NOTE:  Onsite/In-person delivery

CEU Credits: .7
Course Hours: 8:00 a.m - 4:00 p.m.
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.

Description:

The industrial processing and manufacturing world face considerable technical and practical challenges as it strives to provide safe, secure, profitable operations in a wide range of settings with varying levels of automation. In many instances where new sensors and instrumentation technology are being developed for specific use cases identified by the manufacturers, the vendors arrive at solutions that require remote access, may or may not require interoperability with legacy equipment. Perhaps even more importantly is that such system designs and associated operational processes come into direct conflict with cybersecurity demands. The issues – technical, logistical, programmatic – associated with cybersecurity for automation systems continue to expand in scope and urgency. This is driven by the increasing use of network-centric components and instrumentation that is integrated into modern DCS, SCADA, Cloud-Edge and IT/OT systems. This has led to greater capability and connectivity from the advancements of sensors in industrial technologies with a clear need of cybersecurity. This course provides the student with the placement and usage of CyberSensors in your overall strategy.

Who should attend?

• Project Engineers
• Maintenance Supervisors and Technicians
• Analyzer Supervisors and Technicians
• Measurement Technicians
• IT/OT Security Professionals
• SCADA and Automation Engineers
• Red Team/Blue Team Penetration Testers

NOTE:  Onsite/In-person delivery

CEU Credits: 1.4
Course Hours: 8:00 a.m - 4:00 p.m.
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the entire two-day course.

Description:

The move to using Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has exposed these systems to the same cyberattacks that have wreaked havoc on corporate information systems. This course provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

You will be able to:

• Discuss the principles behind creating an effective long term program security
• Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
• Define the basics of risk and vulnerability analysis methodologies
• Describe the principles of security policy development
• Explain the concepts of defense in depth and zone/conduit models of security
• Analyze the current trends in industrial security incidents and methods hackers use to attack a system
• Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks

You will cover:

• Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
• How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
• Creating A Security Program:  Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
• Risk Analysis:  Business Rationale | Risk Identification, Classification, and Assessment 
• Addressing Risk with Security Policy, Organization, and Awareness: Cyber Security Management System Scope | Organizational Security | Staff Training and Security Awareness
• Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
• Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
• Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS
• Validating or Verifying the Security of Systems: What is being done? | Developing Secure Products and Systems

Classroom/Laboratory Demo:

• PCAP Live Capture Analysis

Includes ISA Standards:

• ANSI/ISA-62443-1-1 (ANSI/ISA-99.00.01-2007), Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
• ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009), Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
• ANSI/ISA-62443-3-3, Security for industrial automation and control systems: System security requirements and security levels

NOTE:  Onsite/In-person delivery

CEU Credits: 1.4
Course Hours: 8:00 a.m - 4:00 p.m.
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the entire two-day course.

Description:

The move to using Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has exposed these systems to the same cyberattacks that have wreaked havoc on corporate information systems. This course provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

You will be able to:

• Discuss the principles behind creating an effective long term program security
• Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
• Define the basics of risk and vulnerability analysis methodologies
• Describe the principles of security policy development
• Explain the concepts of defense in depth and zone/conduit models of security
• Analyze the current trends in industrial security incidents and methods hackers use to attack a system
• Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks

You will cover:

• Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
• How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
• Creating A Security Program:  Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
• Risk Analysis:  Business Rationale | Risk Identification, Classification, and Assessment 
• Addressing Risk with Security Policy, Organization, and Awareness: Cyber Security Management System Scope | Organizational Security | Staff Training and Security Awareness
• Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
• Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
• Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS
• Validating or Verifying the Security of Systems: What is being done? | Developing Secure Products and Systems

Classroom/Laboratory Demo:

• PCAP Live Capture Analysis

Includes ISA Standards:

• ANSI/ISA-62443-1-1 (ANSI/ISA-99.00.01-2007), Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
• ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009), Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
• ANSI/ISA-62443-3-3, Security for industrial automation and control systems: System security requirements and security levels

NOTE:  Onsite/In-person delivery

CEU Credits: .7
Course Hours: 8:00 a.m - 4:00 p.m.
Certification of Completion: A Certificate of Completion indicating the total number of CEUs earned will be provided upon successful completion of the course.

Upon completion of this course, you will be able to:

• Define the types of cybersecurity risks that the oil and gas industry and energy sector face.
• Identify the recommended standards and best practices.
• Use risk analysis techniques to quantify and prioritize your organization’s cybersecurity risks.
• Define key OT architectures and components, and the cybersecurity issues related to them.
• Apply the fundamental cyber-hygiene practices applicable to all chemical industry organizations.
• Identify the cybersecurity issues associated with remote working.

NOTE:  Onsite/In-person delivery

Incident Command System for Industrial Control Systems (ICS4ICS) is designed to improve global Industrial Control System cybersecurity incident management capabilities. ICS4ICS will leverage the Incident Command System, as outlined by FEMA, for response structure, roles, and interoperability. The Incident Command System is used by First Responders globally every day when responding to motor vehicle accidents, small and large fires, hurricanes, floods, earthquakes, industrial accidents, and other high impact situations. The Incident Command System has been tested for more than 30 years of emergency and non-emergency applications, throughout all levels of government and within the private sector.