top of page

Acerca de

Image by Shamin Haky

COURSE 2-3 : OT CYBER SECURITY TECHNICAL AND PRACTITIONER COURSE

COURSE DESCRIPTION:

The ICS CYBERSECURITY PRACTITIONER TRAINING COURSE is specifically tailored for cybersecurity professionals who play a critical role in safeguarding and maintaining security in an OT plant. These professionals may include CISOs, security operations personnel, threat hunters, or incident responders who are directly tasked with detecting and thwarting cyber-attacks. Additionally, in the event of a cyber-attack, they are responsible for initiating recovery measures and responding effectively to the incident.


The OT environment was initially designed to provide resources to users, such as Electricity and Water. Unlike IT, security was not inherently integrated into the OT system. The primary focus of OT is on speed and synchronization. When there are vulnerabilities in a system, they can be patched to address the security issues. However, when vulnerabilities exist in protocols, patching is not as straightforward, as it may impact transmission speed and compatibility, raising concerns. In the ICS environment, incompatibility can have severe consequences, including harm to human lives.


The 2-3 OT CYBER SECURITY TECHNICAL AND PRACTITIONER COURSE will therefore build the understanding of these practitioner to understand the insights of how the OT component works. To effectively attack or defend an ICS system, it is crucial to understand the nature of communication within the network and the appearance of connections. Trainees will be expected to examine the packet level of commonly used protocols in the ICS environment, identify which processes utilize these protocols, and assess potential vulnerabilities that may not be easily remedied.

Access to the laboratory will allow trainees to perform packet analysis and study the communication between SCADA systems and other components of the OT environment, enabling them to comprehend how attacks can be executed.


COURSE DURATION:

  • 3 days of Instructor-led training


WHAT WILL BE COVERED IN THE COURSE:

Section IEC 62443-4-1 outlines the requirements for the product security development life cycle, delineating the procedures necessary for the secure creation of products utilized in industrial automation and control systems. It establishes a secure development life cycle (SDL) framework aimed at crafting and maintaining secure products. This cycle encompasses defining security requirements, secure design, secure implementation (including coding guidelines), validation and verification, defect handling, patch management, and product end-of-life considerations. These stipulations are applicable to both new and existing processes for developing, sustaining, and retiring hardware, software, or firmware associated with products. However, these requirements pertain to the product developer and maintainer, excluding the integrator or user of said product.


We will also delve into IEC 62443 - 3-2, which concerns Security Risk Assessment for System Design. This standard establishes criteria for:

  • Formulating a system under consideration (SUC) for an industrial automation and control system (IACS)

  • Dividing the SUC into zones and conduits

  • Evaluating risk for each zone and conduit

  • Establishing the target security level (SL-T) for each zone and conduit

  • Documenting the corresponding security requirements


Additionally, the course will encompass IEC 62443 - 3-3 - System security requirements and security levels components. This standard presents comprehensive technical control system requisites (SRs) linked with the seven foundational requirements (FRs) as outlined in IEC 62443‑1‑1. It also defines the criteria for control system capability security levels (SL-C) and is utilized by various stakeholders within the industrial automation and control system (IACS) community. These requirements, in conjunction with the defined zones and conduits for the system under consideration (SuC), aid in formulating the appropriate control system target security level (SL-T) for a specific asset.


Lastly, the course will provide an in-depth exploration of IEC 62443-2-5-Implementation guidance for IACS asset owners' systems. This standard furnishes guidance on the essential elements required for the effective operation of an IACS cybersecurity management system. The intended audience comprises end users and asset owners responsible for overseeing such programs.


For Technical aspect, We will discuss ICS Hacking Campaigns and present instances of various attacks on OT plants around the world. We will analyzethe methods employed to target Critical Infrastructure, detailing the motives, threat actors, and resulting damages in different regions. Furthermore, we will provide training on the distinct phases of the attackers' approach and how they navigate into the OT environment.


A comprehensive examination of the attacker's stages will be conducted, utilizing the Purdue Model to explore different zones:


Enterprise Zone: Levels 4 and 5: This encompasses the IT network, involving components such as storage, databases, and servers utilized for manufacturing operations. Here, enterprise resource planning (ERP) systems manage tasks like inventory control, shipping, production schedules, and material usage. Disruptions at this level can lead to prolonged downtime, causing economic damage, infrastructure breakdowns, and critical resource loss.


Demilitarized Zone (DMZ): Level 3.5: This zone houses security mechanisms like proxies and firewalls, safeguarding both IT and OT environments. Given the increasing automation and the need for bidirectional data flow between IT and OT systems, new cybersecurity vulnerabilities can emerge. The convergence layer, however, can help mitigate these risks and enhance organizational efficiency.


Manufacturing Operations Systems Zone: Level 3: This area contains OT devices managing workflows on the shop floor. Manufacturing operations management (MOM) systems offer a platform for overseeing production operations, while manufacturing execution systems gather real-time data, which is subsequently used for production optimization.


Control Systems Zone: Level 2: Systems controlling physical processes and monitoring their status are situated here. Supervisory control and data acquisition (SCADA) software oversee physical processes, collecting data for historians or other users. Distributed control systems (DCS) on this level perform SCADA functions locally, offering cost-effective options. Human-machine interfaces are directly linked to DCSs and PLCs, allowing primary equipment control and monitoring.


Intelligent Devices Zone: Level 1: Instruments in this zone transmit instructions to Level 0 devices. Programmable logic controllers (PLCs) monitor automated or human inputs in industrial processes and adjust outputs. Remote terminal units (RTUs) bridge hardware in Level 0 with systems in Level 2, facilitating data transfer between levels.


Physical Process Zone: Level 0: This level encompasses sensors, actuators, and machinery that continuously monitor the assembly line's condition, making real-time adjustments. Modern sensors often utilize cellular networks to directly communicate with cloud-based monitoring software.

Throughout the course, we will delve into each zone's intricacies to enhance understanding and preparedness against potential threats.


The course will also provide practical exposure and technical insights into various areas, including:

  • PLC Programming

  • Creating a Secure Distributed Control System (DCS) Design

  • Understanding Vulnerabilities and Characteristics of Embedded Devices, Particularly Password Weaknesses

  • Exploring Fieldbus Protocols through Investigation

  • Recognizing Remote Access Points

  • Gaining Proficiency in Utilizing Wireshark to Analyze Authentic Packet Captures within an ICS Environment

  • Identifying ICS Assets and Their Network Structures, while Monitoring ICS Hotspots for Anomalies and Potential Threats

  • Evaluating ICS Threats and Extracting Vital Information for Swift Environmental Assessment and Threat Understanding

ICS CYBERSECURITY PRACTITIONER TRAINING COURSE:
WHO SHOULD ATTEND:

The course is specifically tailored for various roles within the ICS environment, including:

  • Cyber Security Compliance Officer

  • CISO managing OT Cyber Security

  • Service Providers for OT Cyber Security Services such as IR (Incident Response), SOC (Security Operations), Security Auditors or Implementing Security Solutions or Practices

bottom of page