Our Industrial Control Systems Security Specialist training provides the expert level skills required to manage security teams within an ICS/OT environment, to detect, analyze and implement technical and non-technical measures to mitigate cyber security threats and ensure ICS/OT operations are managed effectively.
This training can be delivered virtually, at our London or Bristol facilities, or at our clients’ premises; training is typically for group bookings only.
PGI Cyber Academy – Completion Certificate
Aim Show more Show less
By the end of this training, you will have learnt to consolidate, develop, and apply your operational, business and ICS/OT security specific knowledge to secure and mitigate risks to automation and control system technologies at an advanced level.
Audience Show more Show less
Senior practitioner-level ICS/OT cyber security professionals who wish to understand how to manage all aspects of industrial control systems security effectively. Example roles might include:
- ICS/OT SOC analysts
- ICS/OT cyber security risk or compliance officers
- ICS/OT incident response practitioners
- ICS/OT cyber security architects
- Senior IT/Cyber security practitioners with responsibilities with industrial control systems or operational technology
Learning outcomes Show more Show less
- Implement test procedures, principles, and methodologies relevant to developing and integrating cyber security capability.
- Determine network traffic analysis tools, methodologies, and processes.
- Understand remote access technology processes, tools and capabilities and their implications for cyber security.
- Design identification and reporting processes.
- Consider statutes, laws, regulations, and policies governing the collection of information using cyber security techniques.
- Explain concepts, terminology, and operations of communications media.
- Discuss network technologies in IT and ICS/OT environments.
- Provide best practice cyber security risk management methodologies for the IT and ICS/ OT domains.
- Develop system protection planning measures for IT and ICS/OT environments.
- Review an organisation’s architectural concepts and patterns in IT and ICS/OT environments.
- Evaluate supervisory control and data acquisition system components.
- Design ICS network architectures and communication protocols.
- Analyse the ICS threat landscape.
- Identify, capture, contain and report malware.
- Secure network communications.
- Recognise and interpret malicious network activity in traffic.
- Analyse tools, techniques and procedures used by adversaries remotely to exploit and establish persistence on a target.
- Access databases where required documentation is maintained.
- Design multi-level and cross domain security solutions applicable to IT and ICS/ OT environments.
- Translate operational requirements into protection needs in an IT and ICS/OT environments.
- Protect an ICS/OT environment against cyber threats.
Prerequisites Show more Show less
Ideally, either GICSP training and/or qualification or GRID training and/or qualification, with five or more years practical experience in an ICS security practitioner role.
- Any national cyber security regulations and requirements relevant to their organisation.
- Human-computer interaction and the principles of usable design, as they relate to cyber security.
- An organisation’s policies and standard operating procedures relating to cyber security.
- Security event correlation tools.
- Multi-level security systems and cross domain solutions applicable to IT and ICS/OT environments.
- Integrating the organisation’s goals and objectives into the system architecture in IT and ICS/OT environments.
- Demilitarized zones in IT and ICS/OT environments.
- ICS operating environments and functions.
- ICS devices and industrial programming languages.
- Threats and vulnerabilities in ICS systems and environments.
- Intrusion detection methodologies and techniques for detecting ICS intrusions.
- ICS security methodologies and technologies.
- Applying host and network access controls.
- Protecting a network against malware.
- Performing cyber security related impact and risk assessments.
- Utilizing feedback to improve cyber security processes, products, and services.
- Applying cyber security and privacy principles to organisational requirements.
- Conducting cyber security reviews of systems.
- Conducting information searches.
- Identifying a network’s characteristics when viewed through the eyes of an attacker.
- Assessing the cyber security controls of ICS/OT environments.
Syllabus Show more Show less
This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:
Module 1 – Understanding the Flow
- Course introduction and Lab setup
- Level 0 and 1 – Devices and communications
- Understand the attack surface of a level 1 device (including process weaknesses)
- Passive and Active discovery
- Exercise – NMAP discovery
- System architecture and data flow
- HMIs and EWS
- HMI to PLC relationships
- PLC to HMI communications (including operational functions)
Module 2 – SCADA and Protocols
- SCADA components and communications paths
- Understanding peer to peer
- Peer to peer communications
- OPC and other protocols
- OPC and Beyond
Module 3 – Design and Devices
- Network architecture and design
- Levels 2 and 3 communications (including trusted communication flows)
- Perimeter prevention and detection
- Data diode or firewall?
- Databases exploration
- Using VPNs
Module 4 – Monitoring what you have
- System Monitoring
- Logging and alerting
- Asset Management and Validation using tools
- Managing and validating assets
Module 5 – Bringing it all together
- ICS Attack and Defend including troubleshooting
- Understand and exercise on local processes and environment
- Vendor security models and industrial DMZs
- Pivoting and positioning in an ICS target environment
- Operational traffic reverse engineering
- Protocol-level manipulation
- Firmware manipulation
- Industrial wireless discovery and attack
- Time synchronization manipulation
- Data table and scaling modifications