Acerca de

The ICS CYBERSECURITY PRACTITIONER TRAINING COURSE is specifically tailored for cybersecurity professionals who play a critical role in safeguarding and maintaining security in an OT plant. These professionals may include CISOs, security operations personnel, threat hunters, or incident responders who are directly tasked with detecting and thwarting cyber-attacks. Additionally, in the event of a cyber-attack, they are responsible for initiating recovery measures and responding effectively to the incident.

In this module, we will examine the approach of a cyber hacker who possesses the knowledge to target the ICS network.

In the 2-4-OT CYBER SECURITY TECHNICAL AND INCIDENT RESPONSE COURSE, we offer a comprehensive insight into the workings of hacks within the ICS environment, covering different attack vectors and proactive countermeasures. The MITRE Stage is therefore important as to how hacker will  conduct reconnaissance on the system, gaining insights into its assets and exploring potential vulnerabilities. Unfortunately, certain information about a specific plant might be publicly available through OSINT (Open Source Intelligence) from vendors or even the company itself).

This knowledge allows us to comprehend the thought processes employed by hackers and the real-world scenarios of attacks witnessed in the media. By understanding these aspects, trainees can effectively safeguard their OT infrastructure and mount a strong defence against potential threats.

The exploration of weaknesses and vulnerabilities empowers the trainees to enhance their organization's security controls, mitigating the risk of malicious attacks and promoting a safer environment for their operations.

COURSE DURATION:

• 3 days of Instructor-led training

WHAT WILL BE COVERED IN THE COURSE:

In this course, we will examine how to conduct an assessment of Security Risks in System Design (Utilizing Zones and Conduits):

• Defining the System Under Consideration (SUC) for an industrial automation and control system, along with its interconnected networks

• Dividing the SUC into separate zones and conduits

• Evaluating risk factors for each zone and conduit and determining the desired technical security level for each

• Recording the essential security requisites necessary for the formulation, implementation, operation, and upkeep of efficient technical security measures

The course will look into IEC 62443-3-1 which offers a contemporary evaluation of diverse cybersecurity tools, countermeasures for mitigation, and technologies potentially suitable for modern electronically operated Industrial Automation and Control Systems (IACSs), which oversee and supervise various industries and critical infrastructures. The document delineates distinct categories of cybersecurity technologies centered around control systems, highlights the varieties of products falling under these categories, weighs the advantages and disadvantages of their application in automated IACS settings, considering anticipated threats and known cyber vulnerabilities. Furthermore, it furnishes preliminary recommendations and guidance concerning the effective utilization of these cybersecurity technology products and countermeasures.

We will look into Incident response methodology and frameworks whichinvolves managing the aftermath of a data breach or cyberattack, encompassing an organization's efforts to mitigate the repercussions of such an event. The primary objective is to adeptly handle incidents in order to minimize harm to systems and data, curtail recovery time and expenses, and uphold the integrity of the brand's image.

To navigate such situations effectively, organizations must establish a well-defined incident response strategy. This strategy must outline the criteria for identifying a security incident and provide a straightforward framework for teams to adhere to when responding to an incident.

Furthermore, it is imperative for organizations to appoint a responsible team member or leader to oversee the overarching incident response endeavor and oversee the implementation of the devised plan. Within larger organizations, this team is commonly referred to as the Computer Security Incident Response Team (CSIRT).

Some of the technical work includes:

• Discerning Industrial Control System (ICS) assets along with their network configurations, and vigilantly observing ICS focal points for irregularities and potential risks.

• Evaluating ICS vulnerabilities and extracting vital data to swiftly gauge the surroundings and understand the essence of the peril.

• Incidents targeting Purdue levels 0 and 1

• Incidents targeting Purdue levels 2 and 3

• Examination of the Modbus protocol

A small aspect of Crisis Communication will also be covered in the course, which includes:

• What should be in the crisis communication policy

• Initial Crisis Responsibility

• How various organizations respond to crises

• Application of crisis communication

• Preparing Press statement

• Type of Questions

• Do’s and Don’ts When Dealing with Media during Crisis