Back to category

CYB-210
Secure IT architectures and developments - 2020

Vulnerable points and security of industrial systems (ICS) and SCADA

OBJECTIVE :

This course is intended for learners with an interest in Industrial Information Systems or Supervisory Control and Data Acquisition (SCADA) systems.

It provides information on the vulnerabilities and the cybersecurity risks of these systems and the means implemented to protect them.

COURSE DURATION AND TIMETABLE :

The course lasts 2 days, a total of 14 hours, and includes 2 parts:

  • A theoretical part that represents about 80% of the course
  • A practical part that represents about 20% of the course.

GENERAL APPROACH :

The security of Industrial Information Systems (IIS) is now the focus of the companies who are affected by them, especially after the numerous incidents that have occurred, including Stuxnet.

These systems enable direct action to be taken in the physical world using instructions from the "logical" world to manage the production tools of many companies.

Beyond environmental and human risks, they also represent a strategic challenge for countries. The recent proliferation of incidents therefore requires mobilization to secure them and to bring about a transformation.

This mobilization is particularly true in France, where the ANSSI (National Cybersecurity Agency of France) has identified this subject as one of its priorities and has published numerous frameworks on this subject.

The question being asked today is we begin to address all these technical, organizational and safety issues.

PREREQUISITE :

Course level: Basic

This course is intended for all learners with an understanding of the basic principles of IS. Familiarity with ISS is an advantage.

COURSE DIRECTOR(S) :

Anthony DI PRIMA:

Manager, IS Cybersecurity Expert, Work Group Leader for and SCADA Security and IS Industrials within CLUSIF (the French Information Security Club)

  • Member of the International Society of Automation (ISA)
  • Certified ISO 27001 Lead Auditor and 27005 Risk Manager

Notable experience:

The facilitator has conducted numerous risk analysis and safety audits in industrial environments. He has established security organizations and policies and supported industrialists in the implementation of their IIS security strategy.

He also provides support for critical infrastructure operators on their industrial IS cybersecurity projects.

CONTENT :

  • Module 1: Introduction to industrial IS
    • Industrial IS and its components (SCADA, automation, etc.)
    • Specific features and operational constraints
    • Understanding the importance of industrial IS security for both the state and businesses and the regulatory aspects involved
  • Module 2: The major risks related to industrial IS
    • Feedback on known major incidents
    • Examples of real attacks, proceedings and impacts (example of Stuxnet, blackout in Ukraine)
    • Risk factors
    • Major risks and categories of vulnerability
  • Module 3: The framework/standard landscape
    • Management IS security standards (ISO2700x)
    • Overview of industrial security standards and guides, including safety
    • Focus on IEC 62443
  • Module 4: Initiating a security procedure
    • Key success factors and good practices
    • Scenarios and governance choices
    • Integration with industrial safety
    • Strategy for securing industrial networks
    • Focus on patch management
  • Module 5: Evaluating the security of facilities
    • Prior diagnosis
    • Test requirements for local and/or distributed facilities
    • Tooling required for audits
    • Most common faults
    • Typical action plans to apply and the tools required
  • Module 6: Practical cases
    • Study of an industrial plant
    • Faults/vulnerability research
    • Participatory demonstration of attacks
    • Discussion and debate for building an action plan

 

WHEN AND WHERE :

Scheduled in French:

PARIS: Achievable on demand

 

For the English realization, please, consult us.

COURSE FEES :

€1,150 excluding tax (20% VAT)

See general terms

Dowload pdf
Print
Download registration form
Contact us

EUROSAE est prêt à vous accueillir dans les conditions optimales de sécurité et d’efficacité, malgré la crise sanitaire.