Course Overview

What are the types of ‘industrial control system’?

Industrial control system (ICS) characterises the various types of control systems, devices, networks, and related protocols used to regulate and automate the industrial process. Industrial control system (ICS) has permeated modern automated industries like power stations, manufacturing, transportation, energy, and water treatment industries. You will find out more about the types of industrial control systems in this Zoe course.

What do industrial control systems control?

ICS frequently integrates new software and technology in both OT and IT to improve function and productivity, making them targets for cyber-attacks that can create risks to the system itself, cause leakage of sensitive data, intellectual property theft, operational shutdowns, and damage equipment, and end human life. With industrial processes becoming increasingly network-enabled, automated, and digitised, cybersecurity professionals need to be vast in the area.

This Zoe training course will provide you with extant knowledge about the fundamental concepts of security concerns within the industrial control systems architecture and relevant cybersecurity topics. This course will also provide you with the experience and knowledge needed to work in any sphere of industrial control system security, thus providing opportunities for career growth.

Course Objectives

This training course aims to empower professionals to:

• Thoroughly understand the fundamentals of Industrial Control Systems and cyber security
• Demonstrate highly developed practical skillset in eliminating all online threats such as malware, darknets, dark markets, zero-day, exploit kits vulnerabilities, advanced hackers and trackers, and cybercriminals
• Understand the different classes of firewalls that are available and the threats they help eliminate
• Train other professionals on identifying security vulnerabilities within the ICS through vulnerability scanning and network hacking techniques
• Predict and assess risks in the ICS architecture and analyse risk management procedures that can be applied to it
• Thoroughly understand the security standards in ICS networks and ways to impede attacks on the network
• Identify the components of standard ICS/OT security monitoring and incident response programs

 Training Methodology

Zoe Talent Solutions provides training courses on different subjects. Experts deliver the training from the relevant industry. In addition, the training is delivered as informative video lessons and practical exercises. Trainees are given assignments, tasks, and other activities in groups to encourage interaction among trainees and between the teachers and trainees. Role-plays can also form part of the training wherever applicable.

Zoe Talent Solutions applies this training method for all its courses. It is referred to as the Do-Review-Learn-Apply Model.

Organisations Benefits

With professionals taking this course, organisations will benefit in different ways:

• Application of advanced tools and technology to architect the organisation’s network for maximum security and hinder local and remote attacks
• Efficient control of the organisation’s systems that automatically manage processes to compete in today’s market-driven economy
• Detailed risk assessment and management to assess the security, monitor the system, and ensure the physical security of ICS systems in your organisation
• Ensure the professionals in training are equipped with improved expertise to detect security vulnerabilities across an entire network by utilising vulnerability scanning and network hacking techniques
• Enlighten security teams within the organisation on the examination of  ICS systems thoroughly to identify the various kinds and levels of risk in the ICS and ways of installing corresponding safeguards to it
•  Regular training of professionals on mitigation strategies to increase the cybersecurity posture of their Control System
• Enable the organisation in question to stand out for safe and secure industrial control system architecture

Personal Benefits

Professional undertaking this course will benefit in the below-mentioned ways:

• Gain a basic understanding of cybersecurity and ICS
• Skilful network monitoring to discover and identify likely hackers and malware utilising tools like Tcpdump, Wireshark, and Syslog
• Improved expertise to detect security vulnerabilities across an entire network by utilising vulnerability scanning and network hacking techniques
• Thoroughly understand the security development for mobile devices and networks in ICS and wireless security of these industrial systems and protect against different vulnerabilities
• Thoroughly understand key concepts like cryptography and encryption, malware, trojan virus, network security, and risk management and how they affect ICS
• Understand the meaning of risk and how it impacts the operational security and integrity of the ICS

Who Should Attend?

• IT and ICS cybersecurity professionals that realise the need for collaborative security approaches and are interested in industrial control systems

• End-users, asset owners, integrators, and vendors dealing with the problem of securing ICS
• Electric utility engineers working in electric industry security
• Operators, technicians, and maintenance personnel working at electric utility companies
• Investors and contractors who plan to invest in the electric industry that specialises in creating security standards for ICS
• Anyone who wants to develop competency in industrial control systems and cybersecurity

Course Outline

Module 1: Overview of ICS

• Meaning
• Roles and Responsibilities
• Types of ICS

Module 2: Industrial control system functional components

• Control loop
• Distributed Control System
• SCADA
• Programmable logic controller
• Actuator
• Intelligent Electronic Device

Module 3: ICS Network and Industrial Architecture

• Fundamentals of Networks:
• Ethernet, TCP/IP Protocol
• ICS Wireless Systems
• Satellite, Mesh, Wi-Fi, and Bluetooth Systems
• Honeypots
• Firewalls and Gateways
• The OSI 7-Layer Model
• Routers and Firewalls
• Network Data Analysis
• Fieldbus Industrial Protocols
• Backend Industrial Protocols
• ICS Protocol Architectures

Module 4: Overview of Cybersecurity tools and Cyberattack

• Meaning of cybersecurity
• History of cybersecurity
• Types and motives of cyber attacks
• Cyber attack countermeasures

Module 5: Network Security and Database Vulnerabilities

• Meaning of Database
• Types of Databases
• Types of Database Vulnerabilities
• Tools needed to research a database vulnerability of a database

Module 6: Penetration Testing, Incident Response and, forensics

• Stages of Penetration testing
• Penetration testing tools
• Digital forensics and Digital evidence
• Power of scripting
• Scanning and Vulnerability Enumeration

Module 7: Vulnerabilities in ICS Architecture

• Policy and procedure vulnerabilities
• Platform configuration vulnerabilities
• Platform hardware and software vulnerabilities
• Malware Protection Vulnerabilities
• Network Configuration Vulnerabilities
• Network Hardware Vulnerabilities
• Network Perimeter Vulnerabilities

Module 8: ICS and Cybersecurity

• Relevance of Cybersecurity to industrial control systems
• Motivation for attacking the ICS.
• The effect of cyber attacks on the ICS:
• It can cause a change in the Programmable Logic Controllers (PLC),
• It can cause changes in the operating system and application configurations of the ICS.
• It can tamper with safety controls

Module 9: ICS Server Attacks

• How are ICS servers attacked:
• Attacks on ICS Remote Devices
• Firmware Attacks

Module-10: Assessing and Managing Risk

• Meaning of risk
• Effects of risk on operational security and integrity
• Identification, classification and, ranking of Cybersecurity risks to ICS
• Appropriate measures to mitigate residual risks in the ICS

Module 11: Selecting and Implementing Security Controls for ICS

• Meaning of security control
• The relationship between Security controls and risk management
• Categories of security control
• Standards and Security Controls Applied to ICS

 Module 12: Cybersecurity best practices for Industrial control systems

• Risk management and cyber security governance
• Physical and Environmental Security
• System monitoring and Hardening
• Malware Protection and Detection
• Periodic Assessments and Edits
• Incident Planning and Resource
• Intrusion Detection
• Patchware Management
• Network Segmentation
• Host security

Module 13:  Real-life cases of cyber attacks on ICS System

• Stuxnet worm (Manipulation of centrifuges inside nuclear facilities in Iran)
• BlackEnergy (Ukraine Case Study)
• Zotob PnP worm attack on Daimler Chrystler U.S. car Manufacturing plant in 2005