Cyber Security for Industrial Automation and Industrial Control System (PLC, DCS, SCADA and IED)

Introduction

 This hands-on, highly-interactive course includes various practical sessions and exercises. The theory learned will be applied using one of our state-of-the-art simulators. The use of interconnected microprocessors in industrial systems has grown exponentially over the past decade. Deployed for process control in Programmable Logic Controllers (PLC) and Distributed Control Systems (DCS) for many years, they have now moved into Intelligent Electronic Devices (IED) in applications such as substations, Motor Control Centers (MCC), and heat trace systems. The concern is that their connecting networks have grown as well, usually without much attention to the security ramifications. Intrusions, intentional, and unintentional, can cause safety, environmental, production, and quality problems.

The need for protecting Industrial Control Systems has grown significantly over the last few years. The combination of open systems; an increase in joint ventures; alliance partners and outsourced services; growth in intelligent manufacturing equipment; increased connectivity to other equipment/software; enhanced external connectivity; along with rapidly increasing incidents of network intrusion, more intelligent hackers, and malicious software, all lead to increased threats and the probability of attack. As these threats and vulnerabilities increase, so does the need for protection of Industrial and Control Systems.

This course introduces several categories of electronic security technologies and discusses specific types of applications within each category, the vulnerabilities addressed by each type, suggestions for deployment, and known strengths and weaknesses, as well as some forms of mitigation for the mentioned risks.

The course provides participants with practical methods for evaluation and assessment of many current types of electronic security technologies and tools that apply to the Industrial Control Systems environment, including development, implementation, operations, maintenance, engineering, and other user services. It provides guidance to manufacturers, vendors, and security practitioners at end-user companies on the technological options for securing these systems against electronic (cyber) attacks.

Objectives

Upon the successful completion of this course, participants will be able to:-

• Apply and gain comprehensive knowledge on the security of industrial control systems including SCADA, DCS & PLC and recognize their characteristics, threats, and vulnerabilities
• Identify different ISA security standards and determine industrial control system security program development and deployment
• Emphasize network architecture in industrial control system and list down the recommended firewall rules for specific services
• Determine the various industrial control system security controls including management, operational & technical controls and identify the SCADA vulnerabilities & attacks
• Employ SCADA security methods, mechanisms & techniques and explain SCADA security standards and reference documents
• Acquire knowledge on SCADA security management implementation issues & guidelines and determine the unique characteristics & requirements of SCADA systems
• Analyze the selected ISA technical papers of security issues including the physical protection of critical infrastructures & key assets, critical infrastructure protection, network security in the wireless age, etc.

Training Methodology

This is an interactive course. There will be open question and answer sessions, regular group exercises and activities, videos, case studies, and presentations on best practice. Participants will have the opportunity to share with the facilitator and other participants on what works well and not so well for them, as well as work on issues from their own organizations. The online course is conducted online using MS-Teams/ClickMeeting.

Who Should Attend?

This course provides an overview of all significant aspects and considerations of cybersecurity of industrial control system (PLC, DCS, SCADA & IED) for a broad audience that includes asset owners from the process, power, and other critical infrastructures, control systems engineers, IT engineers, IT professionals, instrumentations engineers, instrumental & control staff, information and security officers and vendors, as well as security experts from government, industry associations and academia.

Course Outline

Day 1: Overview of Industrial Control Systems

• Overview of SCADA, DCS, and PLCs
• Industrial Control System Operation
• Key Industrial Control System Components
• SCADA Systems
• Distributed Control Systems
• Programmable Logic Controllers
• Industrial Sectors and Their Interdependencies

Industrial Control System Characteristics, Threats & Vulnerabilities

• Comparing Industrial Control System and IT Systems
• Threats Potential Industrial Control System Vulnerabilities
• Risk Factors
• Possible Incident Scenarios
• Sources of Incidents
• Documented Incidents

ISA Security Standards

• ANSI/ISA-TR99.00.01-2004
• ANSI/ISA-TR99.00.02-2004
• ANSI/ISA-TR99.00.01-2007
• ANSI/ISA-TR99.00.02-2007
• ANSI/ISA-TR99.00.03-2007
• ANSI/ISA-TR99.00.04-2007

Day 2: Industrial Control System Security Program Development and Deployment

• Business Case for Security
• Developing a Comprehensive Security Program

Network Architecture

• Firewalls
• Logically Separated Control Network
• Network Segregation
• Recommended Defense-in-Depth Architecture
• General Firewall Policies for Industrial Control System
• Recommended Firewall Rules for Specific Services
• Network Address Translation (NAT)
• Specific Industrial Control System Firewall Issues
• Single Points of Failure
• Redundancy and Fault Tolerance
• Preventing Man-in-the-Middle Attacks

Day 3: Industrial Control System Security Controls

• Management Controls
• Operational Controls

Industrial Control System Security Controls

• Technical Controls

SCADA Vulnerabilities & Attacks

• The Myth of SCADA Invulnerability
• SCADA Risk Components
• Managing Risk
• SCADA Threats and Attack Routes
• SCADA Honeynet Project

Day 4: SCADA Security Methods & Techniques

• SCADA Security Mechanisms
• SCADA Intrusion Detection Systems
• SCADA Audit Logs
• Security Awareness

SCADA Security Standards & Reference Documents

• ISO/IEC 17799:2005 and BS 7799-2:2002
• ISA-TR99.00.01-2004 Security Technologies for Manufacturing and Control Systems
• ISA-TR99.00.02-2004 Integrating Electronic Security into the Manufacturing and Control Systems Environment
• GAO-04-140T Critical Infrastructure Protection, Challenges in Securing Control Systems
• NIST, System Protection Profile for Industrial Control Systems (SPP ICS)
• Federal Information Processing Standards Publication (FIPS Pub) 199, Standards for Security Categorization of Federal Information and Information Systems, February 2004
• Additional Useful NIST Special Publications

Day 5: SCADA Security Management Implementation Issues & Guidelines

• Management Impressions of SCADA Security
• SCADA Culture
• Unique Characteristics and Requirements of SCADA Systems
• Limitations of Current Technologies
• Guidance for Management in SCADA Security Investment
• NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems

Selected ISA Technical Papers on Security Issues

• The Physical Protection of Critical Infrastructures and Key Assets
• Critical Infrastructure: Control Systems and the Terrorist Threat
• Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems
• The Myths and Facts Behind Cyber Security Risks for Industrial Control Systems
• Network Security in the Wireless Age
• Remote Method Security in a Distributed Processing Architecture Supporting Generic Security Objects
• Current Status of Technical Issues Concerning Cyber Security of Control Systems for Water and Wastewater Industries
• Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
• 21 Steps to improve Cyber Security of SCADA Networks