New portable hands-on industrial control system cyber security training kit and course
New course material from Cybati has been used in FBI and university training programs, and is now available commercially.
Distributed control and SCADA systems provide automation for such critical infrastructure as the bulk electric grid system, natural gas and oil distribution, transportation, fresh water/waste water, manufacturing, food, and defense. Many control systems are electronically connected to networks of less trust, potentially even a slight distance away from the Internet. It is paramount to the safety of our society to understand the architecture of these systems and how to protect them.
The Cybati three-day hands-on course, Critical Infrastructure Control System Cyber Security, is a real-world training session for intermediate to advanced programmers, cyber professionals, and engineers covering control system vulnerabilities, threats, and mitigating controls. This course provides hands-on analysis of DCS and SCADA environments, allowing participants to understand the impacts of attacks like Stuxnet, and supporting mitigating controls as defined in the NERC reliability standards, Department of Homeland Security CFATs, and other industry and government based recommended controls, such as ISA, NIST, NNSA, IEC, NRC, EPA, INGAA, FDA, and CPNI.
Participants learn control system cyber architecture, ladder logic programming, cyber vulnerability assessments, and attack surface analysis, along with mitigating physical, cyber, and operational controls. Hands-on laboratories include attacking and protecting PLCs and other control system hardware. Participants perform actual man-in-the-middle injections leading to false operator displays, rogue PLC administration, and automation and safety-system ladder logic analysis to identify potential failure models and mitigating controls.
Matthew E. Luallen, Cybati co-founder and president says, “Recent events such as Stuxnet, and exploits and vulnerabilities discussed at conferences such as Blackhat and Defcon are a concern to any modern society. This hands-on training environment and course material allows participants to focus on the vulnerabilities associated with control systems, tactically understand the risks and identify security controls. The control system training kit and courseware provides real world examples of cyber security risks and controls that can help asset owners protect their investment.”
Watch a video of DePaul University students who have completed a similar course.
Edited by Peter Welander, pwelander@cfemedia.com
Integrator Guide
| Search the online Automation Integrator Guide |
|
|
|
|
Visit the System Integrators page to view past winners of Control Engineering's System Integrator of the Year Award and learn how to enter the competition. You will also find more information on system integrators and Control System Integrators Association.
Case Study Database
Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.