Back
This one day introductory course provides valuable insight into the weaknesses and vulnerabilities within common Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) environments. We will discuss infamous and more recent critical infrastructure cyber-attack case studies and the vital lessons learnt. Identify systems that are discoverable and understand suitable countermeasures, threats and ICS technical controls.
Target Audience
This course is aimed at operational / engineering teams, IT staff and security practitioners working in public and private sectors who are looking to gain and insight and awareness of the security vulnerability exposure and defensive countermeasures for industrial control systems.
There are no prerequisites for this course, however, participants are expected to have a basic understanding of computers and the internet.
- Control systems – closed loop systems
- ICS logic systems – relay, ladder, programmable systems
- ICS security
- Control system vulnerabilities and weaknesses
- ICS technical security controls
- Discoverable systems - countermeasures
- Governance and standards
Module 1 – Introduction to ICS and SCADA
Introduce concepts and function of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA)
-
Control systems
- Closed loop systems
-
ICS
- Relay logic
- Programmable logic controllers
- PLC Programming
- Sequential function charts
- Ladder logic
- ICS Network protocols
- SCADA
- ICS Security
Module 2 – Introduction to Industrial Control Systems Security
- When control systems go wrong
-
Critical national infrastructure (CNI)
- Centre for the protection of national infrastructure (CPNI)
- Vulnerable systems
- Case study – STUXNET, Black Energy
- Not all ICS systems are designed with security in mind
- ICS common vulnerabilities
- Visible & discoverable ICS systems
- Risk management
- Defence in depth modified Purdue Model
- Typical ICS technical security controls
- Governance regulations
- Security standards