New portable hands-on industrial control system cyber security training kit and course
New course material from Cybati has been used in FBI and university training programs, and is now available commercially.
Distributed control and SCADA systems provide automation for such critical infrastructure as the bulk electric grid system, natural gas and oil distribution, transportation, fresh water/waste water, manufacturing, food, and defense. Many control systems are electronically connected to networks of less trust, potentially even a slight distance away from the Internet. It is paramount to the safety of our society to understand the architecture of these systems and how to protect them.
The Cybati three-day hands-on course, Critical Infrastructure Control System Cyber Security, is a real-world training session for intermediate to advanced programmers, cyber professionals, and engineers covering control system vulnerabilities, threats, and mitigating controls. This course provides hands-on analysis of DCS and SCADA environments, allowing participants to understand the impacts of attacks like Stuxnet, and supporting mitigating controls as defined in the NERC reliability standards, Department of Homeland Security CFATs, and other industry and government based recommended controls, such as ISA, NIST, NNSA, IEC, NRC, EPA, INGAA, FDA, and CPNI.
Participants learn control system cyber architecture, ladder logic programming, cyber vulnerability assessments, and attack surface analysis, along with mitigating physical, cyber, and operational controls. Hands-on laboratories include attacking and protecting PLCs and other control system hardware. Participants perform actual man-in-the-middle injections leading to false operator displays, rogue PLC administration, and automation and safety-system ladder logic analysis to identify potential failure models and mitigating controls.
Matthew E. Luallen, Cybati co-founder and president says, “Recent events such as Stuxnet, and exploits and vulnerabilities discussed at conferences such as Blackhat and Defcon are a concern to any modern society. This hands-on training environment and course material allows participants to focus on the vulnerabilities associated with control systems, tactically understand the risks and identify security controls. The control system training kit and courseware provides real world examples of cyber security risks and controls that can help asset owners protect their investment.”
Edited by Peter Welander, firstname.lastname@example.org