Length: 2 Days
Why should you choose TONEX for your SCADA Security Training?
SCADA Security Training course provides advanced SCADA technical overview of the emerging trends, advanced applications, operations, management and security. We have Providing SCADA and Automation and Security Training and consulting for over 15 years with 20+ man-years of development experience. SCADA Security Training course covers all aspects of Industrial Control System (ICS) security for several types of control systems including: Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and Other control system configurations such as skid-mounted Programmable Logic Controllers (PLC).
During the course, we also discuss SCADA Characteristics, Security Threats and Vulnerabilities, Threats, Potential SCADA Vulnerabilities, Policy and Procedure, and Platform Vulnerabilities and Network Vulnerabilities. SCADA Risk Factors such as Standardized Protocols and Technologies, Connectivity, Insecure and Rogue Connections, SCADA Public Information, SCADA Possible Incident Scenarios and Sources of Incidents are also discussed. Attacking critical infrastructure control systems such as SCADA requires planning, passive monitoring, intelligence gathering, active attacks and the use of alternative access methods. Details about dozens of SCADA, PLC, ICS vulnerabilities will be discussed in case studies with proof-of-concept exploit code.
Some of the highlights of the SCADA Security Training:
- Understand concepts behind Industrial Control Systems (ICS) and SCADA Security
- Learn about DCS, SCADA and Industrial Control Systems technology, Infrastructure, instrumentation, HMI and Data Historians
- SCADA and ICS Characteristics, Threats and Vulnerabilities
- SCADA and ICS Security Program Development and Deployment
- SCADA Network Architecture
- SCADA Security Controls
- Learn Passive and Active Techniques
- Explore the impact of Wireless communications on SCADA System Security Testing
- Explore SCADA System Security Testing with Active Techniques
- Understand SCADA vulnerabilities and different techniques behind exploiting SCADA Systems
- Understand how SCADA defense techniques and procedures work
- Identify the weak links and challenges in SCADA cybersecurity
- Review the available solutions and standards for secure SCADA architectures
- Examine the state of policies on data privacy and Internet security and their impact on SCADA
- Define a “To Do” list of action items to secure the SCADA systems
- ICS/SCADA Security Essentials Essentials for NERC Critical Infrastructure Protection
- ICS Active Defense and Incident Response
- Assessing and Exploiting SCADA and Control Systems
- Critical Infrastructure and Control System Cybersecurity
- SCADA Security Management
Learn more about the following aspects of SCADA, ICS and DCS Security:
- Understanding Control System Vulnerabilities
- Understanding and Identifying SCADA and ICS Vulnerabilities
- SCADA, Industrial Control System (ICS) and Distributed Control Systems (DCS) Exploitation
- Securing and Protecting Industrial Control Systems (ICS)
- ICS, DCS and PLC Penetration Testing, Exploiting and Vulnerability Assessments
- Hacking SCADA using Nmap, Nessus and Metasploit
- Hacking Remote Web Servers
- SCADA SQL Injection Attack
- Man-in-the-Middle Attack on SCADA
- Secure Socket Layer (SSL) Stripping
- Assessing the Security of ICS Systems
- SCADA Risk Identification
- SCADA Risk Classification and Threat Modeling
- Typical SCADA and ICS Vulnerabilities
- Consequences of an SCADA and ICS Attacks
- SCADA Security Controls
- Auditing and Assessing SCADA Security
- SCADA Security Audits
Who Should Attend
This course is suitable for anyone who needs to understand and deal effectively with advanced SCADA issues:
- SCADA Systems Personnel
- Engineers and Operations
- Process Engineers and Managers
- Operations and Maintenance Managers, Engineers and Technicians
- Hardware and Instrument Specialists
- Business System Analysts Who Support SCADA Interfaces
- System and Application Programmers
- Project Managers
- Telecommunications and Wireless Support Personnel
- Control engineers, integrators and architects when designing and implementing secure SCADA and/or ICS
- System administrators, engineers and other IT professionals when administering, patching, securing SCADA and/or ICS
- Security consultants when performing security assessments of SCADA and/or ICS
- Managers responsible for SCADA and/or ICS Researchers and analysts who are trying to understand the unique security needs of SCADA and/or ICS Vendors developing products that will be deployed in SCADA and/or ICS
Learning Objectives
Upon completing this course, students will be able to:
- Explain the basic SCADA operations
- Explore Advanced SCADA Systems
- Review telecommunications services related to SCADA
- Audit SCADA network operations and management
- Describe SCADA security architecture
- Describe the security issues with a SCADA system
- Design a SCADA Security Policy
- Look at access control to field devices with Microsoft Active Directory
- Review interception and analyzing Modbus/TCP network traffic with a sniffer
- Understand unauthorized commands to field device
- Setup and configure a Modbus/TCP firewall
- Review SCADA security policies
- Describe Firewall architecture, DMZ, and rule bases for SCADA systems
- Review SCADA protocol security issues
- Understand Securing field communications
- Explore user authentication technologies and integration with SCADA applications
- Review access control principles and implementation
- Look at active Directory integration with SCADA applications
- Explore how to Detect cyber attacks on SCADA systems
- Explore vulnerability scanning
- Review security patch management
- Review anti-virus protection and management
- Review SCADA security standards
INTRODUCTION TO ICS/SCADA OPERATIONS AND SECURITY
- Industrial Computing Applications and SCADA Systems
- Telecommunications Services
- Types of SCADA Networks
- SCADA Network Operations and Management
- Communications Media and Signals
- SCADA Reliability, Redundancy and Safety
- Planning and Managing SCADA Projects
- SCADA Technical Operations’
- SCADA Project Management
- SCADA Characteristics, Threats and Vulnerabilities
- Comparing SCADA and IT Systems
- Threats
INTRODUCTION TO SCADA VULNERABIITIES AND THREATS
- Potential SCADA Vulnerabilities
- Policy and Procedure Vulnerabilities
- Platform Vulnerabilities
- Network Vulnerabilities
- Risk Factors
- Standardized Protocols and Technologies
- Increased Connectivity
- Insecure and Rogue Connections
- Public Information
- Possible Incident Scenarios
- Sources of Incidents
- Documented Incidents
SCADA SECURITY PROGRAM DEVELOPMENT AND DEPLOYMENT
- Business Case for Security
- Potential Consequences
- Key Components of the Business Case
- Resources for Building Business Case
- Presenting the Business Case to Leadership
- Developing a Comprehensive Security Program
- SCADA Security Network Architecture
- Firewalls
- Logically Separated Control Network
- Network Segregation
- Dual-Homed Computer/Dual Network Interface Cards (NIC)
- Firewall between Corporate Network and Control Network
- Firewall and Router between Corporate Network and Control Network
- Firewall with DMZ between Corporate Network and Control Network
- Paired Firewalls between Corporate Network and Control Network
- Network Segregation Summary
RECOMMENDED DEFENSE-IN-DEPTH ARCHITECTURE
- General Firewall Policies for SCADA
- Recommended Firewall Rules for Specific Services
- Domain Name System (DNS)
- Hypertext Transfer Protocol (HTTP)
- FTP and Trivial File Transfer Protocol (TFTP)
- Telnet
- Simple Mail Transfer Protocol (SMTP)
- Simple Network Management Protocol (SNMP)
- Distributed Component Object Model (DCOM)
- SCADA and Industrial Protocols
- Network Address Translation (NAT )
- Specific SCADA Firewall Issues
- Data Historians
- Remote Support Access
- Multicast Traffic
- Single Points of Failure
- Redundancy and Fault Tolerance
- Preventing Man-in-the-Middle Attacks
SCADA SECURITY CONTROLS
- Management Controls
- Risk Assessment
- Planning
- System and Services Acquisition
- Certification, Accreditation, and Security Assessments
- Operational Controls
- Personnel Security
- Physical and Environmental Protection
- Contingency Planning
- Configuration Management
- Maintenance
- System and Information Integrity
- Media Protection
- Incident Response
- Awareness and Training
- Identification and Authentication
- Access Control
- Audit and Accountability
- System and Communications Protection
- Programmable Logic Controllers (PLC)
- Industrial Sectors and Their Interdependencies
WIRELESS SECURITY APPLIED TO SCADA
- Overview of Current Wireless Technologies
- 802.11, 802.15 and 802.16 Technologies
- Overview of Wireless Security
- WEP
- TKIP and the WPA/WPA2
- IEEE 802.11i
- Authentication, Encryption, and Integrity Methods
- Cellular/Mobile Interworking
- LTE application in SCADA
- 5G application in SCADA
ICS/SCADA SECURITY REQUIREMENTS
- Governing SCADA Security
- Electric: North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
- Chemicals: Chemical Industry Data Exchange/American Chemistry Council (CIDX/ACC)
- Natural gas: American Gas Association 12 (AGA 12)
- Oil and liquids: American Petroleum Institute (API)
- Manufacturing: International Society for Automation/International Electrotechnical Commission (ISA/IEC 62443) (formerly ISA 99)
- Some governments have come up with their own regulations and standards, e.g., the US National Institute of Standards and Technology (NIST), the UK Center for Protection of National Infrastructure (CPNI) and The Netherlands Center for Protection of National Infrastructure (CPNI)
CONSTRUCTS OF A SCADA SECURITY FRAMEWORK
- Governance, risk and compliance administrative controls
- SCADA controls
- Data and application security
- System assurance
- Monitoring controls
- Third-party controls
- Administrative Controls
- Policy, standards and exceptions
- Risk assessments
- Asset management
- Vulnerability management
- SCADA network security controls
- Data and Application Security
- Data security
- Application security
- Change management
- Malicious code detection/prevention
- System Assurance
- System resilience
- Secure configuration
- Business continuity/disaster recovery planning (BCP/DRP
- Incident management.
- Threat monitoring
- SCADA security controls
- Third-party Controls
- Vendor security management
- Partner security management
- SCADA Security Framework Use Cases
TONEX SCADA CYBERSECURITY & AUDIT FRAMEWORK
- Information security policy
- Organization of information security
- Internal Organization
- External Parties
- Asset Management
- Responsibility for assets
- Information classification
- Human resources security
- SCADA Secure Areas
- Equipment Security
- Communications and Operations Management
- Operational Procedures and responsibilities
- Third party service delivery management
- System planning and acceptance
- Protection against malicious and mobile code
- Backup
- Network Security Management
- Media handling
- Exchange of Information
- Electronic Commerce Services
- Monitoring
- Access Control
- Business Requirement for Access Control
- User Access Management
- User Responsibilities
- Network Access Control
- Operating system access control
- Application and Information Access Control
- Mobile Computing and teleworking
- Information systems acquisition, development and maintenance
- Security requirements of information systems
- Correct processing in applications
- Cryptographic controls
- Security of system files
- Security in development and support processes
- Technical Vulnerability Management
- Information security incident management
- Reporting information security events and weaknesses
- Management of information security incidents and improvements 35
- Business Continuity Management
- Information security aspects of business continuity management
- Compliance
- Compliance with legal requirements
- Compliance with security policies and standards, and technical compliance
- Information Systems audit considerations