An informative Online Tech-Talk#3 session to "discover cost-effective ways of enhancing your OT/ICS cybersecurity skills and how to get yourself trained, certified for IEC62443 certification with John Kingsley" held on 8th April 2023 at 6:00 PM IST*
Learn how to achieve this without spending a fortune!
✳ What is the difference between training, certificate and certification
✳ What are the accredited trainings available for IEC 62443
✳ What are the accredited trainings available for OT/ICS cyber security
✳ What are the trainings available for OT/ICS cyber security
✳ Trainings you never knew existed 😮 😱
✳ Maximum value for your money 💲 💰
✳ Shortlisted based on value, cost, coverage, concepts 🎯
✳ Affordable trainings available for OT/ICS cyber security 🛠 🏭
✳ OT trainings PLC, SCADA, Industrial communication protocols 📡
✳ Further Reading on OT/ICS cyber security 📖 📚
All the presentation material for this sessions are available in below links!!
Affordable OT ICS Cybersecurity and other OT Trainings
https://lnkd.in/gfZMfacB
Get yourself trained or Certified for IEC 62443 and other trainings
https://lnkd.in/gnsQkKFs?
So you want to be an OT (ICS)Cybersecurity Engineer
https://lnkd.in/gN4X5FkR
OT Security Professionals TechTalk3 - Discover the Path to OT Security by John Kingsley
Your jumpstart guide on how to get yourself trained, certified for IEC 62443 and OT/ICS Cybersecurity trainings available.
✳ What is the difference between training, certificate and certification
✳ What are the accredited trainings available for IEC 62443
✳ What are the accredited trainings available for OT/ICS cyber security
✳ What are the trainings available for OT/ICS cyber security
✳ Further Reading on OT/ICS cyber security
SANS Institute Abhisam Software Industrial Control System Cyber Security Institute LLC GIAC Certifications International Society of Automation (ISA) exida TÜV Rheinland Group TÜV SÜD Justin Searle CertX Infosec UL Solutions Joel Langill Fedco International Pedro Wirya
#cybersecurity #otcybersecurity #automation #industrialsecurity #networksecurity #security #safety #iec62443 #training #ISA #ISABangalore #ISAsafesec #safesec #Safesecdivision #securityprofessionals #scadahacker #infosec ISA SAFETY AND SECURITY DIVISION ISA BANGALORE OT-ICS/SCADA SECURITY PROFESSIONALS Puneet Tambi Manjunath Hiregange Shiv Kataria Shamikkumar Dave Thilak A Vineet Madan Prabh Nair Infosec Train
-------------------------------------------------------------------
For more such thoughtful content, like, share and follow me to receive notifications and updates!
2. Introduction
17 years of Experience in Industrial Automation and Design
Senior Member, International Society of Automation
Member, ISA Security Compliance Institute (ISCI)
exida Cybersecurity Practioner
ISA/IEC62443 Certified Cybersecurity Fundamentals
Specialist
Expertise:
Industrial Network Architecture Design and Implementation
Consulting, Security Assessments (Risk, Gap and Vulnerability)
Compliance verification and Auditing
Security solution implementation
Product/system certification
Strategy and Advisory
Domain : Oil and Gas, Petrochemicals, Marine, Energy
John Kingsley S
https://www.linkedin.com/in/sjkingsley/
https://www.youtube.com/watch?v=npYC1xmp10Y
3. What is the difference between training,
certificate & personnel certification
Training courses will help you learn, grow, and build your skills — you'll get better at what
you do! Usually a knowledge sharing or transfer.
Certificate is provided upon completion of training program, and may include an
assessment. It may or may not be accredited.
Certification will authenticate and validate your skills (credentials) — you'll get recognized
for what you do and your certification will be provided by an accredited body
Exida has a very good video explaining Certification vs Certificate
Compiled by John Kingsley
4. Lets see what are different
personnel certifications &
trainings
OT/ industrial control system cybersecurity
Compiled by John Kingsley
https://www.youtube.com/watch?v=npYC1xmp10Y
6. ISA/IEC 62443 Cybersecurity Certificate
Program
Covering the Complete Cybersecurity Lifecycle for Industrial Automation and Control
Systems
• Certificate 1: ISA/IEC 62443 Cybersecurity Fundamentals Specialist
• Certificate 2: ISA/IEC 62443 Cybersecurity Risk Assessment Specialist
• Certificate 3: ISA/IEC 62443 Cybersecurity Design Specialist
• Certificate 4: ISA/IEC 62443 Cybersecurity Maintenance Specialist
The ISA/IEC 62443 Cybersecurity certificates are awarded to those who successfully
complete a designated training course and pass a 75-100 question multiple choice exam.
Become a member of ISA today. For more info contact ISA Bangalore
cybersec4isab@gmail.com for special price
certification
Compiled by John Kingsley
7. ISA/IEC 62443 Cybersecurity Certificate
Program
Certificate 1 is mandatory
Certificate 2,3 and 4 can be taken in any order
Individuals who achieve Certificates 1, 2, 3, and 4 are automatically designated as ISA/IEC 62443
Cybersecurity Experts
certification
Compiled by John Kingsley
8. Exida
Personnel Certification Programs
CACE / CACS (IEC 62443 Certified Automation Cybersecurity Expert and Specialist)
Participation in the CACE / CACS certification specialties can provide many benefits to you
and your company. CACE / CACS certification allows individuals to demonstrate their
competency in a specialized field that is growing and in high demand. Attaining
certification will make you a more valuable employee and can open the door to career
advancement.
CACE / CACS certified staff helps companies demonstrate their organization’s expertise and
their commitment to providing best-in-class services to their customers.
Attending training is not mandatory, Application for CACE/CACS includes exam + case study
+ referees + experience
certification
Compiled by John Kingsley
9. Exida
THE CERTIFIED AUTOMATION CYBERSECURITY EXPERT (CACE)
• This certification is targeted for engineers and control system administrators who are involved in
establishing, designing and implementing a comprehensive cybersecurity strategy for complex
industrial control or SCADA systems. The specialty allows these individuals to demonstrate their
competency in leading and managing complex ICS cybersecurity programs as well as evaluating and
assessing the cybersecurity of existing ICS systems or system designs.
THE CERTIFIED AUTOMATION CYBERSECURITY SPECIALIST (CACS)
• This certification is appropriate for engineers and technicians responsible for the design, installation &
commissioning, and maintenance of industrial control or SCADA systems. The specialty allows these
individuals to demonstrate their understanding and appreciation of IACS cybersecurity principles and
best practices as they apply to operating and maintaining the security of their industrial automation
and control systems. Furthermore, the specialty evaluates the candidate’s competency in
understanding, applying and maintaining technical cybersecurity controls in their day-to-day activities.
certification
Compiled by John Kingsley
10. Exida
CACE VS. CACS
CACE:
Certified Automation Cybersecurity Expert (CACE) is for
persons where control system cybersecurity is a major
part of their job’s roles and responsibilities:
•Security Architect
•Network Security Engineer
•Information Systems Security Engineer
•Security Assessor
•Security Consultant
•Automation Network Designer
•ICS Senior Cybersecurity Consultant
CACS:
Certified Automation Cybersecurity Specialist (CACS)
is for persons where control system cybersecurity is
just one aspect of their job’s roles and
responsibilities:
•I&E Technician
•Controls Engineer
•Safety Engineer
•System Integrator / Project Engineer
•Automation Suppliers / Vendor Project Engineer
•Auditors (Consultants / Government / Internal)
•IACS Cybersecurity Consultant
• Automation Cybersecurity
• Integration Cybersecurity
• Software Development Cybersecurity
CACE / CACS Specialties (one can select any one specialty for exam assessment)
certification
Compiled by John Kingsley
11. GIAC Certifications
Global Industrial Cyber Security Professional Certification (GICSP)
The GICSP bridges together IT, engineering and cyber security to achieve security for
industrial control systems from design through retirement. This unique vendor-neutral,
practitioner focused industrial control system certification is a collaborative effort between
GIAC and representatives from a global industry consortium involving organizations that
design, deploy, operate and/or maintain industrial automation and control system
infrastructure. GICSP will assess a base level of knowledge and understanding across a
diverse set of professionals who engineer or support control systems and share
responsibility for the security of these environments.
Training provided by SANS is not mandatory and exam can be attempted without training
certification
Compiled by John Kingsley
12. GIAC Certifications
GIAC Response and Industrial Defense (GRID)
The GRID certification is for professionals who want to demonstrate that they can perform
Active Defense strategies specific to and appropriate for an Industrial Control System (ICS)
network and systems. Candidates are required to demonstrate an understanding of the
Active Defense approach, ICS-specific attacks and how these attacks inform mitigation
strategies. Candidates must also show an understanding of the strategies and fundamental
techniques specific to core subjects with an ICS-focus such as network security monitoring
(NSM), digital forensics and incident response (DFIR).
GIAC Critical Infrastructure Protection Certification (GCIP)
The GCIP certification validates that professionals who access, support and maintain the
critical systems have an understanding of the regulatory requirements of NERC CIP as well
as practical implementation strategies.
certification
Compiled by John Kingsley
13. TÜV Rheinland Cyber Security Training
Program
1. Fundamentals of Cyber Security
2. Cyber Security in Industrial Product Development
3. Security Risk Assessment
4. Cybersecurity in Automotive acc. to ISO/SAE 21434
Fundamentals course + any specialization = CySec Specialist (TÜV Rheinland) certificate
This award demonstrates competency with respect to either assessing and specifying Industrial
Automation Control and Safety System (IACS) Security or product security and provides a skill set
enabling staff to fulfill responsibilities and to perform activities to recognized standards of
competence
Provided by TUV Rheinland or its authorized partners
certification
Compiled by John Kingsley
14. UL Solutions
ISA/IEC 62443 Training for Product and System Manufacturers
Design more secure industrial products and components with cybersecurity training for
engineers based on ISA/IEC 62443-4-1 and 4-2. On completion of above training, optionally
candidates can sit for UL Certified CCSP Professional Exam
ISA/IEC 62443 Training for System Integrators of Industrial Automated Control Systems
Cybersecurity training for engineers designing and integrating solutions, services and
systems for industrial applications based on ISA/IEC 62443-2-4, 3-2 and 3-3. No
certification exam.
ISO/SAE 21434 Cybersecurity Certification Training for the Automotive Industry
On completion of above training, optionally candidates can sit for UL Certified
Cybersecurity Professional Training in Automotive
certification
Compiled by John Kingsley
15. CERTX
ISA/IEC-62443 CyberSecurity Red Belt Certification by CERTX
CertX’s CySec team develops this program to provide complete cyber security training
course based upon the ISA/IEC 62443 standard for Industrial Automation and Control
Systems (IACS). During the four-day training program you will become familiar with
relevant cyber security terminology and activities, you get an excellent understanding of
the IEC 62443 Standard and you will learn to apply your new knowledge and skills within
the practice of your own organization.
certification
Compiled by John Kingsley
16. CSSA by INFOSEC Institute
Certified SCADA Security Architect (CSSA)
This learning path teaches you how to defend the Supervisory Control and Data Acquisition
(SCADA) and Industrial Control Systems (ICS) that manage our nation’s critical
infrastructure. Fourteen courses build your SCADA security knowledge around the eight
Certified SCADA Security Architect (CSSA) domains. You’ll learn to defend against common
SCADA threats and vulnerabilities, conduct risk assessments, implement remote access and
physical controls, and more. You’ll be prepared to earn your CSSA certification and validate
your SCADA security knowledge upon completion.
Training is not mandatory, certification Exam can be attempted directly for a cost.
certification
Compiled by John Kingsley
18. Exida
Certificate Programs
CSP (IEC 62443 Cybersecurity Practitioner)
The exida Cybersecurity Practitioner (CSP) program is a certificate program that provides confirmation that an attendee
shows competency by retaining the knowledge presented in various exida Academy IEC 62443 based IACS (Industrial
Automated Control System) cybersecurity courses.
The CSP program also provides an analysis of where the candidate’s strengths and weaknesses lie, helping participants judge
their competency level if interested in obtaining a certification like the CACE or CACS.
CSP Specialty Course Code Course Name
Automation Cybersecurity CS 102 Industrial Automation Control Systems (IACS) IEC
62443 Cybersecurity Lifecycle
Automotive Cybersecurity AUT 206 Automotive Cybersecurity
Safety Software Development CS 201 IEC 62443 Cybersecurity Software Development
Integration Cybersecurity CS 204 IEC 62443 Cybersecurity for Integrators and Solution
Providers
Training/certificate
Compiled by John Kingsley
19. Industrial Control System Cyber Security Institute
ICS Cyber Security Training Curriculum by ICSCSI / SCADA Hacker Joel Langil
ICSCSI believes that teaching industrial security cannot be a “one size fits all” approach - the most
common negative aspect with existing, large-scale industrial security training programs. This is the
reason training needs to be offered to align with a client’s training objectives and required skills.
This is best accomplished with a curriculum that includes courses that vary in length and content
while aligning with the trainees' individual job skill requirements.
Training
Horizon
Workforce
Training Target
Recommended Training Course(s) Course
Duration
1 year 100 % Introduction to Industrial Control System Cyber Security <1 day
75 % Fundamentals of Information Technology and Operational
Technology Systems
3 days
1-2 years 50 % Conducting Asset Inventories for DoD Facility-Related
Control Systems using the Army Methodology
3 days
1-3 years 25% Fundamentals of Industrial and Facility-Related Control
System Cyber Security
5 days
1-5 years 5% NEW!!! Ethical Hacking for Industrial Control Systems 5 days
Training/certificate
Compiled by John Kingsley
20. Industrial Control System Cyber Security Institute
Additional information on each of the courses can be viewed
by selecting from the following list:-
•Introduction to Industrial and Facility-Related Control System
Cyber Security
•Fundamentals of Information (IT) and Operational Technology
(OT) Systems
•Conducting Asset Inventories for U.S. Department of Defense
Facility-Related Control Systems using the Army Methodology
•Fundamentals of Industrial and Facility-Related Control
System Cyber Security
•NEW!!! Ethical Hacking for Industrial Control Systems
ICS Cyber Security Training Curriculum by ICSCSI / SCADA Hacker Joel Langil
Training/certificate
Compiled by John Kingsley
21. SAN OT/ICS Trainings
ICS410: ICS/SCADA Security Essentials
ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and
knowledge for industrial cybersecurity professionals. The course is designed to ensure that the
workforce involved in supporting and defending industrial control systems is trained to keep the
operational environment safe, secure, and resilient against current and emerging cyber threats.
ICS515: ICS Visibility, Detection, and Response
ICS515: ICS Visibility, Detection, and Response will help you gain visibility and asset identification in
your Industrial Control System (ICS)/Operational Technology (OT) networks, monitor for and detect
cyber threats, deconstruct ICS cyber attacks to extract lessons learned, perform incident response,
and take an intelligence-driven approach to executing a world-leading ICS cybersecurity program to
ensure safe and reliable operations. Note: This class was previously named ICS515: ICS Active
Defense and Incident Response. The course has gone through a significant update changing much of
the content, most of the labs, and adding a day in course length.
Training/certificate
Compiled by John Kingsley
22. SAN OT/ICS Trainings
ICS612: ICS Cybersecurity In-Depth
ICS612 is an in-classroom lab setup that move students through a variety of exercises that
demonstrate how an adversary can attack a poorly architected ICS and how defenders can
secure and manage the environment. Representative of a real ICS environment, the
classroom setup includes a connection to the enterprise, allowing for data transfer (i.e.,
Historian), remote access, and other typical corporate functions.
ICS456: Essentials for NERC Critical Infrastructure Protection
The ICS456: Essentials for NERC Critical Infrastructure Protection course empowers
students with knowledge of the what and the how of the version 5/6/7 standards. The
course addresses the role of the Federal Energy Regulatory Commission (FERC), North
American Electric Reliability Corporation (NERC), and Regional Entities, provides multiple
approaches for identifying and categorizing BES Cyber Systems, and helps asset owners
determine the requirements applicable to specific implementations.
Training/certificate
Compiled by John Kingsley
23. SAN OT/ICS Trainings
ICS418: ICS Security Essentials for Managers
The ICS418: ICS Security Essentials for Managers course empowers leaders responsible for
securing critical infrastructure and operational technology environments. The course
addresses the need for dedicated ICS security programs, the teams that run them, and the
skills required to map industrial cyber risk to business objectives to prioritize safety. ICS418
will help you manage the people, processes, and technologies necessary to create and
sustain lasting ICS cyber risk programs while promoting a culture of safety, reliability, and
security.
Training/certificate
Compiled by John Kingsley
24. OT/ICS Cybersecurity Trainings
Certified Industrial Cybersecurity Professional (CICP) by ABHISAM
Standard - Exam & Certification as CICP
Advanced – Includes all from Standard and 62443-2-4 compliance & Supply chain security
INDUSTRIAL SECURITY TRAINING BASED ON IEC 62443 by TUV SUD
Basic understanding of it security for industrial control and automation systems according
to IEC 62443
Training/certificate
Compiled by John Kingsley
25. OT/ICS Cybersecurity Trainings
AaECS: Assessing and Exploiting Control Systems & IIoT
Course by Justin Searle, SANS Instructor for ICS 410. It focuses on performing security
assessments of ICS/OT neworks, systems, and technologies. This course can be offered as
individual modules or a variable length course with your choice of modules.
ICS/SCADA Cybersecurity Course by EC Council
The ICS/SCADA Cybersecurity course is a hands-on training module that teaches the
foundations of security and defending network architectures from attacks. Students will
learn to think like a malicious hacker to defend their organizations. The focus in the course
is on the Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition
(SCADA) Systems.
Training/certificate
Compiled by John Kingsley
26. OT/ICS Cybersecurity Trainings
ICS/OT CYBER SECURITY COURSES by FEDCO Indonesia
(Basic - Intermediate - Advanced)
As the first to build ICS/OT Cyber Security mindset is through our basic course level, titled “ICS/OT Cyber
Security Awareness“, aimed at all people who have interaction and responsibility related to ICS/OT
environment direct or indirect.
The second level is the intermediate course level, titled “ICS/OT Cyber Security Management System“,
intended as the next more technical course for technical personnel dealing with daily activities in ICS/OT
environment.
The third level is the advanced course level, titled “ICS/OT Cyber Security Assurance“, as the ultimate
course level to combine advanced technical coverage with an integrated workshop using ICS/OT testbed
and emulation environment. This course is developed to provide the thorough technical aspects of the
latest ICS/OT cyber security technology, methodology, and approach in order to ensure the cyber security
assurance in the Critical Infrastructure industry.
ICS Engineering and Cyber Security Testbed
Training/certificate
Compiled by John Kingsley
27. https://www.linkedin.com/in/sjkingsley/
Follow me on
So you want to be an OT (ICS)Cybersecurity Engineer
Further Reading
Interview with John Kingsley on Data Convergence - Digital Transformation, Industry 40 , IIoT & Emerging Tech
Advances in Building Automation System and possible Career Tracks
Safety Instrumented System (SIS) Cyber Security Best Practice
What is SAST & DAST, and how is it related to IEC 62443
In your view, which of these best describes your control system cyber security program?
Critical Industrial Control Systems are Hacker Targets Again (they always have been)
Why Do Hackers Target Industrial Control Systems?
YOUR ACTION PLAN FOR PROFESSIONAL DEVELOPMENT
28. Exida
Summary of Exida Cybersecurity Certification Programs
Scroll down to see summary or read through from start.
Certification Scheme List
This is very important to understand what is the Scheme they are following, who is the
Scheme Owner, any specific Scheme Document they are adhering to, and who is the
relevant Accreditation body and what standard they are accredited for.