IC34 EN 3v02 – IACS Cybersecurity Design & Implementation.
The second phase in the Industrial Systems Cybersecurity Lifecycle (IACS – defined in ISA/IEC-62443-1-1) focuses on activities associated with the design and implementation of cybersecurity countermeasures. This involves the selection of appropriate countermeasures based on their security-level capability and the nature of the threats and vulnerabilities identified in the assessment phase. This phase also includes conducting cybersecurity tests for the acceptance of the integrated solution, to validate that the countermeasures are implemented correctly and that the industrial system under consideration has reached the required level of security.
Course #: IC34 | CEUs: 2.1 | Length: 3 days | Version: 3.02 | A certificate of completion indicating the total number of CEUs earned will be provided upon successful course completion.
Industrial Automation Control System (IACS) Cybersecurity Design & Implementation (IC34V) focuses on the activities associated with the design and implementation of industrial automation control system (IACS) cybersecurity countermeasures for a new or existing IACS to achieve the target security level assigned to each IACS zone or conduit. This includes selecting the appropriate countermeasures based on the security level capability and the nature of the threats and vulnerabilities identified in the assessment phase. The access phase includes cybersecurity acceptance testing of the integrated solution to validate that countermeasures are properly implemented, that the IACS has achieved the target security level, and that the objectives in the cybersecurity requirements specification have been properly satisfied.
Para la audiencia de habla hispana (y portuguesa) el material de estudio se dispone en idioma inglés. La evaluación de certificación profesional se encuentra disponible únicamente en idioma inglés, al igual que la serie de normas ISA/IEC-62443. La traducción independiente de las normas no está aprobada ni autorizada por el Comité ISA99.
Certificate Program: IC34 is the third course in the ISA/IEC-62443 Cybersecurity Certificate Program. Pass the exam to earn the ISA/IEC-62443 Cybersecurity Design Specialist certificate. Course registration includes one exam fee.
Required Prerequisites
Successful completion of any version of Using ISA/IEC-62443 Standards to Secure Your Control Systems (IC32) and passing the ISA/IEC-62443 Cybersecurity Fundamentals Specialist certificate exam are mandatory prerequisites for this course.
Who Should Take IC34?
- Control systems engineers and managers
- System integrators
- IT engineers and managers in industrial facilities
- Plant managers
- Plant safety and risk management personnel
Learning Objectives
- Interpret the results of an industrial control system (ICS) cybersecurity risk assessment
- Develop a cybersecurity requirements specification (CRS)
- Develop a conceptual design based upon information in a well-crafted CRS
- Explain the security development lifecycle (SLD) process and deliverables
- Perform a basic firewall configuration and commissioning
- Design a secure remote access solution
- Develop system hardening specification
- Implement a basic network intrusion detection system (IDS)
- Develop a cybersecurity acceptance test plan
- Cybersecurity factory acceptance test (CFAT)
- Cybersecurity site acceptance test (CSAT)
- Perform a basic CFAT or CSAT
Topics Covered
- Introduction to the ICS Cybersecurity Lifecycle
- Assessment phase
- Implementation phase
- Maintenance phase
- Conceptual design process
- Interpreting risk assessment results
- Cybersecurity requirements specifications
- Developing a conceptual design
- Conceptual design specification
- Detailed design process
- Safety Development Lifecycle (SDL)
- Types of technology
- Selecting appropriate technology
- Developing a detailed design
- Documenting the design/specification
- Design and implementation examples
- Firewall design example
- Remote access design example
- System hardening design example
- Intrusion detection design example
- Testing
- Developing test plans
- Cybersecurity Factory Assessment Test (CFAT)
- Cyber Security Assessment Tool (CSAT)
Laboratory Exercises
- Building the board
- Firewalls
- Defining USB policy and procedure
- Network device hardening
- Remote access
- Using ISA/IEC-62443-3-3 to validate the achieved security level (SL-A)
Recommended Standards
- ISA-62443-1-1-2007, Security for Industrial automation and control systems – Part 1-1: Terminology, concepts and models
- ISA-62443-2-1 (99.02.01)-2009, Security for industrial automation and control systems – Part 2-1: Establishing an industrial automation and control systems security program
- ISA-62443-3‑2-2020, Security for industrial automation and control systems – Part 3‑2: Security risk assessment for system design
- ISA-62443-3-3 (99.03.03)-2013, ISA-62443-3-3 (99.03.03)-2013, Security for industrial automation and control systems – Part 3-3: System security requirements and security levels
Recommended Reading
- Cybersecurity Library
- Industrial Automation and Control System Security Principles, Second Edition by Ronald L. Krutz, PhD, PE
Recommended Prerequisite
ISA course Assessing the Cybersecurity of New or Existing IACS Systems (IC33) or equivalent knowledge/experience.
Not sure this particular course is for you? Contact us and our experts will guide you to build your professional career development based on your own objectives and organization needs.
The main objectives of ISA training is to make sure that the audience understands and interprets the requirements of the ISA/IEC-62443 series of standards correctly and what needs to be done. While the exercises and products used in the lab helps to understand the concepts, it is not within the objectives of ISA to recommend any specific solution or to show how to comply with the multiple requirements.
Check the Frequently Asked Questions (FAQ) here.
About Instructor
+3
enrolled
Course Includes
- 13 Lessons
- 8 Quizzes
- Course Certificate
