Critical Infrastructure Security
We are right now at the cusp of a major change in the way we address ICS/OT Security. With the advent of Industrial IoT (IIoT), previously isolated infrastructure is now exposed to the cloud.
There has been an upsurge of cyber threats to industrial control systems, but the unique nature of those ICS/OT environments involves special methodologies to secure them. Many organizations are discovering that current IT security controls are inadequate to tackle ICS/OT security. At the same time, from a people perspective there's a major disconnect between the OT and IT Security teams. OT teams believe they've a good handle on security risks, whereas IT Security teams approach OT Security with the same philosophy they apply to IT - but that doesn't work. To catch up to the upsurge of increasing threat landscape, organizations acknowledge a need for first-hand cybersecurity skills, and are looking for better awareness and ICS/OT specific training for both Operational Technology employees and IT security professionals.
Effective cyber security for operational environments requires common understanding of best practices, awareness of emerging threats, and attention to existing vulnerabilities.
NII Comprehensive ICS/OT Cybersecurity Training Program
Our training program encompasses the proficiency and experience of our recognized ICS/OT industry experts to expand cybersecurity understanding. The course content is focused on providing actionable insight, not just theory. Students will gain knowledge about ICS/OT environments, cyber risk, and best practices for protection. The courses can be customized as per the requirements and can be scheduled at corporate locations of choice.
- Introduction to Cyber Security The course lays the foundation for the rest of the series. It describes the basic functions and goals of cyber security services and mechanisms.
- Overview of the OT Network The course provides an overview of how data flows through a basic OT network and how OT components and protocols ensure the safety and secure communication of data through the network.
- Cyber Security and the Industrial Network In this module of the training, participants will be introduced to the unique aspects of industrial computer networks and gain an initial perspective of the challenges in cyber security that surround these complex environments.
- Cyber Security Regulations, Frameworks & Standards This module covers current efforts by government and industry leaders in the field of cyber security as well as important developments and standards in specific regions and industries. It offers a closer look at specific industry standards created for the ICS domain. The participants will gain knowledge on the strengths and weaknesses of industry standards and become aware of additional attack vectors used by threat sources to circumvent today’s security efforts.
- Understanding Cyber Security Vulnerabilities Participants will see an overview of strategies used by expert cyber security professionals to investigate, identify, and classify vulnerabilities in an industrial network.
- ICS/OT Cyber Security Risk Assessment This topic lays the foundation for the rest of the ICS Cybersecurity Risk Assessment approach and methodologies.
- ICS/OT Vulnerabilities This topic provides an overview of different vulnerabilities and threat vectors of ICS/OT domains. It also helps in managing and tracking vulnerabilities, participants will be introduced to the unique aspects of industrial computer networks and gain an initial perspective of the challenges in cyber security that surround these complex environments.
Table of Contents
- The Changing Landscape
- Critical Sectors and Infrastructure
- How to Differentiate between Critical & Non-Critical Infrastructures?
- CKIR Sectors & CKIR Interdependencies
- Case Studies
- What is ICS?
- Processes & Dependencies
- Type of ICS Facilities
- Relevant Standards
- Common ICS Recommendations
- Why is ICS Security important?
- Safety Controls
- Consequences of Successful Cyber Attacks in ICS Environments
- Case Study
Sub-Module 1: Introduction to ICS
Sub-Module 2: Importance of Securing Industrial Network
- Common ICS Components
- ICS Architecture
- ICS Process
- Communication Channels
- ICS Topology
- Common Protocols in ICS
- SERCOS III
- Ethernet Powerlink
- OLE for Process Control
Sub-Module 1: ICS Operations
- Risk Equation
- Risk Factors associated with ICS
- Integrated IT/ICS Risks
- Cyber Threats to ICS
- Threat Agents
- Threats caused by Human Error
- Threat vs Hazard
- Risk Curve
- Attack Methodologies in IT & ICS
- Attack Elements
- Attack Model
- Attack Process
- Vulnerability Exploitation
- Maintaining & Escalating Access
- Covering Tracks
Sub-Module 1: Risk Assessment
Sub-Module 2: Threats to ICS
h4>Sub-Module 1: Vulnerability Assessment (VA)
- What can be Vulnerable?
- Assess Industrial Networks
- ICS Attack Targets
- Common ICS Vulnerabilities
- Vulnerability Factors & Root Causes
- How to know Common ICS Vulnerabilities?
- Importance of VA
- VA in Industrial networks
- Vulnerability Scanning for Configuration Assurance
- Where to perform VA scans?
- Role of NESSUS in ICS Security
- Vulnerability Management
- Performing Vulnerability Management
- Patch Management
- Configuration Management
- Vulnerability Reports
- Questions for Vendors
- Tenets of Infosec
- Disrupting Events
- Different Losses
- Proactive Measures
- Exception Reporting
- Behavioral Whitelisting
- Behavioral Anomaly Detection
- Threat Detection via Event Correlation
- What is Secure Enclaves?
- Functional Grouping
- Establishing & Securing Enclave Perimeters
- Securing Enclave Interiors
- Monitoring Enclaves
Sub-Module 2: Impacts of Cyber Incident
Sub-Module 3: Secure Enclaves
- Defense in Depth – A Layer-wise Approach to Security
- NERC CIP
- ISO/IEC 27002:2005
- NIST SP 800-82
- NIST SP 800-53
- NRC Regulations 5.71
Sub-Module 1: Defense in Depth Strategies
Sub-Module 2: Standards & Regulations
- Security Misconfiguration
- VA vs Zero-Days
- Security vs Compliance
- The Air Gap Myth