Introduction
This Process Control Cybersecurity training seminar will address the most important issues related to the protection of assets in a process control environment. Unlike traditional IT (information technology) systems, process control assets include IACS (Industrial Automation and Control Systems) which need to be protected.
Recently, three out of four organizations in the oil and natural gas industry in the Middle East have experienced a security compromise that resulted in the loss of confidential data or Operational Technology (OT) disruption. This is according to a recent study by Siemens and the Ponemon Institute. Another finding in the report is that – organizations believe that roughly one in every two cyberattacks against the OT environment actually goes undetected. The report also notes that the oil and gas industry is the target of as much as one-half of all cyberattacks in the Middle East and given its importance for the region’s economies, the risks faced by the industry are all the more pressing. OT, which encompasses systems that monitor and control physical devices and industrial processes, is increasingly interconnected with IT networks. In spite of all its benefits, this IT/OT convergence is opening up new avenues for attacks.
Course Objectives of Process Control Cybersecurity
At the end of this course the participants will be able to:
- List what process control assets need to be protected
- Understand the Current Industrial Security Environment
- List and explain the main components of the process control security standard IEC 62443
- Understand how to perform a risk assessment and apply cybersecurity counter-measures
- Learn how to perform application diagnostics, troubleshooting, and incidence response
Targeted Audience of Process Control Cybersecurity
- Operations and Maintenance Personnel
- Process Control Operators, Engineers
- Process, Plant, and Project Managers
- Process Engineers and Managers
- Instrumentation Technicians and Engineers
- System Integrators
- IT/OT Engineers and Managers Industrial Facilities
- IT/OT Corporate / Security Professionals
- Plant Safety, Security, and Risk Management
- Security Personnel in all categories
- Any individual that needs to address issues in the ever-expanding and complex field of cybersecurity in the industrial environment
Course Outlines of Process Control Cybersecurity
Day 1
Introduction and Cybersecurity Fundamentals:
- Introduction to Process Control Cybersecurity
- Understanding the Current Industrial Security Environment
- How IT and OT (Operational Technology) in the Plant Floor are Different and How They are the Same
- Overview of Process Control
- Overview of Industrial Communication Systems and Networks
- How Cyber-attacks Happen: Threats, Vulnerabilities, Attacks
- Asset Identification and Impact Assessment
Day 2
Introduction to the IACS Cybersecurity Lifecycle and ISA99 / IEC 62443
- Identification & Assessment Phase
- Design & Implementation Phase
- Operations & Maintenance Phase
- Limits of a Conventional IT Approach
- The IEC 62443 Security Approach and Standards
- Risk Analysis Risk Identification, Classification, and Assessment
- CAL (Cybersecurity Assurance Levels)
- Functional Requirements of IEC 62443
Day 3
Addressing Security Risks: Process Control Security Counter-Measures
- Antivirus, Anti-spyware
- Firewalls, Traffic Analyzers
- Encryption, Virtual Private Networks (VPNs)
- Passwords - Authentication Systems
- Access Control - Intrusion Detection / Prevention
- Network Segmentation
Day 4
Application Diagnostics and Troubleshooting
- Interpreting Device Alarms and Event Logs
- Early Indicators
- Network Intrusion Detection Systems
- Network Management Tools
- Interpreting OS and Application Alarms and Event Logs
- Application Management and Whitelisting Tools
- Antivirus and Endpoint Protection Tools
- Security Incident and Event Monitoring (SIEM) Tools
Day 5
IACS Cybersecurity Operating Procedures & Tools and Incident Response
- Developing and Following an IACS Management of Change Procedures
- IACS Configuration Management Tools
- Developing and Following an IACS Patch & Antivirus Management and Cybersecurity Audit Procedures
- Patch Management Tools
- Antivirus and Whitelisting Tools
- Auditing Tools
- Developing and Following an IACS Incident Response Plan
- Incident Investigation and System Recovery
About Istanbul
Few places compare to the vibrant, cosmopolitan city of Istanbul, whose enormous size straddles both Europe and Asia, forming a bridge between western and eastern cultures. Resting upon the natural harbor of the Golden Horn, the skyline of the once-Constantinople is pierced with minarets and ancient monuments that embody centuries of history. While it is brimming with historical landmarks and colorful markets, modern Istanbul is also well represented through its contemporary art scene, European-style café culture, world-class dining venues.
Things to do and places to visit in Istanbul
Istanbul is teeming with attractions and landmarks from historic sights and unique cuisine to lively markets and unmistakable culture. It is a thriving city, with a myriad of things to do that skillfully manage to blend every aspect of both the contemporary and the historical world.
On a city break in Istanbul be sure to:
- Visit a hammam, a traditional Turkish bath, whose origins date back to Roman times.
- Marvel at the Hagia Sophia, Süleymaniye Mosque and Blue Mosque, Istanbul's most spectacular monuments that dominate the skyline.
- Explore the Topkapi Palace Museum, one of Istanbul's most visited museums, home to over 80,000 artifacts.
- Walk through the Basilica Cistern, an underground marvel built in the 4th century.
- Be dazzled by the Grand Bazaar, one of the world's oldest and largest covered markets.
- Go shopping for exotic products and Turkish delights in the Spice Bazaar.
- Cross the bridge connecting Europe and Asia against the backdrop of the Bosphorus, or take a Bosphorus cruise.
- Taste the diversity and flavor of Turkish cuisine.
- Admire panoramas of the city from the Galata Tower.
- Walk through Taksim Square, the city's dynamic square that never sleeps.