Aperçu du cours
According to Gartner, OT security is defined as « the set of practices and technologies used to (a) Protect people, resources, and information, (b) Monitor and/or control devices, processes, and events, and (c) Initiate change within enterprise OT systems. » OT security solutions span a wide range of security technologies, from next-generation firewalls to SIEM systems, and deploy different layers of protection.
Historically, OT-specific cybersecurity was not necessary, since OT systems were not connected to the Internet. Therefore, they were not exposed to external threats. As digital innovation initiatives progress, and IT and OT networks converge, companies have tended to deploy standalone tools to address specific issues. These approaches to OT security have resulted in a complex network that no longer shares information or provides the necessary visibility.
Often, IT and OT networks operate separately, resulting in a duplication of security efforts and a lack of transparency in operations. These IT/OT networks cannot track what is happening across the entire attack surface. Because of different referees in security organization of both platforms, this results in two separate security teams protecting their respective network perimeters.
When looking into OT, the biggest subset is ICS. ICS (Industrial Control System) is a broad term that embodies both SCADA and DCS.
Prérequis
- Basic understanding of IT systems (Linux/Windows)
- Basic networking knowledge
- Basic system administration
Fonctionnalités
- Understand ICS components
- Understand the different layers/levels
- Enhance threat handling
Public ciblé
- Cybersecurity expert
- OT expert in charge of the security
Détails
- 21 Sections
- 63 Lessons
- 5 Days
- Overview of ICS2
- 1.1Processes & Roles
- 1.2Industries
- Purdue Model6
- 2.1Levels 0 and 1 : Controllers and Field Devices
- 2.2Levels 0 and 1 : Programming Controllers
- 2.3Levels 2 and 3 : HMIs, Historians, Alarm Servers
- 2.4Levels 2 and 3 : Specialized Applications and main Servers
- 2.5Levels 2 and 3 : Control Rooms and Plants
- 2.6Levels 2 and 3 : SCADA
- IT & ICS Differences1
- 3.1ICS Life Cycle Challenges
- Secure Network Architectures for ICS1
- 4.1Design example
- ICS Attack Surface4
- 5.1Threat Actors and Reasons for Attack
- 5.2Attack Surface and Inputs
- 5.3Vulnerabilities
- 5.4Threat/Attack Models
- Level 0 and 15
- 6.1Attacks Schemes
- 6.2Control Things Platform
- 6.3Technologies
- 6.4Fieldbus Protocol Families
- 6.5Defenses
- Ethernet and TCP/IP5
- 7.1Ethernet Concepts
- 7.2TCP/IP Concepts
- 7.3ICS Protocols over TCP/IP
- 7.4Wireshark and ICS Protocols
- 7.5Attacks on Networks
- Enforcement Zone Devices3
- 8.1Firewalls and NextGen Firewalls
- 8.2Data Diodes and Unidirectional Gateways
- 8.3NIDS/NIPS and Netflow
- Understanding Basic Cryptography2
- 9.1Crypto Keys
- 9.2Encryption, Hashing, and Signatures
- Level 2 and 34
- 10.1Historians and Database
- 10.2HMI and UI Attacks
- 10.3Web-based Attacks
- 10.4Password Defenses
- Wireless Technologies3
- 11.1Satellite and Cellular
- 11.2Mesh Networks and Microwave
- 11.3Bluetooth and Wi-Fi
- Wireless Attacks and Defenses2
- 12.1Risks of Wireless
- 12.2Sniffing, DoS, Masquerading, Rogue AP
- Patching ICS Systems2
- 13.1Patch Decision Tree
- 13.2Vendors, CERTS, and Security Bulletins
- Defending IT Systems4
- 14.1Microsoft : Windows Services
- 14.2Microsoft : Windows Security Poolicies and GPOs
- 14.3Linux : Differences with Windows
- 14.4Linux Daemons, SystemV, and SystemD
- Endpoint Protection and SIEMS3
- 15.1Application Runtime and Execution Control
- 15.2Configuration Integrity and Containers
- 15.3Logs in Windows and Linux
- Event Logging and Analysis2
- 16.1Windows Event Logs and Audit Policies
- 16.2Syslog and Logrotate
- Internet connectivity2
- 17.1Honeypots
- 17.2Attacks on the perimeter
- ICS Cybersecurity Programs3
- 18.1Starting the Process
- 18.2Frameworks: ISA/IEC 62443, ISO/IEC 27001, NIST CSF
- 18.3Using the NIST CSF
- ICS Cybersecurity Policy3
- 19.1Policies, Standards, Guidance, and Procedures
- 19.2Culture and Enforcement
- 19.3Examples
- Measuring Cybersecurity Risk2
- 20.1Quantitative vs Qualitative
- 20.2Traditional Models
- Incident Response4
- 21.1Digital forensics
- 21.2Key focus
- 21.3Key sources
- 21.4Analyze digital evidence
Instructeur
