Industrial Control System Security

Required knowledge

  • None

Target group

  • Network and system administrators, Operational Technology network operators, CISO

Date and location

  • 6 December 2021, from 9.00 till 17.00
  • Remote training session. Online course that you can access remotely.

Required material

  • Participants need to have their own laptops with a web browser pre-installed (preferably Google Chrome) and an RDP client.

Trainer and course language

  • Massimo Giaimo, Team Leader Cyber Security Solutions at Würth Phoenix
  • The course will be held in Italian.
  • The training material and certification exam are always in English.

Costs

  • Participation: € 1.000 (excl. of VAT)

Agenda

Introduction to Industrial Control System (ICS)

  • evolution of ICS
  • application areas
  • terminology
  • ICS components
  • technologies and protocols
  • attack types
  • specific threats (the cases of Stuxnet, Havex, Blackenergy, CRASHOVERRIDE, Triton/Tritis, MegaCortex, LockerGoga)
  • attacks that have become historic and directed at critical systems and infrastructures, IoT and IIoT

IT and OT networks

  • differences and similarities

Standards and reference courses

  • IEC 62443/ISA 99 Standard, ENISA Recommendation / Best Practices, NIST ICS Security 800-82 rev 2, SANS ICS410 and ICS515
  • Purdue Model in Industrial Control Systems

Legislation

  • NIS directive, Department of Information Security (DIS)

Support Tools

  • Computer Security Incident Response Team Italy

Vulnerability

  • research and exploitation of publicly available vulnerabilities

Gap Analysis

  • Gap Analysis on ICS/SCADA environments

Securing ICS

  • how to draw and realise a secure and resilient ICS infrastructure

Vulnerability Assessment & Pentest on ICS/SCADA environments

  • methods and tools, difference with VAPT on IT networks

Building a test lab

  • possibilities: PyScada, MiniNet/MiniEdit/MiniNAM/OpenPLC

Workrooms

  • Wireshark
  • GRASSMARLN
  • Shodan
  • Kamerka-GUI
  • NMAP
  • NetEye Integration / OpenVAS for the verification of ICS infrastructures

I would like to attend the training

Trainings-Form

Personal Information
Thank your very much for your request and your interest on our trainings. All information on your registration will be handled in full compliance with the policies related to the GDPR. Your personal data will treated confidentially; neither your name nor your company's name will be made accessible to third parties.