Generic filters

Home   /   RESOURCES   /   MYSEC.TV   /   ICS Cyber SecuRity Defense

Introduction to Industrial Control Systems (ICS) Cyber Security Defense

4 WEEK SERIES (20 ACADEMIC HOURS)

Overview

The training program described below focuses on the cyber security aspects of Industrial Control Systems (ICS), also known as Operation technology (OT) and Supervisory Control and Data Acquisition (SCADA), Building and Energy Management Systems (BEMS) and is aimed for organizations that design, deploy, operate and/or maintain industrial automation and control system more.

Information Technology (IT) systems are focusing on assurance of Confidentiality, Integrity and Availability (CIA), using a broad range of IT-type cyber defense measures such as antivirus, firewalls, demilitarized zone, unidirectional gateways, intrusion detection systems (IDS) and other. On the other hand, for OT type systems, the CIA factors are not the most important concern, as these systems must focus on assurance of Safety, Reliability and Productivity (SRP) of these facilities.  Among Industrial control verticals are: Electricity production and distribution, Water distribution, Sewage treatment, Manufacturing, Building management, Smart cities and public safety, Communication networks, and more

Target Audience

The purpose of the workshop outlined below is to educate SCADA engineers on cyber risks and defense and also IT engineers to better understand the solutions which are needed for protecting ICS and SCADA systems. Upon completion of this 24 hours modular and suitable for self-learning workshop the participants will acquire knowledge in the field of industrial systems’ operation, cyber technologies and defense measures, understand the key terms, attack vectors and defense processes and you will be best prepared the future challenges.

Training Structure

The actual training can be in a class, or remotely via Zoom or other media. The training will be specifically customized for the participating people, and taking into consideration their basic knowledge and background in the field of IT and ICS

About the Lecturer

Daniel Ehrenreich, B.Sc. Engineering, MBA, CISSP, ISO27001 Lead Auditor, SCCE- Secure Communications and Control Experts. Daniel brings over 29 years of experience with SCADA & ICS, deployed for electric power, water, sewage, oil and gas. Since 2010 he has combined his engineering activity with cybersecurity and has consulted and delivered training sessions in Israel and across the world. Previously he held senior positions in with leading firms in Israel such as Waterfall Security, Siemens and Motorola Solutions dealing with cyber defense for industrial operations.

Reselected as the Chairman for the 5th ICS Cybersec Conference (Virtual and International) taking place on 11-2-2021 in Israel.

Goals of the Training

The training is designed a way that the participants, having little knowledge in the topics related to cyber secured operation of OT facilities will gain knowledge, technologies and techniques which day can immediately use in the daily activity:

  • Understanding the ICS-OT technology as related to cyber risks and defense

     

  • Understanding the ICS architecture, related components and communication

     

  • Understanding of the unique threat factors applicable for the ICS-OT facilities.

     

  • Understanding the principal technologies used for cyber secured ICS-OT systems

     

  • Effective methods and specific network defense architectures and techniques;

     

  • knowledge about standards and regulations for Industrial Control Systems (ICS);

     

  • understanding of the technologies used to carry out security audits;

     

  • hands-on lab learning experiences to control system attack surfaces, methods and tools;

     

  • knowledge of how to harden an Industrial Control System (ICS) using end-point protection, securing memorable data or updating systems;

     

  • incident-response skills in control system environments; and

     

  • governance models and resources for Industrial Cyber Security Professionals.

     

This workshop is specifically suitable and mandatory for the following groups:

  •    People in charge of IT who need to know more on ICS SCADA risks and defense in order to assure better collaboration among these teams

     

  •    SCADA/ICS engineers involved with design, maintenance of industrial plants and manufacturing processes

     

  •    Operators dealing with control of renewable and other power technology plants, sewage plants, desalination and other chemical process plants

     

  •    Broad range of managers interested upgrading their technical knowledge in order to make correct and cost-effective investment decisions

     

After this cyber technology and defense training related to Industrial cyber security the participants will also be better prepared to apply for formal certification classes such as CISO, GIAC, CISSP and other as applicable for your business activity and the needs of your organization.

Complete Workshop Itinerary

The training will be customised for 20 Academic hours

Module 1: Introduction to SCADA Technology

  • Introduction ICS (SCADA, OT) architecture
  • Introduction to BMS architecture
  • Introduction to wireless communication for ICS
  • Field Control units PLC, RTU, IED and Remote I/Os
  • Use of Automation Servers, PAC and DCS in plants
  • IIoT Sensors and Field Control Devices
  • Introduction to system design and programming
  • Summary, Q&A and Exam

Module 2: Introduction to SCADA-Cyber Risks

  • Introduction to ICS Security Vulnerabilities
  • ICS and IT systems differences related to cyber risks
  • Introduction to BMS Cyber security risks
  • External & Internal attacks: MitM, DOS, DDoS, GPS
  • Industrial Cyber Kill Chain attack process
  • Introduction to the MITTRE ATT&CK process
  • Safety and Cyber Security considerations
  • Summary, Q&A and Exam

Module 3: Cyber-attacks and Defense solutions

  • Communications and Process related risks
  • Principles of Encryption and Authentication
  • Defense in Depth and packet’s inspection for ICS
  • Firewalls, IDS, DMZ, UGW, Sensor inspection,
  • Coordinated operation with SIEM, SOAR, SOC
  • Best practices to enhance ICS-IIoT Cyber defense
  • Conduction Secure Maintenance for ICS
  • Summary, Q&A and Exam

Module 4: Cyber-attacks and Defense solutions

  • Cyber security Assessment and action items
  • Introduction to ISA 62443 standard
  • Introduction to NIST 800 standards
  • Introduction to BCP, DRP and IR
  • Introduction to NERC CIP
  • Basic principles of Forensics for ICS
  • Explaining famous attacks on ICS worldwide
  • Summary, Q&A and Final Exam
References:

Publications:
Cyber Startup Observatory (IoT & SCADA sections): https://lnkd.in/dbfVa_r

Cyber Startup Observatory (USA-04-2020 pages 63-67) https://bit.ly/2Xb2xwI

Cyber Startup Observatory (Israel-04-2020 pages 65-69) https://bit.ly/3aLDfsS

ICSJWG Quarterly Newsletter 03-2020https://bit.ly/2YkUo9h

Cyber Security Workshop 02-2020https://www.youtube.com/watch?v=IEHvlQyXq6E

Podcasts:
Waterfall Security Podcast: https://waterfall-security.com/daniel-ehrenreich/

i24 News Interview (09-2019) : https://bit.ly/2msUXwR

Mysecurity Media Interview (04-2020) https://www.youtube.com/watch?v=KrY_VS4zuEM&t=722s

Interview (11-2018) with Magda Chelly: https://youtu.be/FxkW8H5j7jc

Presentations:
Cyber Security Workshop 02-2020https://www.youtube.com/watch?v=IEHvlQyXq6E

Kaspersky Conf. 09-2019https://www.youtube.com/watch?v=ejpt1qXsErs

https://www.youtube.com/watch?v=JJA0vhPzcHg&feature=youtu.be&ab_channel=DanEhrenreich

SPONSORED BY