Industrial Control Systems Security Analyst

By the end of this training, you will have learnt to support and defend against cyber security threats to keep the operational environment safe, secure, and resilient.

Practitioner-level ICS/OT cyber security professionals who wish to understand how to manage all aspects of industrial control systems security effectively. Example roles might include:

• ICS IT practitioners
• ICS security analysts
• Security engineers
• Industry managers and professionals
• IT/cyber security practitioners with responsibilities with industrial control systems or operational technology

Upon successful completion of this course, a trainee will be able to achieve the following knowledge and skills:

• Learn best practices for incident response and incident management.
• Defining network hardware devices and functions.
• Know an organisation’s local and wide area network connections and the risks they pose to its cyber security.
• Understand cyber threat intelligence gathering principles, policies and procedures including legal authority and restrictions.
• Know an organisation’s policies and standard operating procedures relating to cyber security.
• Recognise identification and reporting processes.
• Understand the global social dynamics of the different cyber threat types.
• Gain an understanding of multi-level security systems and cross domain solutions applicable to IT and ICS/OT environments.
• Determine system protection planning measures for IT and ICS/OT environments.
• Integrate an organisation’s goals and objectives into the system architecture in IT and ICS/OT environments.
• Understand demilitarised zones in IT and ICS/OT environments.
• Determine supervisory control and data acquisition system components.
• Be aware of ICS operating environments and functions.
• Review ICS network architectures and communication protocols.
• Learn about ICS devices and industrial programming languages.
• Gain knowledge of the ICS threat landscape.
• Recognise threats and vulnerabilities in ICS systems and environments.
• Understand intrusion detection methodologies and techniques for detecting ICS intrusions.
• Determine ICS security methodologies and technologies.
• Apply core cyber security principles.
• Effectively recognise and categorise types of vulnerabilities and associated attacks.
• Define system, network, and OS hardening techniques.
• Collect data from a variety of cyber security resources.
• Use multiple search engines and tools in conducting open-source searches.
• Protect an ICS/OT environment against cyber threats.

Ideally IT or fundamental cyber security experience and a basic understanding of networking and system administration, TCP/IP, networking design/architecture, vulnerability assessment, and risk methodologies.

Knowledge of:

• Best practices for incident response and incident management.
• Network hardware devices and functions.
• An organisation’s local and wide area network connections and the risks they pose to its cyber security.
• Cyber threat intelligence gathering principles, policies and procedures including legal authority and restrictions.
• An organisation’s policies and standard operating procedures relating to cyber security.
• Identification and reporting processes.
• Global social dynamics of the different cyber threat types.
• Multi-level security systems and cross domain solutions applicable to IT and ICS/OT environments.
• System protection planning measures for IT and ICS/OT environments.
• Integrating the organisation’s goals and objectives into the system architecture in IT and ICS/OT environments.
• Demilitarised zones in IT and ICS/OT environments.
• Supervisory control and data acquisition system components.
• ICS operating environments and functions.
• ICS network architectures and communication protocols.
• ICS devices and industrial programming languages.
• ICS threat landscape.
• Threats and vulnerabilities in ICS systems and environments.
• Intrusion detection methodologies and techniques for detecting ICS intrusions.
• ICS security methodologies and technologies.

Skills in:

• Applying core cyber security principles.
• Effectively recognizing and categorising types of vulnerabilities and associated attacks.
• System, network, and OS hardening techniques.
• Collecting data from a variety of cyber security resources.
• Using multiple search engines and tools in conducting open-source searches.
• Protecting an ICS/OT environment against cyber threats.

This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

Module 1 – Introduction to Industrial Control System

• History and context
• What exactly is an ICS?
• Location and Latency
• IT vs OT
• The Purdue Model

Module 2 – Industrial Control Systems Networking

• Real-Time Operating Systems
• Common Industrial Protocols
• Industrial Networking

Module 3 – Cyber security Essentials for Industrial Control Systems

• How does Cyber fit into ICS (including Culture and Behavioural Change)
• Physical and Cyber Security
• Known ICS security incidents
• ICS Security Risk
• Measuring Cyber Security Risk
• Introduction to Qualitative vs Qualitative
• Traditional Models
• ICS Attack Surface
• Threat Actors and Reasons for Attack
• Attack Surface and Inputs
• Vulnerabilities
• Threat/Attack Models
• Creating ICS Cyber Security Policy
• Policies, Standards, Guidance and Procedures
• Frameworks

• Creating ICS Cyber Security Policy
• Policies, Standards, Guidance and Procedures
• Frameworks

Module 4 – Securing Industrial Control Systems

• Where do you begin?
• An ICS Cyber Security Program
• ICS Architecture
• Hardening including OS hardening
• Patching ICS Systems
• Patch Decision Tree
• Wireless Security
• Database Security

Module 5 – Securing Industrial Control Systems

• Introduction to Threat Intelligence
• ICS Incident Management
• Disaster Recovery
• Business Continuity Programs
• Modification for Cyber Security Incidents
• Vendors, CERTS, and Security Bulletins

Exam Preparation