Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

TI Safe ICS Cybersecurity Training

18 views

Published on

Training Contents and full scope.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

TI Safe ICS Cybersecurity Training

  1. 1. ICS Cybersecurity Training Characteristics and Summary v. 2.07 Revised in 04/22/2019
  2. 2. PAGE INTENTIONALLY LEFT BLANK
  3. 3. Preface This document aims to present the "ICS Cybersecurity Training". Intellectual property All product names mentioned in this document are trademarks of their respective manufacturers. This document and the information contained here are confidential and proprietary of TI Safe. All property rights (including, without limitation, trademarks, comercial secrets, etc.) evidenced by or included in attachments or relative documents are solely for TI Safe. TI Safe provides restricted use of this material to explicitly authorized employees, customers and business partners through the integrity and confidentiality maintenance agreement. Unauthorized use, distribution, or reproduction will be considered a violation of property rights and civil or criminal measures will be applied under applicable law. Warning This document is intended to be complete and clear. TI Safe shall not be liable for any damages, financial or business losses resulting from omissions or imperfections contained herein. This document is subject to change without advance notice. It is recommended to contact TI Safe for updates and / or additional information. Contact TI Safe provides different channels of communication with its customers, suppliers and associates: Rio de Janeiro, Brazil Estrada do Pau Ferro 480 , Bloco 1, Loja R, Pechincha ZIP Code – 22743-051 – Rio de Janeiro, RJ – Brasil Telefone: +55 (21) 3576-4861 São Paulo, Brazil Rua Dr. Guilherme Bannitz, nº 126 - 2º andar Cj 21, CV 9035 - Itaim Bibi – ZIP Code - 04532-060 - São Paulo, SP - Brasil Telefones: +55 (11) 3040-8656 Salvador, Brazil Av. Tancredo Neves nº 450 – 16º andar – Edifício Suarez Trade ZIP Code – 41820-901 – Salvador, BA – Brasil Telefone: +55 (71) 3340-0633 Lisbon, Portugal Av. da Liberdade 110, 1269-046 Lisbon, Portugal Telefone: +351 21 340 4500 e-mail: contato@tisafe.com website: www.tisafe.com skype (somente voz): ti-safe Twitter: @tisafe
  4. 4. Certificate of documentation changes Version Date Author Description 1.00 03.05.2009 Marcelo Branquinho Generation of the first document 1.01 09.10.2009 Marcelo Branquinho Review and update of inserted topics 1.02 10.13.2009 Marcelo Branquinho Content review for 20 hours 1.03 04.13.2010 Marcelo Branquinho OPC Security Inclusion 1.04 07.19.2011 Marcelo Branquinho Inclusion of new chapters based on information security and practical demonstrations of attacks on networks and systems 1.05 07.26.2011 Marcelo Branquinho Conceptual review of the summary 1.06 07.28.2011 Marcelo Branquinho Conceptual review of the summary 1.07 07.30.2011 Marcelo Branquinho Conceptual review of the summary 1.08 08.03.2011 Marcelo Branquinho Conceptual review of the summary 1.09 08.06.2011 Marcelo Branquinho Conceptual review of the summary 1.10 08.10.2011 Marcelo Branquinho Conceptual review of the summary 1.11 08.12.2011 Marcelo Branquinho Conceptual review of the summary 1.12 08.16.2011 Marcelo Branquinho Conceptual review of the summary. Insertion of case study for CSMS Framework. 1.13 09.06.2011 Marcelo Branquinho Conceptual review of the summary 1.14 04.04.2012 Marcelo Branquinho e Jan Seidl Review of several chapters with content addition and technological update of the training. 1.15 06.027.2012 Marcelo Branquinho Added theoretical reference in the summary. 1.16 10.10.2012 Marcelo Branquinho Added content in the apostille and revised the sequence of chapters. Chapter 12 created. 1.17 05.09.2013 Marcelo Branquinho Inserted content about one-way security gateways. 1.18 05.21.2013 Marcelo Branquinho Updated content standards with NERC-CIP. 1.19 06.11.2013 Marcelo Branquinho Inserted content about continuous monitoring. 1.20 08.12.2013 Marcelo Branquinho Included ANSI / ISA-100.11a standard and revised security content in industrial wireless networks. 1.21 09.19.2013 Marcelo Branquinho Change in chapter order and lesson plan. 2.01 11.28.2017 Marcelo Branquinho Conceptual review of the summary according to ICS.SecurityFramework. 2.02 12.08.2017 Marcelo Branquinho New document layout. 2.03 12.11.2017 Marcelo Pessoa Review of indexing of apostille. 2.04 08.02.2018 Marcelo Branquinho English version revision 2.05 08.13.2018 Marcelo Branquinho Update with new contents. 2.06 02.09.2019 Marcelo Branquinho Update with new contents. 2.07 04.22.2019 Marcelo Branquinho Update with new Cyber Security for Industry 4.0 (IIoT) chapter.
  5. 5. Summary Data Training name ICS Cybersecurity Training Reasons for the creation of "ICS Cybersecurity Training". • There was no other similar training in Latin America • Professional experiences in developing and deploying solutions for ICS Cybersecurity already waved vulnerabilities in critical infrastructures, and training would disseminate this culture. Offer justification The course fills a market segment that has great demand from industries whose infrastructures are critical to the nations. This is the first Latin American Traning, with Portuguese and English versions, to teach the application of the good practices of ANSI/ISA 99 and ISA-IEC 62443 standards for the cyber security of industrial systems and networks. Fulfills all ISA requirements (details at http://www.isa.org/) for ICS cybersecurity. Goals Educate professionals to be capable of identifying risks in industrial networks, as well as recommend the main countermeasures for them, according to the main international security standards and the ICS.SecurityFramework methodology developed by TI Safe. To capacitate professionals to design and deploy the CSMS (Cyber Security Management System) in critical infrastructure automation networks. Student Profile IT or OT professionals with knowledge of operating systems, network protocols, programming languages, hardware and software. Desirable knowledge in information security and Industrial Control Systems (ICS). English language proficiency is recommended for watching videos and reading training support material. Field of activity ICS Cybersecurity. Workload and course duration The course is available in a 20 hours format, divided into 5 periods of 4 classroom hours each.
  6. 6. Theoretical reference In the preparation of the apostille and materials presented in the training were used technical contents from several sources of research that are part of the recommended bibliography: • “Segurança de Automação Industrial e SCADA”, written by TI Safe Team – Elsevier publisher • “Securing SCADA Systems”, written by Ronald L. Krutz – Wiley publisher. • “Techno Security's Guide to Securing SCADA” written by Jack Wiles, Ted Claypoole, Phil Drake, Paul A. Henry, Lester J. Johnson Jr, Sean Lowther, Greg Miles e James H. Windle – Syngress publisher. • “Protecting Industrial Control Systems from Electronic Threats”, written by Joseph Weiss. Momentum Press publisher. • “The Stuxnet Computer Worm and ICS Security”, written by Jackson C. Rebane. Nova Publisher. • “Inside Cyber Warfare”, written by Jeffrey Carr. O´Reilly publisher. • “Cyber War: The Next Threat to National Security and What to Do About It”, written by Richard A. Clarke e Robert Knake. Ecco publisher. • “Cyberpower and National Security (National Defense University)”, written by Franklin D. Kramer, Stuart H. Starr e Larry Wentz. NDU Press publisher. • “A Arte de Enganar”, written by William L. Simon, Kevin Mitnick, Makron Books publisher. This comprehensive bibliography includes the same technical benchmarks used in the official ICS cybersecurity training programs of the major North American cyber defense institutes and is based on the recommended content for training and awareness plans of the ISA/IEC 62443 standard. Text Books The training apostilles were prepared in Portuguese and English and distributed in digital format (PDF file). They are constantly updated and improved. In addition to the mentioned bibliographical references, we have the important support of the leading companies in the ICS Cybersecurity arena to ensure that we have the insights on the latest industrial systems defense technologies used today. Picture: Module 1 cover sheet One week before the start date of each training, TI Safe will send the data so that enrolled students can download the apostille and supporting material from the Internet. It is up to each student to print the apostille or take their laptop or tablet to classes with the apostille in digital format. TI Safe respects the environment and natural resources and follows strictly the principles of its environmental policy, so it does not print or recommend the printing of digital files.
  7. 7. Practical Classes and Technical Demonstrations During the training will be held practical classes and technical demonstrations of attacks and defenses against simulated automation networks. For the demonstration of attacks against industrial networks we counted on simulators of automation networks industrial plants shown in the figure below: Figure: Industrial Network Simulators used in the ICS Cybersecurity Training Trainning Agenda
  8. 8. Goals and Contents Module Goals Contents Module 1 - Introduction Presentation of training objectives rules, instructors and students. • Brief presentation of instructors and students. • Presentation of the training agenda and objectives, bibliography and supporting material. • About TI Safe. Module 2 - Risks Overview of a SCADA system, its elements, protocols and typical architecture. Definition of critical infrastructures, their importance and presentation of recent cyberterrorism cases. Presentation of the types of attackers, the market that feeds the cyber attacks and the main challenges for implementation of cyber security in critical infrastructures Presentation of techniques for the elaboration of risk analysis in industrial networks according to ISA/IEC-62443 standard and the TI Safe´s ICS.SecurityFramework methodology. • Overview of an ICS • Industrial control systems architecture. The Purdue model (ISA-95) • Industrial networks • SCADA systems • Industry 4.0 • What are Critical Infrastructures? • Cyber warfare – the 5th dimension of war • Characteristics of the new attackers • The cybercrime Market • The Dark Web • Vulnerabilities in industrial control systems • History of cyber attacks to industrial networks • Malware, the main hacker´s weapon • Cyber security challenges for industrial control systems • Basic concepts • Risk Scenarios • Classification of critical infrastructure networks • Classification method • Risk analysis • Controls evaluated in static analysis • Physical security analysis • Dynamic analysis • Example of Risk Analysis Report (ACME company) Module 3 - Planning Presentation of methods for the development of an Industrial Cyber Security Plan. • Considerations for a cybersecurity strategy • Planning for deployment of cybersecurity countermeasures in an industrial network • ICS Cybersecurity Plan example (ACME Company)
  9. 9. Module 4 - Controls Governance and Monitoring: Presentation of the main international standards that guide the implementation of cybersecurity policies in industrial networks. Basic concepts for the development of a business continuity plan (BCP). Edge Security: Presentation of Firewalls, VPNs, unidirectional security gateways and strategies for security in industrial WiFi networks. Industrial Network Protection: Details of the defense in depth strategy recommended by ANSI/ISA-99 / ISA 62443 and presentation of the zones and conduits model Presentation of cyber security solutions used for industrial network protection. Malware Control: Presentation of the weaknesses of solutions traditionally used for malware protection in automation networks. Malware control in OT networks and presentation of modern solutions to prevent malware attacks. Data Security: Presentation of threats to access to computer networks and the weaknesses of remote access to industrial networks. Presentation of solution for second factor of authentication in systems and industrial applications. Cybersecurity for Industry 4.0 (IIoT): Presentation of the challenges of implementing cyber security for industry 4.0, based on IIoT (Industrial Internet of Things). Education and Awareness: Presentation of concepts to build an education and awareness plan aiming at establishing the culture of cyber security for automation networks. • Reference standards • The ANSI/ISA 99 | ISA/IEC 62443 standard • The NIST 800-82 Guide • The NERC-CIP standard • Industrial Internet Consortium • Automation security policies • Business Continuity Plan (BCP) • Firewall architectures and DMZ deployment • Next generation firewalls • VPNs and Unidirectional security gateways • Industrial WiFi security • Why do security solutions fail? • Direct attacks on the control network • Zones and Conduits Model • Network segmentation with NGFW and services • VLANs • Industrial firewalls. • Zero Trust Architecture • Inventory and asset visibility with Machine Learning • The use of antivirus and patches in OT networks • Blacklisting x Whitelisting • Example of solution for protection against malware infections in automation networks • Threats to access control • Access Control: Concepts and Methodologies • Main authentication mechanisms. • Remote access to industrial networks and SCADA • Example of solution for second authentication factor in remote access to industrial networks. • What are IoT and IIoT? • IIoT in Manufacturing. • IoE - IIoT in energy networks. • Cloud security. • Security framework for IIoT. • Education and awareness plan • Training and certifications available on the market • Awareness-raising methods • Main international events
  10. 10. Module 5 - Monitoring Presentation of methods for the implementation of continuous monitoring in automation plants, including SIEM technologies and managed security services (ICS-SOC). Presentation of new technologies for ICS Cybersecurity. • Continuous monitoring and trends • What to monitor in an automation network? • Basics and benefits of using an SIEM tool • Internal Monitoring Center • Challenges for implementing a SOC • TI Safe ICS-SOC • Trends in industrial cyber Security Module 6 - Pratices Ensure that the student has contact with the main hacking techniques and also the ICS Cybersecurity countermeasures presented during the training. • Initial setup of simulators and attacker machine on Kali Linux • Web Target Scanning with Shodan • Port scanning and services (Port Scan) • Scan PLC variables using Wireshark • Internal DoS Attack against PLC • DoS Attack against IIoT • Attack throught the values manipulation of PLC control variables • Development of Ciberweapon for remote control • Attack on the PLC via cyberweapon in PDF • Demonstrations and practices of cyber security countermeasures. • Demonstration of malware control solution for USB scanning • Demonstration of Malware industrial endpoint protection • NGFW Log Inspection Demo • Demonstration of Industrial Network Protection solution with Machine Learning • Demonstration of Industrial Intelligence using SIEM Tool
  11. 11. PAGE INTENTIONALLY LEFT BLANK

×