ICS Cybersecurity Training

ICS Cybersecurity Training, Industrial Control System Training

ICS (Industrial Control System) cybersecurity is essential because attacks against ICS devices can intentionally or unintentionally cause loss of availability.

Industrial control system is a collective term used to describe different types of control systems and associated instrumentation, which include the devices, systems, networks, and controls used to operate and/or automate industrial processes, which are a vital part of critical infrastructure, manufacturing, and related industries.

Attackers can gain access to these complex and vulnerable industrial control systems in a number of ways, including:

• Lateral movement from IT network
• Direct access to Internet-facing systems
• Phishing attacks to compromise legitimate OT account credentials
• Exploitation of vulnerable IoT and Internet-connected systems

While industrial control systems have the same security challenges as traditional IT environments, they have their own unique challenges as well, such as high availability requirements.

For ICS systems in critical infrastructure, manufacturing, and other industries, availability and uptime are of the utmost importance. This makes securing these systems difficult as they cannot be easily taken down to install security updates.

There’s also the matter of insecure and proprietary protocols. ICS uses a variety of proprietary protocols, including many that were designed decades ago to support long-lived components. These protocols often lack basic security features (such as encryption and access control) and cannot be updated.

ICS cybersecurity includes a wide range of practices including:

• Asset inventory and detection
• Vulnerability management
• Network intrusion protection and detection
• Endpoint detection and response
• Patch management
• User and access management

Over the past decade, ICS cybersecurity has become considerably more important as cyber-attacks increasingly focus on physical processes for either ransom or to cause harm to critical production systems.

Attacks such as those at the Oldsmar water treatment plant, the various ransomware attacks on the vaccine supply chain, and the more extensive threats to the Ukrainian and US power grids and oil refineries in the Middle East generate greater worry for boards, governments, and operators of industrial organizations.

ICS Cybersecurity Training, Industrial Control System Training by Tonex

ICS Cybersecurity training is designed for security professionals and control system engineers in order to provide them with advanced cybersecurity skills and knowledge in order to protect the Industrial Control System (ICS) and keep their industrial operation environment secure against cyber threats.

Tonex as a leader in security industry for more than 15 years is now announcing ICS Cybersecurity training which helps you protect your ICS via special publication National Institute of Science and Technology (NIST) for control systems based on Supervisory Control and Data Acquisition (SCADA), Distributed Control System (DCS) or the other control system configurations.

Tonex has served industry and academia with high quality conferences, seminars, workshops and exclusively designed courses in cybersecurity area and is pleased to inform professional fellows about the recent comprehensive training on ICS Cybersecurity.

This comprehensive training provides a detailed overview of Industrial Control Systems (ICS), typical system topologies and architectures, different types of threats and vulnerabilities to industrial systems, and gives a step by step procedure to mitigate the associated risks and maintain the security of your control system.

ICS cybersecurity applies to many industries such as electric, water, wastewater, oil, natural gas, chemical, paper, food, and discrete manufacturing. The reason is due to the numerous attack records in ICS with varying level of potential risk and impact.

This course covers a variety of topics in ICS Cybersecurity area such as ICS fundamentals, ICS security architecture, ICS vulnerabilities, ICS threat intelligence, NERC Critical Infrastructure Protection (CIP), ICS risk management and ICS risk assessment. Moreover, you will learn about ICS auditing and assessment, IEC 62443 standard for system security, ICS implementation and development, ICS incident response, ICS network protection, ICS server protection, SCADA security policies and standards, SCADA cyber-attacks detection, and a lot of labs and hands on examples.

By taking the ICS Cybersecurity training by Tonex you will learn about the life cycle of ICS implementation, ICS policies and procedures, ICS risk management framework steps, access control, contingency planning, and incident response.

The ICS Cybersecurity course by Tonex is an interactive course with a lot of class discussions and exercises aiming to provide you a useful resource for ICS cybersecurity.

If you are an IT professional who specialize in ICS cybersecurity and need to validate your skills, you will benefit from the presentations, examples, case studies, discussions, and individual activities upon the completion of the ICS Cybersecurity training that will prepare you for your career.

Learn about the fundamentals of ICS Cybersecurity throughout identifying vulnerabilities of ICS, different types of attacks to Human Machine Interface (HMI) and User Interface (UI), web attacks, attacks on remote devices and network vulnerabilities.

Our instructors at Tonex will help you to master all the ICS Cybersecurity design techniques by introducing the risk management framework, risk assessment techniques, incident response, continuous monitoring, SCADA security improvement, and network security approaches for ICS.

Finally, the ICS Cybersecurity training will introduce a set of labs, workshops and group activities of real world case studies in order to prepare you to tackle all the related ICS Cybersecurity challenges.

Audience

The ICS Cybersecurity training is a 4-day course designed for:

• Control engineers, integrators and architects who will be designing a secure ICS
• System administrators, engineers who secure ICS
• Information Technology (IT) professionals who administer, patch or secure ICS
• Security Consultants who perform security assessment and penetration testing of ICS
• Managers who are responsible for ICS
• Senior managers want to understand or apply ICS cybersecurity program to their control system
• Researchers and analysts working on ICS security
• Vendors who will develop products for ICS
• Executives and managers of ICS Cybersecurity area
• Information technology professionals, security engineers, security analysts, policy analysts
• Investors and contractors who plan to make investments in ICS industry.
• Technicians, operators, and maintenance personnel who are or will be working on ICS Cybersecurity projects

Training Objectives

Upon completion of the ICS Cybersecurity training course, the attendees are able to:

• Understand fundamentals of Industrial Control Systems (ICS)
• Recognize the security architecture for ICS
• Identify different kinds of vulnerabilities in ICS network, remote devices, software, or control servers
• Learn about active defense and incident response for ICS
• Learn the essentials for NERC Critical Infrastructure Protection (CIP)
• Understand policies and procedures for NERC critical infrastructure protection (CIP)
• List strategies for NERC CIP version 5/6
• Apply risk management techniques to ICS
• Describe ICS Active Defense and Incident Response
• Describe techniques for defending against the new ICS threat matrix
• Assess and audit risks for ICS
• Apply IEC standard to network and system security of ICS
• Implement the ICS security program step by step
• Protect the ICS network from vulnerabilities
• Understand different types of servers in ICS and protect them against attacks
• Apply security standards to SCADA systems based on NIST SP 800-82
• Detect different types of attacks to SCADA systems
• Tackle all the security challenges related to ICS cybersecurity

Training Outline

ICS Cybersecurity training course consists of the following lessons, which can be revised and tailored to the client’s need:

Fundamentals of Industrial Control Systems (ICS)

• Evolution of Industrial Control Systems (ICS)
• Global Industrial Cybersecurity Professional (GICSP)
• ICS Industrial Sectors
• ICS Operation and Components
• ICS Design Consideration
• Real-Time Operating Systems
• Programming Controllers
• SCADA Systems
• Distributed Control System
• Programmable Logic Controller
• ICS and IT Systems Security
• Distributed Control System (DCS) versus Supervisory Control and Data Acquisition (SCADA)
• Supervisory Components (Master Servers)
• System Operation
• Communication Protocols
• ICS Network Architecture
• ICS Lifecycle Challenges
• Network Design

ICS Security Architecture

• Network Segmentation and Segregation
• Boundary Protection
• Firewalls
• Logically Separated Control Network
• General Firewall Policies for ICS
• Recommended Firewall Rules for Specific Services
• Network Address Translation (NAT)
• Specific ICS Firewall Issues
• Unidirectional Gateways
• Single Point of Failure
• Authentication and Authorization
• Monitoring, Logging and Auditing
• Incident Detection, Response and System Recovery

Common ICS Vulnerabilities

• Vulnerabilities Inherent in the ICS Product
• Vulnerabilities Caused by Installation, Configuration and Management of ICS
• Poor Network Design Issues
• ICS Software Security Threats
• Access Controls
• ICS Attack Surface
• Attacks on Human Machine Interface (HMI) and User Interface (UI)
• Attacks on Network Communications
• Attacks on Remote Devices
• Authentication Issues
• Attacks on Control Servers
• Web Attacks
• Data Authenticity
• Cryptographic Issues
• Credential Management Issues
• Network Vulnerabilities

ICS Threat Intelligence

• ICS Active Defense and Incident Response
• Intelligence Life Cycle and Threat Intelligence
• ICS Information Attack Surface
• External ICS Threat Intelligence
• Internal ICS Threat Intelligence

NERC Critical Infrastructure Protection (CIP)

• Introduction to CIP
• NERC Functional Mode
• NERC Reliability Standards
• CIP History
• CIP-002: Cyber System Categorization
• CIP-003: Security Management Controls
• CIP Processes
• Audit Follow Up
• CIP Industry Activities
• Standards Process

Risk Management and Risk Assessment

• Risk and Manufacturing Systems
• Common ICS Vulnerabilities
• Threat Identification
• Vulnerability Management
• Industrial Consequences
• Risk Classification
• Introduction to Risk Management Process
• Special Consideration for ICS Risk Assessment
• ICS Information Security Risk Assessment Safety
• Physical Impacts of ICS Incidents
• Physical Disruption of ICS Process
• Non-Digital Aspect of ICS into Impact Evaluations
• Propagation of Impact to Connected Systems

ICS Auditing and Assessment

• Security Audits
• Security Assessments
• System Characterization
• Asset Classification
• Vulnerability Assessment
• Configuration Assessment and Auditing

IEC 62443: Network and System Security for ICS

• Security Feedback Loop
• Security Assurance
• Threat/Risk Assessment
• Classes of Attackers
• Management Challenges
• Cybersecurity Assurance Standards
• Assurance Matrix
• Development Assurance
• Integration Assurance
• Operational Assurance

Implementation of ICS Security Program Development

• Business Case for Security
• Defining the Scope of Security Program
• Defining ICS-Specific Security Policies and Procedures
• Implementing ICS Security Risk Management Framework
• Categorizing ICS Systems and Network Assets
• Selecting ICS Security Controls
• Performing Risk Assessment Techniques
• Implementing Security Controls
• Continuous Monitoring of Control Systems
• Access Control
• Security Assessment and Authorization
• Contingency Planning
• Identification and Authentication
• Incident Response
• Privacy controls
• Penetration Testing

ICS Incident Response

• Incident Response and Digital Forensic
• Incident Response ICS Team
• Collecting Evidence
• Source of Forensic Data in ICS Network
• Time-Critical Analysis
• Maintaining and Restoring Operations
• Performing ICS Incident Response Procedures
• Identifying the threat in Distributed Control Systems (DCS)

Network Protection for ICS

• Fundamentals of ICS Network
• Ethernet
• TCP/IP Protocol Suite
• ICS Protocols Over TCP/IP
• Firewalls
• Unidirectional Gateways
• Honeypots
• Wireless in Control Systems
• Satellite Protocols
• Mesh Protocols
• Bluetooth and Wi-Fi
• Field and Plant Floor Equipment

ICS Server Protection

• ICS Windows Systems
• ICS Linux/Unix Systems
• Updates and Patching
• Processes and Services
• Configuration Hardening
• Endpoint Protection
• Automation and Auditing
• Log Management
• Database and Historians

SCADA Security Policies and Standards

• SCADA Organization and Information Architecture
• SCADA Data Categorization and Ownership
• Data Security in SCADA
• Platform Security
• Communication/ Personnel Security
• Configuration Management
• Audit
• Applications
• Physical Security
• Manual Operation
• SCADA Asset Protection
• NIST SP 800-82 Standard
• Steps to SCADA Cybersecurity Improvements

Detection of Cyber-Attacks on SCADA Systems

• Application Layers Attacks
• Transport Layer Attacks
• Network Layer Attacks
• Modbus Protocol Attack
• DNP3 Attacks
• ICCP Server Attacks
• OPC Servers Attack
• TCP/IP Attack
• SCADA Vulnerability Scanning

Workshops for ICS Cybersecurity Training

• Preliminary ICS Risk Assessment Exercise
• ICS System Identification and Classification Hands On
• ICS Vulnerability Assessment Case Study
• ICS Compliance Audit Case Study
• Detailed ICS Risk Assessment Experience
• Selecting ICS Security Controls Experiment
• Summary of Aurora Hardware Mitigation Projects Workshop
• Incident Response Workshop
• Live Attack Demonstration- Hacker’s Perspective
• Hacking the Power Grid
• Designing a SCADA Security Policy

ICS Cybersecurity Training