Our Industrial Control Systems Security Specialist training provides the expert level skills required to manage security teams within an ICS/OT environment, to detect, analyze and implement technical and non-technical measures to mitigate cyber security threats and ensure ICS/OT operations are managed effectively.

This training can be delivered virtually, at our London or Bristol facilities, or at our clients’ premises; training is typically for group bookings only.

Certification

  •  

    PGI Cyber Academy – Completion Certificate

  • Aim Show more Show less

    By the end of this training, you will have learnt to consolidate, develop, and apply your operational, business and ICS/OT security specific knowledge to secure and mitigate risks to automation and control system technologies at an advanced level.

  • Audience Show more Show less

    Senior practitioner-level ICS/OT cyber security professionals who wish to understand how to manage all aspects of industrial control systems security effectively. Example roles might include:

    • ICS/OT SOC analysts
    • ICS/OT cyber security risk or compliance officers
    • ICS/OT incident response practitioners
    • ICS/OT cyber security architects
    • Senior IT/Cyber security practitioners with responsibilities with industrial control systems or operational technology
  • Learning outcomes Show more Show less

    • Implement test procedures, principles, and methodologies relevant to developing and integrating cyber security capability.
    • Determine network traffic analysis tools, methodologies, and processes.
    • Understand remote access technology processes, tools and capabilities and their implications for cyber security.
    • Design identification and reporting processes.
    • Consider statutes, laws, regulations, and policies governing the collection of information using cyber security techniques.
    • Explain concepts, terminology, and operations of communications media.
    • Discuss network technologies in IT and ICS/OT environments.
    • Provide best practice cyber security risk management methodologies for the IT and ICS/ OT domains.
    • Develop system protection planning measures for IT and ICS/OT environments.
    • Review an organisation’s architectural concepts and patterns in IT and ICS/OT environments.
    • Evaluate supervisory control and data acquisition system components.
    • Design ICS network architectures and communication protocols.
    • Analyse the ICS threat landscape.
    • Identify, capture, contain and report malware.
    • Secure network communications.
    • Recognise and interpret malicious network activity in traffic.
    • Analyse tools, techniques and procedures used by adversaries remotely to exploit and establish persistence on a target.
    • Access databases where required documentation is maintained.
    • Design multi-level and cross domain security solutions applicable to IT and ICS/ OT environments.
    • Translate operational requirements into protection needs in an IT and ICS/OT environments.
    • Protect an ICS/OT environment against cyber threats.
  • Prerequisites Show more Show less

    Ideally, either GICSP training and/or qualification or GRID training and/or qualification, with five or more years practical experience in an ICS security practitioner role.

     

    Knowledge of:

    • Any national cyber security regulations and requirements relevant to their organisation.
    • Human-computer interaction and the principles of usable design, as they relate to cyber security.
    • An organisation’s policies and standard operating procedures relating to cyber security.
    • Security event correlation tools.
    • Multi-level security systems and cross domain solutions applicable to IT and ICS/OT environments.
    • Integrating the organisation’s goals and objectives into the system architecture in IT and ICS/OT environments.
    • Demilitarized zones in IT and ICS/OT environments.
    • ICS operating environments and functions.
    • ICS devices and industrial programming languages.
    • Threats and vulnerabilities in ICS systems and environments.
    • Intrusion detection methodologies and techniques for detecting ICS intrusions.
    • ICS security methodologies and technologies.

     

    Skills in:

    • Applying host and network access controls.
    • Protecting a network against malware.
    • Performing cyber security related impact and risk assessments.
    • Utilizing feedback to improve cyber security processes, products, and services.
    • Applying cyber security and privacy principles to organisational requirements.
    • Conducting cyber security reviews of systems.
    • Conducting information searches.
    • Identifying a network’s characteristics when viewed through the eyes of an attacker.
    • Assessing the cyber security controls of ICS/OT environments.
  • Syllabus Show more Show less

    This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

    Module 1 – Understanding the Flow

    • Course introduction and Lab setup
    • Level 0 and 1 – Devices and communications
    • Understand the attack surface of a level 1 device (including process weaknesses)
    • Passive and Active discovery
    • Exercise – NMAP discovery
    • System architecture and data flow
    • HMIs and EWS
    • HMI to PLC relationships
    • PLC to HMI communications (including operational functions)

    Module 2 – SCADA and Protocols

    • SCADA components and communications paths
    • Understanding peer to peer
    • Peer to peer communications
    • OPC and other protocols
    • OPC and Beyond

    Module 3 – Design and Devices

    • Network architecture and design
    • Levels 2 and 3 communications (including trusted communication flows)
    • Perimeter prevention and detection
    • Data diode or firewall?
    • Databases
    • Databases exploration
    • Using VPNs

    Module 4 – Monitoring what you have

    • System Monitoring
    • Logging and alerting
    • Asset Management and Validation using tools
    • Managing and validating assets

    Module 5 – Bringing it all together

    • ICS Attack and Defend including troubleshooting
    • Understand and exercise on local processes and environment
    • Vendor security models and industrial DMZs
    • Pivoting and positioning in an ICS target environment
    • Operational traffic reverse engineering
    • Protocol-level manipulation
    • Firmware manipulation
    • Industrial wireless discovery and attack
    • Time synchronization manipulation
    • Data table and scaling modifications

    Exam Preparation

Want to find out more?