Hands-on Critical Infrastructure and Control System Cybersecurity Course
- • Roadmap and Overview
- • Course Ethics and General Security Awareness
- • Critical Infrastructure Control System Cybersecurity Background
- – Brief History of Critical Infrastructure and Control Systems
- – Risk Management (Threats, Vulnerabilities and Exploits)
- – Laboratory: Training Kit Orientation and Setup
- • Control System Cyber Architecture and Device Programming
- – Control System Cyber Architecture Components
- – Programmable Logic Controllers, Ladder Logic, Points and OPC/HMI
- – Laboratory: Introduction to Programmable Logic Controllers, Logic, Communications and OLE for Process Control (OPC) / Human Machine Interface (HMI) Programming
- • Cyber Asset Vulnerability Assessments
- – Case Study Review and Analysis (e.g. Bellingham Gas Pipeline; BP Texas Refinery; Washington DC Metro)
- – ICS-CERT Vulnerability Notification Review and Analysis
- – Open Source Intelligence (OSINT)
- – Cyber, Physical and Operational Security Assessments
- – Cyber Toolsets
- – Laboratory: PLC Vulnerability Assessments
- – Laboratory: Analyze and develop control system oriented Metasploit modules
- – Laboratory: Mock Environment Analysis (e.g. Power Grid, Traffic Lights)
- • Automation Technologies Attack Surface and Mitigations
- – Programmable Logic Controller Analysis
- – Mitigating Controls
- – Laboratory: Blackbox Network Discovery
- – Analyzing Control System IEDs
- – Laboratory: Applied Vulnerability Security Analysis
- • OLE for Process Control / Human Machine Interface Attack
Surface and Mitigations- – OPC / HMI Analysis
- – Mitigating Controls
- – Laboratory: OPC/HMI Exploit Analysis and Control
- • Communications Attack Surface and Mitigations
- – General Communications Protocol Analysis
- – DNP3, IEC Variants, ICCP, Modbus Specific Protocol Analysis
- – Vulnerabilities and Exploits
- – Analyzing Wireless in Control Systems
- – Mitigating Controls
- – Laboratory: Communications Exploit Analysis and Control
- – Laboratory: Protocol Spoofing and Fuzzing
- – Laboratory: Communications Visualization
- • Integrated Defense in Depth Security Controls
- – Layered Operational, Cyber and Physical Controls
- – Forensics and attribution in control systems
- – Performing Physical-Cyber-Operational Assessments and Penetration Tests
- – Laboratory: Integrated Security Preparedness
- – Situation Awareness and Incident Response
- – Laboratory: Live-Fire Simulated Control System Environment Attack and Defend
Who should attend our Critical Infrastructure and Control System cybersecurity course?
The class establishes both a high-level understanding of Control System cybersecurity and deep dive analysis of vulnerabilities, exploits and mitigating controls valuable to a wide-range of professionals, whether directly in the field or responsible for compliance. The class also dives into a great deal of real-world cybersecurity applications and satisfies those who need or want to understand the inner-workings of the systems as well as the programming behind industrial automation. Therefore, the class is applicable to:
- · Security personnel whose job involves assessing, deploying, or securing control system components, communications and operations
- · Programmers, network and system administrators supporting control systems
- · Process engineers and field technicians
- · Operations and plant management personnel
- · Control System hardware, software and integrator vendor personnel
- · Penetration testers
- · NERC CIP, DHS CFATS, IEC 62443 and other Auditors who need to build deeper technical skills
- · Computer emergency response teams
Participant Requirements
Each team of two participants (a Pod) are provided training kits containing all hardware and software necessary for the course: a laptop, PLC programming software, HMI software, customizable actuator/sensor training unit, communications network and cabling, external wireless card, Teensyduino, customized Kali™ Linux platform (i.e. CybatiWorks-1). The participant is not required to bring any technology to the class. The participants may use their own analysis tools.
What material is covered during the five course days?
- · Brief history of critical infrastructure and control systems
- · Control system risk management (Threats, Vulnerabilities and Exploits)
- · Surveying your attack surface; fingerprinting control system components, performing OSINT and communications analysis inside your organization
- · Introduction to programmable logic controllers, function block diagrams, ladder logic, points/tags, communications and OLE for process control (OPC) / Human Machine Interface (HMI) programming
- · Sensor and actuator design analysis using customizable I/O control system trainer units
- · Performing physical-cyber-operational assessments and penetration tests
- · Hardware hacking networks, mice, technician PLC/PAC USB cables and more within control systems
- · Analyze small-scale mock control system environments (i.e. Traffic Light)
- · AB PCCC, Ethernet/IP, DNP3, IEC Variants, ICCP, Modbus communication protocol overview, analysis and fuzzing
- · Control system cyber asset and communication protocol exploit analysis and development
- · Integrating and monitoring layered operational, cyber and physical controls
- · Simulated control system red team / blue team exercise