Hands-on Critical Infrastructure and Control System Cybersecurity Course

• • Roadmap and Overview
• • Course Ethics and General Security Awareness
• • Critical Infrastructure Control System Cybersecurity Background
  • – Brief History of Critical Infrastructure and Control Systems
  • – Risk Management (Threats, Vulnerabilities and Exploits)
  • – Laboratory: Training Kit Orientation and Setup

• • Control System Cyber Architecture and Device Programming
  • – Control System Cyber Architecture Components
  • – Programmable Logic Controllers, Ladder Logic, Points and OPC/HMI
  • – Laboratory: Introduction to Programmable Logic Controllers, Logic, Communications and OLE for Process Control (OPC) / Human Machine Interface (HMI) Programming

• • Cyber Asset Vulnerability Assessments
  • – Case Study Review and Analysis (e.g. Bellingham Gas Pipeline; BP Texas Refinery; Washington DC Metro)
  • – ICS-CERT Vulnerability Notification Review and Analysis
  • – Open Source Intelligence (OSINT)
  • – Cyber, Physical and Operational Security Assessments
  • – Cyber Toolsets
  • – Laboratory: PLC Vulnerability Assessments
  • – Laboratory: Analyze and develop control system oriented Metasploit modules
  • – Laboratory: Mock Environment Analysis (e.g. Power Grid, Traffic Lights)

• • Automation Technologies Attack Surface and Mitigations
  • – Programmable Logic Controller Analysis
  • – Mitigating Controls
  • – Laboratory: Blackbox Network Discovery
  • – Analyzing Control System IEDs
  • – Laboratory: Applied Vulnerability Security Analysis

• • OLE for Process Control / Human Machine Interface Attack
  Surface and Mitigations
  • – OPC / HMI Analysis
  • – Mitigating Controls
  • – Laboratory: OPC/HMI Exploit Analysis and Control

• • Communications Attack Surface and Mitigations
  • – General Communications Protocol Analysis
  • – DNP3, IEC Variants, ICCP, Modbus Specific Protocol Analysis
  • – Vulnerabilities and Exploits
  • – Analyzing Wireless in Control Systems
  • – Mitigating Controls
  • – Laboratory: Communications Exploit Analysis and Control
  • – Laboratory: Protocol Spoofing and Fuzzing
  • – Laboratory: Communications Visualization

• • Integrated Defense in Depth Security Controls
  • – Layered Operational, Cyber and Physical Controls
  • – Forensics and attribution in control systems
  • – Performing Physical-Cyber-Operational Assessments and Penetration Tests
  • – Laboratory: Integrated Security Preparedness
  • – Situation Awareness and Incident Response
  • – Laboratory: Live-Fire Simulated Control System Environment Attack and Defend

Who should attend our Critical Infrastructure and Control System cybersecurity course?

The class establishes both a high-level understanding of Control System cybersecurity and deep dive analysis of vulnerabilities, exploits and mitigating controls valuable to a wide-range of professionals, whether directly in the field or responsible for compliance.  The class also dives into a great deal of real-world cybersecurity applications and satisfies those who need or want to understand the inner-workings of the systems as well as the programming behind industrial automation.  Therefore, the class is applicable to:

• · Security personnel whose job involves assessing, deploying, or securing control system components, communications and operations
• · Programmers, network and system administrators supporting control systems
• · Process engineers and field technicians
• · Operations and plant management personnel
• · Control System hardware, software and integrator vendor personnel
• · Penetration testers
• · NERC CIP, DHS CFATS, IEC 62443 and other Auditors who need to build deeper technical skills
• · Computer emergency response teams

Participant Requirements

Each team of two participants (a Pod) are provided training kits containing all hardware and software necessary for the course: a laptop, PLC programming software, HMI software, customizable actuator/sensor training unit, communications network and cabling, external wireless card, Teensyduino, customized Kali™ Linux platform (i.e. CybatiWorks-1).  The participant is not required to bring any technology to the class.  The participants may use their own analysis tools. 

What material is covered during the five course days?

• · Brief history of critical infrastructure and control systems
• · Control system risk management (Threats, Vulnerabilities and Exploits)
• · Surveying your attack surface; fingerprinting control system components, performing OSINT and communications analysis inside your organization
• · Introduction to programmable logic controllers, function block diagrams, ladder logic, points/tags, communications and OLE for process control (OPC) / Human Machine Interface (HMI) programming
• · Sensor and actuator design analysis using customizable I/O control system trainer units
• · Performing physical-cyber-operational assessments and penetration tests
• · Hardware hacking networks, mice, technician PLC/PAC USB cables and more within control systems
• · Analyze small-scale mock control system environments (i.e. Traffic Light)
• · AB PCCC, Ethernet/IP, DNP3, IEC Variants, ICCP, Modbus communication protocol overview, analysis and fuzzing
• · Control system cyber asset and communication protocol exploit analysis and development
• · Integrating and monitoring layered operational, cyber and physical controls
• · Simulated control system red team / blue team exercise