Price: $2,499.00

Length: 3 Days
Print Friendly, PDF & Email

Industrial Control System (ICS) and SCADA Cybersecurity Training

A Supervisory Control and Data Acquisition (SCADA) system is a type of Industrial Control System (ICS).

SCADAs have risen in prominence over recent years because modern SCADAs provide powerful tools that give operators a real-time view into operations in order to optimize the power distribution system for maximum efficiency.

Modern SCADA’s also increase reliability, reduce costs, improve worker safety, provide greater customer satisfaction and improved utilization. Their alarms and real-time views into operations can prevent small problems from becoming big ones, and can also speed restoration time.

Standard protocols specifically designed for the industry such as DNP3 and IEC-60870-5-104 enable the SCADA system to collect information with the precision and accuracy required to diagnose shutdown causes and minimize downtime. This cuts time wasted on field visits, and also improves worker safety during outages and power restoration.

Unfortunately, SCADA systems are vulnerable to cyberattacks. This is a major concern, especially since nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in their systems.

Many different ideas have been bantered about to address the need for better security in SCADA systems. One prominent idea involves securing the network infrastructure, including switches, routers, wireless networks, and IoT/IIoT devices, as well as appropriately hardening devices by turning off or disabling unused ports and/or features.

Another recommendation is segmenting networks by separating connected wireless and IoT/IIoT technologies from the SCADA/ICS deployment.

Also, to better control and monitor employees from accessing parts of a SCADA network they shouldn’t have access to, cybersecurity specialists encourage companies to apply identity and access management policies. This also helps control and manage Iot/IIot devices from being connected to the network.

Industrial Control System (ICS) and SCADA Cybersecurity Training Course by Tonex

Industrial Control System (ICS) and SCADA Cybersecurity Training by Tonex will help you to support and defend your industrial control system to operate in a threat-free environment and become resilient against emerging cybersecurity threats.

Industrial Control System

Cyberattacks on critical infrastructures and industrial control systems — especially Supervisory Control and Data Acquisition (SCADA) — are becoming more common for organization and governments. These types of attacks can severely impact service, data integrity, compliance and public safety. Therefore, organizations need to implement a cybersecurity approach to identify risks and manage them in order to ensure the protection of industrial control systems.

Tonex has been providing professional seminars, workshops, detailed courses and consulting services in security area since 1993 and has established a unique structure which has been proven to be most successful for utility organizations and stakeholders.

Industrial Control System (ICS) and SCADA Cybersecurity training is designed by our professionals in cybersecurity and power system area to use standard cybersecurity approaches that can be implemented to ICS and SCADA which will last for a long time.

Industrial Control System (ICS) and SCADA Cybersecurity training covers a variety of topics in ICS and SCADA cybersecurity such as: fundamentals of ICS and SCADA, ICS and SCADA vulnerabilities, risk management basics, selecting and implementing controls for ICS security, ICS/SCADA network and device security, SCADA security program development, and wireless security applied to SCADA systems.

Our instructors at Tonex will teach you the fundamentals of ISC and SCADA systems, role of real-time operating systems, the difference between SCADA and distributed control systems (DCS), ICS and SCADA networks, and communications in SCADA systems.

Learn about common vulnerabilities in ICS and SCADA, how to detect the threats, how to find the source of incidents, types of threats in SCADA/ICS networks, servers and mobile devices or web attacks.

By taking Industrial Control System (ICS) and SCADA Cybersecurity, you will learn different approaches to manage the risk, assess the security, monitor the system and ensure the physical security of ICS and SCADA systems in your organization.

Learn specifically about security development for networks and mobile devices in SCADA and ICS, wireless security of these industrial systems and protection against different types of vulnerabilities.

This course also offers a set of real-world case studies, hands on experiments and class discussions in order to give you a clear idea about ICS and SCADA security, and makes you prepared for challenges in your organization.

Audience

Industrial Control System (ICS) and SCADA Cybersecurity training is a 3-day course designed for:

  • IT and ICS cybersecurity personnel
  • Field support personnel and security operators
  • Auditors, vendors and team leaders
  • All individuals who need to understand the ICS and SCADA Protection concepts
  • Electric utility engineers working in electric industry security
  • System personnel working on system security
  • System operators and individuals in electric utility organizations
  • Independent system operator personnel working with utility companies
  • Electric utility personnel who recently started career involved with ICS security
  • Technicians, operators, and maintenance personnel who are or will be working at electric utility companies
  • Investors and contractors who plan to make investments in electric industry considering security standards
  • Managers, accountants, and executives of electric industry

Training Objectives

Upon completion of Industrial Control System (ICS) and SCADA Cybersecurity training course, the attendees are able to:

  • Understand fundamentals of Industrial Control Systems (ICS) and SCADA systems
  • Understand vulnerabilities and attacks for ICS and SCADA
  • Learn about attack architectures in SCADA and ICS
  • Explain risk management procedures applied to SCADA and ICS
  • Identify risks in SCADA and ICS systems and conduct risk assessment
  • Apply physical protection principles to SCADA and ICS systems
  • Learn about security standards applied to ICS and SCADA such as NIST, ISA and CPNI
  • Learn different types of servers used in ICS and SCADA and apply security concepts to servers
  • Explain the concept of security in SCADA/ICS networks and preventing the attacks to networks in these structures
  • Develop and deploy security programs for SCADA and ICS
  • Understand the security related issues to the wireless system in SCADA and ICS

Training Outline

Industrial Control System (ICS) and SCADA Cybersecurity training course consists of the following lessons, which can be revised and tailored to the client’s need:

Fundamentals of ICS and SCADA

  • Industrial Control Systems Overview
  • Global Industrial Cybersecurity Professional (GICSP)
  • Roles and Responsibilities of ICS
  • Real-time Operating Systems
  • Programmable Logic Controllers (PLC)
  • Distributed Control Systems (DCS)
  • Supervisory Control and Data Acquisition (SCADA)
  • Master Servers
  • Industrial Computing Applications and SCADA Systems
  • Communication Protocols
  • Network Design
  • Types of SCADA Networks
  • SCADA Network Operations and Management
  • Communications Media and Signals
  • SCADA  Reliability, Redundancy and Safety
  • Planning and Managing SCADA Projects
  • SCADA Technical Operations
  • SCADA Characteristics, Threats and Vulnerabilities
  • Comparing SCADA and IT Systems
  • SCADA and DCS Comparison
  • Physical Security of SCADA Systems
  • ICS Network Architecture

ICS/SCADA Vulnerabilities

  • ICS Attack Architecture
  • Attacks on Human Machine Interface (HMI)
  • Attacks on User Interfaces
  • Potential SCADA Vulnerabilities
  • Policy and Procedure Vulnerabilities
  • Platform Vulnerabilities
  • Network Vulnerabilities
  • SCADA Network Communication Attacks
  • Risk Factors
  • Standardized Protocols and Technologies
  • Increased Connectivity
  • Insecure and Rogue Connections
  • Public Information
  • Possible Incident Scenarios
  • Sources of Incidents
  • Documented Incidents
  • Web Attacks
  • ICS Server Attacks
  • Attacks on ICS Remote Devices
  • Firmware Attacks

 Risk Management Basics

  • Risk and Industrial Control Systems
  • Threat Identification
  • Vulnerability Management
  • Industrial Consequences of Vulnerabilities
  • Risk Classification
  • ICS Risk Assessment
  • Planning
  • System and Services Acquisition
  • Certification, Accreditation, and Security Assessments
  • Operational Controls
  • Personnel Security
  • Physical and Environmental Protection
  • Contingency Planning
  • Configuration Management
  • Maintenance
  • System and Information Integrity
  • Incident Response
  • Awareness and Training
  • Identification and Authentication
  • Access Control
  • Audit and Accountability
  • Asset Classification
  • System and Communications Protection

 Selecting and Implementing Controls for ICS Security

  • ICS Security Assessment
  • ICS Vulnerability Assessment
  • Configuration Assessment and Auditing
  • Risk Reduction
  • Standards and Security Controls Applied to ICS (NIST, ISA and CPNI)
  • ICS Security Technologies

 ICS/SCADA Server Security

  • Different Server Types Used in ICS
  • Windows Operating Systems in ICS
  • Linux/Unix Operating Systems in ICS
  • Endpoint Protection
  • Automation and Auditing
  • Log Management for ICS Servers

 ICS/SCADA Network and Device Security

  • Fundamentals of Networks
  • Ethernet, TCP/IP Protocol
  • ICS Protocol Architectures
  • Firewalls and Gateways
  • Honeypots
  • ICS Wireless Systems
  • Satellite, Mesh, Wi-Fi, and Bluetooth Systems
  • SCADA Security Network Architecture
  • Firewalls and Logically Separated Control Network
  • Network Segregation
  • Specific SCADA Firewall Issues
  • Data Historians
  • Remote Support Access
  • Multicast Traffic
  • Single Points of Failure
  • Redundancy and Fault Tolerance
  • Preventing Man-in-the-Middle Attacks

 SCADA Security Program Development and Deployment

  • Business Case for Security
  • Potential Consequences
  • Key Components of the Business Case
  • Resources for Building Business Case
  • Presenting the Business Case to Leadership
  • Developing a Comprehensive Security Program

 Wireless Security Applied to SCADA

  • Overview of Current Wireless Technologies
  • 11, 802.15 and 802.16 Technologies
  • Overview of Wireless Security
  • WEP
  • TKIP and the WPA/WPA2
  • IEEE 802.11i
  • Authentication, Encryption, and Integrity Methods
  • Cellular/Mobile Interworking
  • LTE application in SCADA

 Hands On, Workshops, and Group Activities

  • Labs
  • Workshops
  • Group Activities

 Sample Workshops and Labs for Industrial Control Systems and SCADA Security

  • ICS Risk Assessment Exercise
  • ICS System Identification and Classification Case Study
  • ICS Vulnerability Assessment and Compliance Auditing
  • Risk Assessment Case Study for ICS and Selecting Security Controls
  • Host Based Intrusion Prevention Systems
  • Industrial Firewall Inspection Case
  • Modbus Communication Network Attacks
  • Incident Response and Risk Management Case Study

Industrial Control System and SCADA Cybersecurity Training

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.