Vulnerable points and security of industrial systems (ICS) and SCADA
This course is intended for learners with an interest in Industrial Information Systems or Supervisory Control and Data Acquisition (SCADA) systems.
It provides information on the vulnerabilities and the cybersecurity risks of these systems and the means implemented to protect them.
The course lasts 2 days, a total of 14 hours, and includes 2 parts:
- A theoretical part that represents about 80% of the course
- A practical part that represents about 20% of the course.
The security of Industrial Information Systems (IIS) is now the focus of the companies who are affected by them, especially after the numerous incidents that have occurred, including Stuxnet.
These systems enable direct action to be taken in the physical world using instructions from the "logical" world to manage the production tools of many companies.
Beyond environmental and human risks, they also represent a strategic challenge for countries. The recent proliferation of incidents therefore requires mobilization to secure them and to bring about a transformation.
This mobilization is particularly true in France, where the ANSSI (National Cybersecurity Agency of France) has identified this subject as one of its priorities and has published numerous frameworks on this subject.
The question being asked today is we begin to address all these technical, organizational and safety issues.
Course level: Basic
This course is intended for all learners with an understanding of the basic principles of IS. Familiarity with ISS is an advantage.
Anthony DI PRIMA:
Manager, IS Cybersecurity Expert, Work Group Leader for and SCADA Security and IS Industrials within CLUSIF (the French Information Security Club)
- Member of the International Society of Automation (ISA)
- Certified ISO 27001 Lead Auditor and 27005 Risk Manager
The facilitator has conducted numerous risk analysis and safety audits in industrial environments. He has established security organizations and policies and supported industrialists in the implementation of their IIS security strategy.
He also provides support for critical infrastructure operators on their industrial IS cybersecurity projects.
- Module 1: Introduction to industrial IS
- Industrial IS and its components (SCADA, automation, etc.)
- Specific features and operational constraints
- Understanding the importance of industrial IS security for both the state and businesses and the regulatory aspects involved
- Module 2: The major risks related to industrial IS
- Feedback on known major incidents
- Examples of real attacks, proceedings and impacts (example of Stuxnet, blackout in Ukraine)
- Risk factors
- Major risks and categories of vulnerability
- Module 3: The framework/standard landscape
- Management IS security standards (ISO2700x)
- Overview of industrial security standards and guides, including safety
- Focus on IEC 62443
- Module 4: Initiating a security procedure
- Key success factors and good practices
- Scenarios and governance choices
- Integration with industrial safety
- Strategy for securing industrial networks
- Focus on patch management
- Module 5: Evaluating the security of facilities
- Prior diagnosis
- Test requirements for local and/or distributed facilities
- Tooling required for audits
- Most common faults
- Typical action plans to apply and the tools required
- Module 6: Practical cases
- Study of an industrial plant
- Faults/vulnerability research
- Participatory demonstration of attacks
- Discussion and debate for building an action plan
Scheduled in French:
PARIS: Achievable on demand
For the English realization, please, consult us.
€1,150 excluding tax (20% VAT)