Industrial Control Systems Security Specialist (ICSSS)

Provided by

Our Industrial Control Systems Security Specialist training provides the expert level skills required to manage security teams within an ICS/OT environment, to detect, analyze and implement technical and non-technical measures to mitigate cyber security threats and ensure ICS/OT operations are managed effectively.

This training can be delivered virtually, at our London or Bristol facilities, or at our clients' premises; training is typically for group bookings only.
Certification

PGI Cyber Academy - Completion Certificate

Aim

By the end of this training, you will have learnt to consolidate, develop, and apply your operational, business and ICS/OT security specific knowledge to secure and mitigate risks to automation and control system technologies at an advanced level.

Audience

Senior practitioner-level ICS/OT cyber security professionals who wish to understand how to manage all aspects of industrial control systems security effectively. Example roles might include:
  • ICS/OT SOC analysts
  • ICS/OT cyber security risk or compliance officers
  • ICS/OT incident response practitioners
  • ICS/OT cyber security architects
  • Senior IT/Cyber security practitioners with responsibilities with industrial control systems or operational technology
Learning outcomes
  • Implement test procedures, principles, and methodologies relevant to developing and integrating cyber security capability.
  • Determine network traffic analysis tools, methodologies, and processes.
  • Understand remote access technology processes, tools and capabilities and their implications for cyber security.
  • Design identification and reporting processes.
  • Consider statutes, laws, regulations, and policies governing the collection of information using cyber security techniques.
  • Explain concepts, terminology, and operations of communications media.
  • Discuss network technologies in IT and ICS/OT environments.
  • Provide best practice cyber security risk management methodologies for the IT and ICS/ OT domains.
  • Develop system protection planning measures for IT and ICS/OT environments.
  • Review an organisation's architectural concepts and patterns in IT and ICS/OT environments.
  • Evaluate supervisory control and data acquisition system components.
  • Design ICS network architectures and communication protocols.
  • Analyse the ICS threat landscape.
  • Identify, capture, contain and report malware.
  • Secure network communications.
  • Recognise and interpret malicious network activity in traffic.
  • Analyse tools, techniques and procedures used by adversaries remotely to exploit and establish persistence on a target.
  • Access databases where required documentation is maintained.
  • Design multi-level and cross domain security solutions applicable to IT and ICS/ OT environments.
  • Translate operational requirements into protection needs in an IT and ICS/OT environments.
  • Protect an ICS/OT environment against cyber threats.
Prerequisites

Ideally, either GICSP training and/or qualification or GRID training and/or qualification, with five or more years practical experience in an ICS security practitioner role.

Knowledge of:
  • Any national cyber security regulations and requirements relevant to their organisation.
  • Human-computer interaction and the principles of usable design, as they relate to cyber security.
  • An organisation's policies and standard operating procedures relating to cyber security.
  • Security event correlation tools.
  • Multi-level security systems and cross domain solutions applicable to IT and ICS/OT environments.
  • Integrating the organisation's goals and objectives into the system architecture in IT and ICS/OT environments.
  • Demilitarized zones in IT and ICS/OT environments.
  • ICS operating environments and functions.
  • ICS devices and industrial programming languages.
  • Threats and vulnerabilities in ICS systems and environments.
  • Intrusion detection methodologies and techniques for detecting ICS intrusions.
  • ICS security methodologies and technologies.
Skills in:
  • Applying host and network access controls.
  • Protecting a network against malware.
  • Performing cyber security related impact and risk assessments.
  • Utilizing feedback to improve cyber security processes, products, and services.
  • Applying cyber security and privacy principles to organisational requirements.
  • Conducting cyber security reviews of systems.
  • Conducting information searches.
  • Identifying a network's characteristics when viewed through the eyes of an attacker.
  • Assessing the cyber security controls of ICS/OT environments.
Syllabus

This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

Module 1 - Understanding the Flow
  • Course introduction and Lab setup
  • Level 0 and 1 - Devices and communications
  • Understand the attack surface of a level 1 device (including process weaknesses)
  • Passive and Active discovery
  • Exercise - NMAP discovery
  • System architecture and data flow
  • HMIs and EWS
  • HMI to PLC relationships
  • PLC to HMI communications (including operational functions)
Module 2 - SCADA and Protocols
  • SCADA components and communications paths
  • Understanding peer to peer
  • Peer to peer communications
  • OPC and other protocols
  • OPC and Beyond
Module 3 - Design and Devices
  • Network architecture and design
  • Levels 2 and 3 communications (including trusted communication flows)
  • Perimeter prevention and detection
  • Data diode or firewall?
  • Databases
  • Databases exploration
  • Using VPNs
Module 4 - Monitoring what you have
  • System Monitoring
  • Logging and alerting
  • Asset Management and Validation using tools
  • Managing and validating assets
Module 5 - Bringing it all together
  • ICS Attack and Defend including troubleshooting
  • Understand and exercise on local processes and environment
  • Vendor security models and industrial DMZs
  • Pivoting and positioning in an ICS target environment
  • Operational traffic reverse engineering
  • Protocol-level manipulation
  • Firmware manipulation
  • Industrial wireless discovery and attack
  • Time synchronization manipulation
  • Data table and scaling modifications
Exam Preparation

Related article

5 reasons to study online professional computing courses from the University of Essex Online 1. Gain a qualification accredited by the CPD Certific...