Course Details
Your Growth, Our Mission
Course Description
The use of interconnected microprocessors in industrial systems has grown exponentially over the past decade. Deployed for process control in Programmable Logic Controllers (PLC) and Distributed Control Systems (DCS) for many years, they have now moved into Intelligent Electronic Devices (IED) in applications such as substations, Motor Control Centers (MCC), and heat trace systems. The concern is that their connecting networks have grown as well, usually without much attention to the security ramifications. Intrusions, intentional and unintentional, can cause safety, environmental, production and quality problems. The need for protecting Industrial Control Systems has grown significantly over the last few years. The combination of open systems; an increase in joint ventures; alliance partners and outsourced services; growth in intelligent manufacturing equipment; increased connectivity to other equipment/software; enhanced external connectivity; along with rapidly increasing incidents of network intrusion, more intelligent hackers, and malicious software, all lead to increased threats and probability of attack. As these threats and vulnerabilities increase, so does the need for protection of Industrial and Control Systems.
This intensive training course introduces several categories of electronic security technologies and discusses specific types of applications within each category, the vulnerabilities addressed by each type, suggestions for deployment, and known strengths and weaknesses, as well as some forms of mitigation for the mentioned risks.
The training course provides participants with practical methods for evaluation and assessment of many current types of electronic security technologies and tools that apply to the Industrial Control Systems environment, including development, implementation, operations, maintenance, engineering and other user services. It provides guidance to manufacturers, vendors, and security practitioners at end-user companies on the technological options for securing these systems against electronic (cyber) attack.
The Training Course Will Highlight ?
Training Objective
By the end of the training, participants will be able to:
- Apply and gain a comprehensive knowledge on security of industrial control systems including SCADA, DCS & PLC and recognize their characteristics, threats and vulnerabilities
- Identify different ISA security standards and determine industrial control system security program development and deployment
- Emphasize network architecture in industrial control system and list down the recommended firewall rules for specific services
- Determine the various industrial control system security controls including management, operational & technical controls and identify the SCADA vulnerabilities & attacks
- Employ SCADA security methods, mechanisms & techniques and explain SCADA security standards and reference documents
- Acquire knowledge on SCADA security management implementation issues & guidelines and determine the unique characteristics & requirements of SCADA systems
- Analyze the selected ISA technical papers of security issues including the physical protection of critical infrastructures & key assets, critical infrastructure protection, network security in the wireless age, etc.
Target Audience
This course is intended for a broad audience that includes asset owners from process, power and other critical infrastructures, control systems engineers, IT engineers, IT professionals, instrumentations engineers, instrumental & control staff, information and security officers and vendors, as well as security experts from government, industry associations and academia.
Training Methods
This interactive training course includes the following training methodologies as a percentage of the total tuition hours:-
- 40% Lectures, Concepts, Role Play
- 60% Workshops & Work Presentations, Techniques, Based on Case Studies & Practical Exercises, Software & General Discussions
- Pre and Post Test
Daily Agenda
DAY ONE:
- Pre-Test
- Introduction
Overview of Industrial Control Systems
- Overview of SCADA, DCS and PLCs
- Industrial Control System Operation
- Key Industrial Control System Components
- SCADA Systems
- Distributed Control Systems
- Programmable Logic Controllers
- Industrial Sectors and Their Interdependencies
Industrial Control System Characteristics, Threats & Vulnerabilities
- Comparing Industrial Control System and IT Systems
- Threats
- Potential Industrial Control System Vulnerabilities
- Possible Incident Scenarios
- Sources of Incidents
- Documented Incidents
Recap
DAY TWO:
IT & OT
- Main characteristic of IT systems
- Main characteristic of OT systems
- Main difference between IT and OT systems
- Integration between IT and OT
Network Architecture
- Firewalls
- Logically Separated Control Network
- Network Segregation
- Recommended Defense-in-Depth Architecture
- General Firewall Policies for Industrial Control System
- Recommended Firewall Rules for Specific Services
- Specific Industrial Control System Firewall Issues
- Single Points of Failure
- Redundancy and Fault Tolerance Preventing Man-in-the-Middle Attacks
Recap
DAY THREE:
Industrial Control System Security Controls
- Management Controls
- Operational Controls
- Technical Controls
SCADA Vulnerabilities & Attacks
- The Myth of SCADA Invulnerability
- SCADA Risk Components
- SCADA Threats and Attack Routes
- SCADA Secured design
Recap
DAY FOUR:
SCADA Security Methods &Techniques
- SCADA Security Mechanisms
- SCADA Intrusion Detection Systems
- Security Awareness
Industrial control systems Risk management and assessment
- Risk management
- Risk management process
- Audit and assessment
- Special consideration for doing and ICS risk assessment
Practical Sessions
- Real-life case studies and exercises
DAY FIVE:
- SCADA Security Management Implementation Issues & Guidelines
- Management Impressions of SCADA Security
- SCADA Culture
- Unique Characteristics and Requirements of SCADA Systems
- Guidance for Management in SCADA Security Investment
ISO 27001 standard
- What is ISO 27001?
- Why ISO 27001?
- IT and Information
- Information Security Management System ISMS
- ISO 27001 a must have standard
- ISO 27001 Certification process
- ISO 27001 implementation challenges
- The consultancy process
- Course Conclusion
- Post-Test and Evaluation
Accreditation
BTS Attendance certificate(s) will be issued to each participant who completed the course.
Quick Enquiry
Request Info
Related Courses
Your Growth, Our Mission
Contact Us
Contact us to meet all your inquiries and needs, as our professional team is pleased to provide immediate support and advice to ensure you achieve your goals and facilitate your experience with us in the best possible way.
UAE
Office
Mobile
E-mail
Working
Hours