Critical Infrastructure and Control System Cybersecurity Training

Critical Infrastructure and Control System Cybersecurity Training


Critical Infrastructure and Control System Cybersecurity Training course description

This Critical Infrastructure and Control System Cybersecurity Training course is an intermediate to advanced course covering control system cybersecurity vulnerabilities, threats and mitigating controls. This Critical Infrastructure and Control System Cybersecurity Training course will provide hands-on analysis of control system environments allowing students to understand the environmental, operational and economic impacts of attacks like Stuxnet and supporting mitigating controls.

• Hands-on environment (PLC, HMI, Network Communications, Backtrack)
• Operational, Cyber and Physical Protective Solutions
• Kits provided and used by pods of two attendees (Laptop, Customized I/O Trainer, PLC, HMI, communications infrastructure, CYBATIFIED Backtrack)

Customize It:

With onsite Training, courses can be scheduled on a date that is convenient for you, and because they can be scheduled at your location, you don’t incur travel costs and students won’t be away from home. Onsite classes can also be tailored to meet your needs. You might shorten a 5-day class into a 3-day class, or combine portions of several related courses into a single course, or have the instructor vary the emphasis of topics depending on your staff’s and site’s requirements.

Audience/Target Group

The class establishes a high-level understanding of Control System cybersecurity valuable to a wide-range of professionals, whether directly in the field or responsible for compliance. The class also dives into a great deal of real-world cybersecurity applications and satisfies those who need or want to understand the inner-workings of the systems as well as the programming behind industrial automation. Therefore, the class is applicable to:

• Security personnel whose job involves assessing, deploying, or securing control system components, communications and operations
• Programmers, network and system administrators supporting control systems
• Process engineers and field technicians
• Operations and plant management personnel
• Control System vendor personnel
• Penetration testers
• NERC CIP, DHS CFATS and other Auditors who need to build deeper technical skills
• Computer emergency response teams

Critical Infrastructure and Control System Cybersecurity Training Related Courses:

Duration: 5 days

Course Content:

Course Ethics and General Security Awareness

Critical Infrastructure Control System Cybersecurity Background
• Brief History of Critical Infrastructure and Control Systems
• Risk Management (Threats, Vulnerabilities and Exploits)
• Laboratory: Training Kit Orientation and Setup

Control System Cyber Architecture and Device Programming
• Control System Cyber Architecture Components
• Programmable Logic Controllers, Ladder Logic, Points and OPC/HMI
• Laboratory: Introduction to Programmable Logic Controllers, Ladder Logic, Communications and OLE for Process
• Control (OPC) / Human Machine Interface (HMI) Programming

Cyber Asset Vulnerability Assessments
• Case Study Review and Analysis (e.g. Bellingham Gas Pipeline; BP Texas Refinery; Washington DC Metro)
• ICS-CERT Vulnerability Notification Review and Analysis
• Open Source Intelligence (OSINT)
• Cyber, Physical and Operational Security Assessments
• Cyber Toolsets
• Laboratory: PLC Vulnerability Assessments
• Laboratory: Analyze and develop control system oriented Metasploit modules
• Laboratory: Mock Environment Analysis (e.g. Robotic Arm, Traffic Lights, Heavy Rail)

Automation Technologies Attack Surface and Mitigations
• Programmable Logic Controller Analysis
• Mitigating Controls
• Laboratory: PLC Exploit Analysis and Control
• Analyzing Control System IEDs
• Laboratory: Applied IED Security Analysis

Communications Attack Surface and Mitigations
• General Communications Protocol Analysis
• DNP3, IEC Variants, ICCP, Modbus Specific Protocol Analysis
• Vulnerabilities and Exploits
• Analyzing Wireless in Control Systems
• Mitigating Controls
• Laboratory: Communications Exploit Analysis and Control
• Laboratory: Protocol Spoofing and Fuzzing
• Laboratory: Industrial Wireless (802.11, 900 Mhz, GPRS and Zigbee) Analysis

OLE for Process Control / Human Machine Interface Attack Surface and Mitigations
• OPC / HMI Analysis
• Mitigating Controls
• Laboratory: OPC/HMI Exploit Analysis and Control

Integrated Defense in Depth Security Controls
• Layered Operational, Cyber and Physical Controls
• Forensics and attribution in control systems
• Performing Physical-Cyber-Operational Assessments and Penetration Tests
• Laboratory: Automation Technology Exploration and Vulnerability Assessments
• Situation Awareness and Incident Response
• Laboratory: Simulated Power Grid Control System Environment Attack and Defend

Request More Information

    Time Frame: 0-3 Months4-12 Months

    Print Friendly, PDF & Email