What are the security risks of Control System components, communication protocols and operations?

Whether the Control System is automating an industrial facility or a local amusement park roller coaster, the system was designed to operate in a physically, cyber and operationally secure domain.  This domain extends throughout the facility using a combination of Programmable Logic Controllers, Programmable Automation Controllers, embedded logic controllers, Remote Terminal Units, as well as Human Machine Interfaces interlinked with one or a variety of communication protocols across local and long distance geographic regions.  The risks vary from simple eavesdropping or electronic denial of service to more sophisticated asset misuse and destruction.  To further compound the challenge, today there are not enough professionals with security skills to sufficiently deter, detect and defend active threats against our critical infrastructure's control systems. 

Who should attend our critical infrastructure and control system cybersecurity course for high school students?

The class establishes a high-level understanding of Critical Infrastructure and Control System cybersecurity valuable to a wide-range of students and teachers.  The class dives into real-world cybersecurity applications and satisfies those who need or want to understand the inner-workings of the systems as well as the programming behind industrial automation and the Internet of Things.  The class is applicable to:

  • Students with a base knowledge of computer architecture, logic (AND, OR, NAND, NOR), networking (wireshark, wireless and wired communication, TCP/IP model), system administration and Python or equivalent programming.
  • Students without the base-level of programming knowledge may be able to participate and excel in the course.

Control System Cybersecurity Course Features

Knowledge elements of the control system cybersecurity course:

  • Learn ladder logic and associated element cyber-physical risks
  • Vulnerability assessments and penetration tests
  • Protective physical, operational and cyber controls
  • Limiting ports and services to only those necessary
  • Situational awareness and response
  • Open source intelligence
  • Communications protocol analysis
  • Sensor, actuator and logic analysis
  • Small-scale kinetic attack and defend scenarios (e.g. heavy rail, power grid, robotics, traffic lights)

What are some of the topics in the curriculum?

  • Introduction to programmable logic controllers, function block diagrams, ladder logic, communications and OLE for process control (OPC) / Human Machine Interface (HMI) programming
  • Surveying your attack surface; Fingerprinting Control System components and communications inside your organization
  • Security Assessments of ICS Devices (PLCs, PACs, RTUs, MTUs, other embedded devices)
  • Sensor and actuator design analysis using the customized control system trainer units
  • Case study review and analysis (e.g. Bellingham Gas Pipeline; BP Texas Refinery; Washington DC Metro; Taum Sauk Dam; Polish Tram System)
  • Reviewing and analyzing CERT and ICS-CERT vulnerability notifications through the establishment of a vulnerability assessment process
  • Kinetic and non-kinetic control analysis using physical and simulated control system scenarios (e.g. small-scale physical programmed models of a robotic arm, pipeline, chemical storage and mixing, traffic lights, heavy rail, and a simulated power grid)
  • AB PCCC, Ethernet/IP, DNP3, IEC Variants, ICCP, Modbus communication protocol analysis
  • Industrial use of wireless (IEEE 802.11, 900 Mhz, GPRS and IEEE 802.15.4/Zigbee) analysis
  • Communication exploit analysis, protocol spoofing and fuzzing
  • OLE for process control attack surface, exploitation and mitigating controls
  • Performing physical-cyber-operational assessments and penetration tests
  • Analyzing and developing Control System oriented Metasploit modules
  • Understanding open source intelligence (OSINT) mechanisms used in control system social engineering operations
  • Secure remote access solutions; Architecture and operations for administrative and operations remote access
  • Integrating and monitoring layered operational, cyber and physical controls