Acerca de

ICS CYBERSECURITY FOUNDATION TRAINING COURSE has been specifically developed to empower industrial personnel with the most essential IT and OT security principles. Completing this series allows the trainee to be cyber aware in their daily job, knowing their risk on the job.

The main emphasis of this course, the FUNDAMENTAL ICS CYBERSECURITY TECHNICAL COURSE, is on the cybersecurity aspects of the fundamentals. It covers principles like understanding the basic architecture of an OT environment and implementing protective mechanisms such as security policies, procedures, and best practice guidelines. Additionally, trainees will learn about security technologies in OT, system security, including Patch management. The course will also include a straightforward Table Top Exercise to prepare trainees on how to respond to a cyber attack.

COURSE DURATION:

• 3 days of Instructor-led training

WHAT WILL BE COVERED IN THE COURSE:

The ISA and the International Electrotechnical Commission (IEC) have collaborated to establish a set of standards known as the ISA/IEC 62443 series. This comprehensive course delves into the fundamental principles of these standards. These standards play a crucial role in the automation of industrial production processes, widely utilized in sectors such as power, water, oil, and natural gas. The ISA/IEC 62443 standards offer guidelines for optimal practices in industrial network security, with new technical specifications being evaluated every three years for potential adoption as new standards.

In this training program, we will delve into IEC 62443 - 2-1 - Security Program requirements tailored for IACS service providers, including System Integrators and Maintenance Providers. We will also explore practical measures that asset owners can adopt to implement a robust security program.

Furthermore, the course will take an in-depth look at IEC 62443 - 3-1 - Security Technologies for IACS. This module will encompass the application of various security technologies within an ICS environment. This segment of IEC 62443 assesses a range of cybersecurity tools, mitigation measures, and technologies suitable for modern electronically-driven IACSs, which govern and oversee multiple industries and critical infrastructures. It outlines different categories of cybersecurity technologies centered around control systems, delves into the types of products available within these categories, discusses the advantages and disadvantages of utilizing these products within automated IACS environments, in relation to potential threats and recognized cyber vulnerabilities. Most importantly, it offers preliminary recommendations and guidance on the utilization of these cybersecurity technologies and countermeasures.

The course will also address IEC 62443 - 2-3 Patch Management in IACS. This section offers guidance on effectively managing patches within an IACS environment. Patch management forms a vital part of a comprehensive cybersecurity strategy, enhancing cybersecurity by implementing patches, which include software updates, upgrades, firmware enhancements, service packs, hotfixes, BIOS updates, and other digital program updates designed to address bugs, functionality, reliability, and cybersecurity vulnerabilities. This technical report sheds light on the challenges and industry concerns linked with IACS patch management for both asset owners and IACS product suppliers. It emphasizes the potential impacts that inadequate patch management can have on the reliability and operation of the IACS. The intended audience for this segment includes individuals responsible for designing and implementing patch management programs.

Additionally, the training will cover foundational technical knowledge in OT cybersecurity, encompassing basic ICS Architecture within the environment and the setup of an OT plant. We will analyze a hypothetical scenario that illustrates how a particular setup could expose vulnerabilities and potential attacks on the organization. Practical discussions within the group will address fundamental responses required during a cyber incident, which should be in place across all organizations.

These responses include:

• Business Continuity Plan

• Backup and Restoration Procedures

• Crisis Communication Plan

• Incident Response Plan

• Security Policies

Furthermore, the course will delve into MITRE ATT&CK for Industrial Control Systems, a curated knowledge base detailing cyber adversary behaviorwithin the ICS technology domain. It covers various phases of an adversary's attack lifecycle and their targeted assets and systems. ATT&CK for ICS originated from MITRE's internal research, focusing on applying the ATT&CK methodology to the ICS technology domain.

Finally, the course will incorporate simple technical exercises, such as performing basic reconnaissance attacks on an OT environment and mapping all OT components within a network. These exercises aim to provide attendees with insight into an attacker's mindset and the steps required to understand the infrastructure. Additionally, a tabletop exercise will be conducted, allowing participants to practice and enhance their skills within their respective organizations.