‎The first phase in the Industrial Systems Cybersecurity (IACS – defined in ‎‎ISA‎‎/IEC-62443-1-1) lifecycle consists of identifying and documenting industrial assets (IACS) and performing a cybersecurity vulnerability analysis and risk assessment to identify and understand high-risk vulnerabilities that require mitigation. For ‎‎ISA‎‎/IEC-62443-2-1 these assessments must be performed on both existing (Brownfield) and new (Greenfield) applications. Part of the assessment process involves developing a zone and conduit model of the systems under consideration, identifying security level objectives, and documenting cybersecurity requirements into a cybersecurity requirements specification (‎‎CSRS‎‎).‎

The second phase in the IACS Cybersecurity Lifecycle (defined in ISA/IEC 62443-1-1) focuses on the activities associated with the design and implementation of IACS cybersecurity countermeasures. This involves the selection of appropriate countermeasures based upon their security level capability and the nature of the threats and vulnerabilities identified in the Assess phase. This phase also includes cybersecurity acceptance testing of the integrated solution, to validate countermeasures are properly implemented and that the IACS has achieved the target security level. This course will provide students with the information and skills to select and implement cybersecurity countermeasures for a new or existing IACS to achieve the target security level assigned to each IACS zone or conduit. Additionally, students will learn how to develop and execute test plans to verify that the cybersecurity of an IACS solution has properly satisfied the objectives in the cybersecurity requirements specification.

‎The second phase in the Industrial Systems Cybersecurity Lifecycle (IACS – defined in ISA/IEC-62443-1-1) focuses on activities associated with the design and implementation of cybersecurity countermeasures. This involves the selection of appropriate countermeasures based on their security-level capability and the nature of the threats and vulnerabilities identified in the assessment phase. This phase also includes conducting cybersecurity tests for the acceptance of the integrated solution, to validate that the countermeasures are implemented correctly and that the industrial system under consideration has reached the required level of security.‎

‎The second phase in the Industrial Systems Cybersecurity Lifecycle (IACS – defined in ISA/IEC-62443-1-1) focuses on activities associated with the design and implementation of cybersecurity countermeasures. This involves the selection of appropriate countermeasures based on their security-level capability and the nature of the threats and vulnerabilities identified in the assessment phase. This phase also includes conducting cybersecurity tests for the acceptance of the integrated solution, to validate that the countermeasures are implemented correctly and that the industrial system under consideration has reached the required level of security.‎

The third phase in the IACS Cybersecurity Lifecycle (defined in ISA/IEC 62443-1-1) focuses on the activities associated with the ongoing operations and maintenance of IACS cybersecurity. This involves network diagnostics and troubleshooting, security monitoring and incident response, and maintenance of cybersecurity countermeasures implemented in the Design & Implementation phase. This phase also includes security management of change, backup and recovery procedures and periodic cybersecurity audits. This course will provide students with the information and skills to detect and troubleshoot potential cybersecurity events, as well as the skills to maintain the security level of an operating system throughout its lifecycle despite the challenges of an every changing threat environment.

‎The third phase in the Cybersecurity in Industrial Systems (IACS ) lifecycle – defined in ISA/IEC-62443-1-1) focuses on activities associated with ongoing operations and the…

As the ISA/IEC 62443 series of standards for the security of Industrial Automation and Control Systems (IACS) grow in popularity and usage several certification and assessment programs have been established, for example ISASecure. There is a need for training programs because there is a lack of understanding of 62443 standards in the product supplier community and a shortage of assessors with the requisite knowledge to perform certifications and assessments. This course is intended to train product suppliers in how to design, develop and support IACS products, and assessors in how to certify and assess IACS products and security development lifecycles using the ISA/IEC 62443 series of standards.

Many manufacturing firms have made significant investments in flexible shop-floor execution systems and in sophisticated enterprise planning (ERP) systems. Those investments, however, cannot yield their full potential until each has access to the information and capabilities of the other. The ANSI/ISA95 standard addresses that coordination problem by providing a sound, robust definition of business activities and of the information that must flow between those two realms. This course also teaches the terminology used in Information Technology (IT) departments so that manufacturing and IT personnel can effectively work together on integration projects.