IC32 EN 5v13 – Using the ISA/IEC-62443 Standard to Secure Control Systems
A detailed overview of how ISA/IEC-62443 (formerly ISA 99) standards can be used to protect your critical control systems. It also explores the procedural and technical differences between security for traditional IT environments and appropriate solutions for SCADA or plant environments. The course explores the movement towards using open standards such as Ethernet, TCP/IP and web technologies in SCADA and process control networks that have begun to expose these systems to the same cyberattacks that have wreaked so much havoc on global government and businesses. Information systems.
Course #: IC32 | CEUs: 1.4 | Length: 2 days | Version: 5.13 | A certificate of completion indicating the total number of CEUs earned will be provided upon successful course completion.
Using the ISA/IEC-62443 Standards to Secure Your Control Systems (IC32) provides a detailed look at how the ISA/IEC-62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.
With the move to using open standards, such as Ethernet, Transmission Control Protocol/Internet Protocol (TCP/IP), and web technologies, in supervisory control and data acquisition (SCADA) and process control networks (PCN), systems are being exposed to the same cyberattacks facing corporate information systems, protecting control systems is more important than ever.
Para la audiencia de habla hispana (y portuguesa) el material de estudio se dispone en idioma inglés. La evaluación de certificación profesional se encuentra disponible únicamente en idioma inglés, al igual que la serie de normas ISA/IEC-62443. La traducción independiente de las normas no está aprobada ni autorizada por el Comité ISA99.
Certificate Program: This is a preparatory class for the ISA/IEC-62443 Cybersecurity Certificate Program. The course registration includes the fee for one exam.
Who Should Take IC32?
- Control systems engineers and managers
- System integrators
- IT Engineers and managers at industrial facilities
- Plant managers
- Plant safety and risk management
Learning Objectives
- Describe the importance of security control systems.
- Describe the structure and content of the ISA/IEC-62443 series of documents.
- Explain the importance of awareness as an effective countermeasure.
- Define the principles behind creating an effective long-term security program.
- Discuss the basics of risk analysis, industrial networking and network security.
- Discuss the concepts that form the basis for the ISA/IEC-62443 standards (defense-in-depth and zones and conduits).
- Describe how to apply key risk mitigation techniques such as antivirus, patch management and firewalls.
- Explain how secure software development strategies make systems inherently more secure.
- Describe how to validate or verify the security of systems.
- Describe how security profiles for ISA/IEC-62443 can be utilized.
Topics Covered
- Introduction to control systems security
- Cybersecurity awareness
- ISA/IEC-62443 series of standards
- ISA/IEC-62443 models and security levels
- IACS cybersecurity lifecycle
- Security program requirements for IACS asset owners
- Evolving security standards, practices and regulations
- Network security basics
- Industrial protocols
- Introduction to patch management in the IACS environment
- Introduction to security risk assessment for system design
- Security program requirements for IACS service providers
- Developing secure products and systems
- Security profiles for ISA/IEC-62443
- IACS security protection scheme
Exercise
PCAP live capture analysis.
Recommended Resources
Standards
- ISA-62443-1-1-2007, Security for Industrial Automation and Control Systems, Part 1-1: Terminology, Concepts, and Models
- ISA-62443-2-1 (99.02.01)-2009, Security for Industrial Automation and Control Systems, Part 2-1: Establishing an Industrial Automation and Control Systems Security Program
- ANSI/ISA-62443-3‑2-2020, Security for industrial automation and control systems, Part 3‑2: Security risk assessment for system design
- ANSI/ISA-62443-3-3 (99.03.03)-2013, ANSI/ISA-62443-3-3 (99.03.03)-2013 Security for industrial automation and control systems, Part 3-3: System security requirements and security levels
Books
- Cybersecurity Library
- Industrial Automation and Control System Security Principles, Second Edition by Ronald L. Krutz, PhD, PE
Recommended Prerequisites
- There are no required prerequisites for taking this course; however, it is highly recommended that applicants have at least one to three years of experience in the cybersecurity field with some experience in an industrial setting. IC32 is a 14-hour boot camp-style class, and there is not much time to teach basic commands and cybersecurity.
- ISA courses: TS07, TS12 or the equivalent knowledge/experience would be beneficial.
- Note from the Instructor: One of the challenges I have had in teaching IC32 is students attending without any or limited knowledge of ISA courses TS07, TS12 or cybersecurity general principles.
Not sure this particular course is for you? Contact us and our experts will guide you to build your professional career development based on your own objectives and organization needs.
The main objectives of ISA training are to make sure that the audience understands and interprets the requirements of the ISA/IEC-62443 series of standards correctly and what needs to be done. While the exercises and products used in the lab helps to understand the concepts, it is not within the objectives of ISA to recommend any specific solution or to show how to comply with the multiple requirements.
Check the Frequently Asked Questions (FAQ) here.
About Instructor
+2
enrolled
Course Includes
- 17 Lessons
- 1 Topic
- 1 Quiz
- Course Certificate
