Loading...

Please Wait...

 

Course Description

Industry has invested considerable effort in managing the risks of terrorism and other deliberate criminal acts against facilities since the events of September 11, 2001. However, these efforts have focused primarily on physical security and have not dealt with attacks on facilities through their computer systems. While few deliberately focused attacks on manufacturing systems have been reported, random attacks of worms, trojans, viruses, etc. have occurred and adversely impacted computer systems including those operating manufacturing facilities.

While cyber security is an established discipline for computer systems used for business management, its focus is the protection of valuable information stored on those systems from adversaries who want to obtain, corrupt, damage, destroy or prohibit access to it. Cyber security for manufacturing and control systems must also include protection against cyber or physical attack on computer systems and their support systems by adversaries who wish to disable or manipulate them to cause harm. Examples of manipulation include opening/closing valves, starting/stopping equipment, and overriding alarm and trip settings. Traditional IT cyber security countermeasures are not adequate to protect against attacks on control systems. Furthermore, such countermeasures may even compromise the safety or operability of manufacturing processes.

Historically, computer control systems have been kept separate from business and enterprise computer systems but increasingly they are being connected through networks, driven by the need to communicate process information to business groups and the opportunity to intervene in manufacturing processes through an intranet or the Internet. Control systems are exposed to penetration when they are connected to other networks or when there are provisions for remote access. Existing control systems were not designed with public access in mind, often have poor security, and are vulnerable to attack. Furthermore, much of the technical information needed to penetrate these systems is readily available.

Note: For more detail on the need to address industrial cyber security, see "The Business Case for Cyber Security (PDF file)"

This course provides attendees with an understanding of cyber security and knowledge and tools that can be used to manage the risk of cyber attacks. It includes an overview of the basics of computer networks and control systems for those attendees who may not be familiar with them. Sources and types of attack, vulnerabilities, attack techniques and countermeasures are described. The course concludes with a discussion of how to implement a program to manage cyber security within an organization.

Objective

  • Understand what is meant by industrial cybersecurity and its importance.
  • Become familiar with current initiatives.
  • Learn how computer systems can be attacked and whatcan be done to protect them.
  • Understand how to assess the current state of cybersecurity for a facility or company.
  • Become familiar with cyber security managementprograms.

Target Audience

Individuals involved with or responsible for securing manufacturing and computer control systems from attack.

Prerequisite

Knowledge and/or experience with either computer networks or manufacturing and computer control systems is helpful.

Course Contents

  • Overview
  • Current initiatives
  • Computer networks and control systems
  • Sources and types of attack
  • Vulnerabilities to attack
  • Attack techniques and tools
  • Cyber security countermeasures
  • Cyber security principles
  • Human factors in cyber security
  • Assessment methods
  • Cyber security program

Duration / CEUs

  • Two days
  • 1.4 CEUs or 14 PDHs awarded

Tuition

All Courses