Cyber Security for Industrial Automation and Industrial Control System (PLC, DCS, SCADA and IED)
Select Other "city & date"
Cyber Security for Industrial Automation and Industrial Control System (PLC, DCS, SCADA and IED) Course
Introduction:
Course Objectives:
Upon the successful completion of this course, participants will be able to:-
- Apply and gain comprehensive knowledge on the security of industrial control systems including SCADA, DCS & PLC and recognize their characteristics, threats, and vulnerabilities
- Identify different ISA security standards and determine industrial control system security program development and deployment
- Emphasize network architecture in industrial control system and list down the recommended firewall rules for specific services
- Determine the various industrial control system security controls including management, operational & technical controls and identify the SCADA vulnerabilities & attacks
- Employ SCADA security methods, mechanisms & techniques and explain SCADA security standards and reference documents
- Acquire knowledge on SCADA security management implementation issues & guidelines and determine the unique characteristics & requirements of SCADA systems
- Analyze the selected ISA technical papers of security issues including the physical protection of critical infrastructures & key assets, critical infrastructure protection, network security in the wireless age, etc.
Who Should Attend?
This course provides an overview of all significant aspects and considerations of cybersecurity of industrial control system (PLC, DCS, SCADA & IED) for a broad audience that includes asset owners from the process, power, and other critical infrastructures, control systems engineers, IT engineers, IT professionals, instrumentations engineers, instrumental & control staff, information and security officers and vendors, as well as security experts from government, industry associations and academia.
Course Outlines:
Overview of Industrial Control Systems
- Overview of SCADA, DCS, and PLCs
- Industrial Control System Operation
- Key Industrial Control System Components
- SCADA Systems
- Distributed Control Systems
- Programmable Logic Controllers
- Industrial Sectors and Their Interdependencies
Industrial Control System Characteristics, Threats & Vulnerabilities
- Comparing Industrial Control System and IT Systems
- Threats Potential Industrial Control System Vulnerabilities
- Risk Factors
- Possible Incident Scenarios
- Sources of Incidents
- Documented Incidents
ISA Security Standards
- ANSI/ISA-TR99.00.01-2004
- ANSI/ISA-TR99.00.02-2004
- ANSI/ISA-TR99.00.01-2007
- ANSI/ISA-TR99.00.02-2007
- ANSI/ISA-TR99.00.03-2007
- ANSI/ISA-TR99.00.04-2007
Industrial Control System Security Program Development and Deployment
- Business Case for Security
- Developing a Comprehensive Security Program
Network Architecture
- Firewalls
- Logically Separated Control Network
- Network Segregation
- Recommended Defense-in-Depth Architecture
- General Firewall Policies for Industrial Control System
- Recommended Firewall Rules for Specific Services
- Network Address Translation (NAT)
- Specific Industrial Control System Firewall Issues
- Single Points of Failure
- Redundancy and Fault Tolerance
- Preventing Man-in-the-Middle Attacks
Industrial Control System Security Controls
- Management Controls
- Operational Controls
Industrial Control System Security Controls
- Technical Controls
SCADA Vulnerabilities & Attacks
- The Myth of SCADA Invulnerability
- SCADA Risk Components
- Managing Risk
- SCADA Threats and Attack Routes
- SCADA Honeynet Project
SCADA Security Methods & Techniques
- SCADA Security Mechanisms
- SCADA Intrusion Detection Systems
- SCADA Audit Logs
- Security Awareness
SCADA Security Standards & Reference Documents
- ISO/IEC 17799:2005 and BS 7799-2:2002
- ISA-TR99.00.01-2004 Security Technologies for Manufacturing and Control Systems
- ISA-TR99.00.02-2004 Integrating Electronic Security into the Manufacturing and Control Systems Environment
- GAO-04-140T Critical Infrastructure Protection, Challenges in Securing Control Systems
- NIST, System Protection Profile for Industrial Control Systems (SPP ICS)
- Federal Information Processing Standards Publication (FIPS Pub) 199, Standards for Security Categorization of Federal Information and Information Systems, February 2004
- Additional Useful NIST Special Publications
SCADA Security Management Implementation Issues & Guidelines