Day 1

Introduction to Industrial Control Systems (ICS) and its security

Background

·       Terminology

·       Properties

·       IT vs OT

Main Components

·       HMI, SCADA Server

·       Historian Server

·       PLC, RTU, IED

·       Sensors, Actuators

·       Data Flow

Network Architecture

·       General Architecture, Main Zones.

·       Purdue Model

·       Communication Patterns

·       Remote Access

·       Large Scale Topology

·       Distributed Topology

·       Ring Topology

Protocols

·       Data Plane vs. Control Plane

·       IP vs. Serial

·       IT vs OT

·       Protocols Market Share

·       Overview Data Protocols

·       Modbus

·       Common Industrial Protocol

·       Secure Modbus

Security Issues

Cybersecurity for ICS networks

Security Issues

Major ICS Threats

·       Why to attack?

·       Insider Threat

·       IT Malware

·       OT Hacking Campaign

·       Supply Chain

Some Cybersecurity Solutions

·       Why OT Specific?

·       Diodes

·       Firewalls

·       Intrusion Detection System

Trends in ICS Cybersecurity

Day 2

Introduction to the basic of MITRE ATT&CK® for ICS and Secure Water Treatment (SWaT) testbed

·       Introduction to SWaT on its process, components, network and architecture

·       Introduction to the basics of ATT&CK® for Industrial Control Systems

·       Introduction to MITRE ATT&CK for ICS Matrix

·       Illustration of three attacks and its impact based on MITRE ATT&CK for ICS

·       Understand and hands-on exercise on vulnerability assessment for IT (ZyCron) and OT (SWaT) using OpenVAS and nmap tools

·       In-class participation to propose countermeasures to mitigate cyber risks based on detected and design vulnerabilities (participants will be divided into groups for discussion and to present in class)

·       Two hands-on exercises to understand impacts on water purification based on CIP/ENIP during process disruption caused by cyber breaches

Day 1 and 2

Cyber risks and security vulnerabilities in ICS

·       Cyber risk and trends in the ICS ecosystem

·       Differences between IT and OT cybersecurity

·       Common vulnerabilities in ICS

·       Real-life cyber-attack case studies

·       Understanding attacker model and its category

·       Networking and protocols (ARP and its attacks, TCP and its attacks, UDP and its attacks and ICMP and its attacks)

·       Telltale signs of suspected cyber attacks

Trainer: Ivan Lee, Co-founder, Tegasus International