a well-crafted CRS
  • Explain the security development lifecycle process and deliverables
  • Perform a basic firewall configuration and commissioning
  • Design a secure remote access solution
  • Develop system hardening specification
  • Implement a basic network intrusion detection system
  • Develop a Cybersecurity Acceptance test plan (CFAT/CSAT)
  • Perform a basic CFAT or CSAT

You Will Cover:

  • Introduction to the ICS Cybersecurity Lifecycle
  • Assessment phase
  • Implementation phase
  • Maintenance phase
  • Conceptual Design Process
  • Interpreting risk assessment results
  • Cybersecurity requirements specifications
  • Developing a conceptual design
  • Conceptual design specification
  • Detailed Design Process
  • Security Development Lifecycle (SDL)
  • Types of technology
  • Selecting appropriate technology
  • Developing a detailed design
  • Documenting the design/specification
  • Design & Implementation Examples
  • Firewall design example
  • Remote access design example
  • System hardening design example
  • Intrusion detection design example
  • Testing
  • Developing test plans
  • Cybersecurity Factory Acceptance Testing
  • Cybersecurity Site Acceptance Testing

Classroom/Laboratory Exercises:

  • Develop a Physical & Cybersecurity Plan
  • Configure a Perimeter Firewall
  • Configure an ICS Firewall
  • Install and use SNORT!
  • Configure Windows Local Group Policy Objects
  • Install MS Security Compliance Manager (SCM)
  • Conduct ICS Device Hardening
  • Conduct Network Device Hardening
  • Use a Domain Controller
  • Configure a VPN Connection
  • Conduct Security Configuration Auditing
  • Conduct System Robustness Testing

Who Should Attend:

  • Control systems engineers and managers
  • System Integrators
  • IT engineers and managers industrial facilities
  • Plant managers
  • Plant Safety and Risk Management

Recommended Pre-Requisites:

ISA Courses IC32 and IC33 or equivalent knowledge/experience.

Recommended Reading:

Cybersecurity Library

To Register : https://myisa.force.com/ISA/s/community-event?id=a1U1I00000CXP4GUAX#/Course%20Description

Register

Organizer

Glen Wood

Phone

N/A

Email

glnwd15@gmail.com

Venue

Burns McDonnell,1898 & Co.

1700 West Loop South,

Houston , - 77027

United States. + Google Map

Go to Top