Acerca de
COURSE 1-1 : FUNDAMENTAL ICS CYBERSECURITY COMPLIANCE COURSE
COURSE DESCRIPTION:
ICS CYBERSECURITY FOUNDATION TRAINING COURSE has been specifically developed to empower industrial personnel with the most essential IT and OT security principles. Completing this series allows the trainee to be cyber aware in their daily job, knowing their risk on the job.
In this course FUNDAMENTAL ICS CYBERSECURITY COMPLIANCE COURSE, we introduce the trainee the basic understanding of IEC 62443 and established some principles of understanding basic cyber security fundamentals. All engineers should have basic understanding of IEC 62443 and their expectations of how to fulfil them through a series of security program rolled out in the organisation. In addition, they should be aware of the security risk and concerns such as the common attack vector such as phishing and supply chain attack.
In the process of assessing the most significant risks and requirements within critical infrastructure sectors, fundamental security principles essential was thoroughly considered for various tasks related to daily support of control systems.
COURSE DURATION:
3 days of Instructor-led training
WHAT WILL BE COVERED IN THE COURSE:
The ISA and the International Electrotechnical Commission (IEC) have collaborated to establish a set of standards known as the ISA/IEC 62443 series. This comprehensive course delves into the fundamental principles of these standards. These standards play a crucial role in the automation of industrial production processes, widely utilized in sectors such as power, water, oil, and natural gas. The ISA/IEC 62443 standards offer guidelines for optimal practices in industrial network security, with new technical specifications being evaluated every three years for potential adoption as new standards. The core concepts will be introduced across various categories, including general, policies and procedures, system requirements, and component requirements.
The course will extensively explore IEC 62443 - 1-4 - IACS Security Lifecycle and Use Case, encompassing the Product Security Lifecycle and the Automation Solution Lifecycle.
The Product Security Lifecycle delineates security prerequisites for both technical and organizational security measures involved in the design, development, and support of IACS System and Component products. This includes elements like threat modeling, defense-in-depth strategies, secure coding standards, security verification and validation testing, and security update management. Technical security measures based on Security Levels allow Product Suppliers to deliver IACS Systems and Components that meet specified security requirements, contingent on the Asset Owner maintaining associated organizational security measures.
The Automation Solution Lifecycle comprises Specification, Design, Implementation, Verification and Validation, Operation, Maintenance, and Decommissioning.
The course also delves into IEC 62443 - 2-1 - Security Program requirements for IACS service providers, such as System Integrators or Maintenance Providers.
Furthermore, the course covers essential technical knowledge in Operational Technology (OT), which is vital for all OT engineers to gain a deeper understanding of their environment. This includes an introduction to OT environment components, Cyber Physical System (CPS) terminology, potential Cyber Risks within the OT environment, and the Purdue industrial control system (ICS) security model. The Purdue ICS security model follows a segmented approach to safeguarding physical processes, supervisory controls, operations, sensors, and logistics. Despite the emergence of edge computing and direct-to-cloud connectivity, the ICS network segmentation model remains a pivotal framework for protecting operational technology (OT) from threats like malware.
The course systematically presents an overview of ICS architecture and the intercommunication of its components. Essential technical cybersecurity fundamentals are also covered, encompassing:
Distinctions between IT and OT security aspects
OSI 7 Layers
In-depth understanding of ICS Environment Components like HMIs, Historians, and SCADA
Key security measures such as Policy and Procedure, Architecture and Design, Configuration and Maintenance, Physical Security, Software Development and Design, and Communication and Network Security.
ICS CYBERSECURITY FOUNDATION TRAINING COURSE:
1-1 FUNDAMENTAL ICS CYBERSECURITY COMPLIANCE COURSE
WHO SHOULD ATTEND:
The course is specifically tailored for various roles within the ICS environment, including:
Operations personnel Project and production managers
Product development personnel
Technical specialists
Cyber Security Specialist working in Plant
Plant personnel requiring to maintain the plant and understand basic cyber security