Aperçu du cours
According to Gartner, OT security is defined as “the set of practices and technologies used to (a) Protect people, resources, and information, (b) Monitor and/or control devices, processes, and events, and (c) Initiate change within enterprise OT systems.” OT security solutions span a wide range of security technologies, from next-generation firewalls to SIEM systems, and deploy different layers of protection.
Historically, OT-specific cybersecurity was not necessary, since OT systems were not connected to the Internet. Therefore, they were not exposed to external threats. As digital innovation initiatives progress, and IT and OT networks converge, companies have tended to deploy standalone tools to address specific issues. These approaches to OT security have resulted in a complex network that no longer shares information or provides the necessary visibility.
Often, IT and OT networks operate separately, resulting in a duplication of security efforts and a lack of transparency in operations. These IT/OT networks cannot track what is happening across the entire attack surface. Because of different referees in security organization of both platforms, this results in two separate security teams protecting their respective network perimeters.
When looking into OT, the biggest subset is ICS. ICS (Industrial Control System) is a broad term that embodies both SCADA and DCS.
Prérequis
- Basic understanding of IT systems (Linux/Windows)
- Basic networking knowledge
- Basic system administration
Objectifs pédagogiques
- Understand ICS components
- Understand the different layers/levels
- Enhance threat handling
Public ciblé
- Cybersecurity expert
- OT expert in charge of the security
Programme de formation
-
Overview of ICS
-
Processes & Roles
-
Industries
-
-
Purdue Model
-
Levels 0 and 1 : Controllers and Field Devices
-
Levels 0 and 1 : Programming Controllers
-
Levels 2 and 3 : HMIs, Historians, Alarm Servers
-
Levels 2 and 3 : Specialized Applications and main Servers
-
Levels 2 and 3 : Control Rooms and Plants
-
Levels 2 and 3 : SCADA
-
-
IT & ICS Differences
-
ICS Life Cycle Challenges
-
-
Secure Network Architectures for ICS
-
Design example
-
-
ICS Attack Surface
-
Threat Actors and Reasons for Attack
-
Attack Surface and Inputs
-
Vulnerabilities
-
Threat/Attack Models
-
-
Level 0 and 1
-
Attacks Schemes
-
Control Things Platform
-
Technologies
-
Fieldbus Protocol Families
-
Defenses
-
-
Ethernet and TCP/IP
-
Ethernet Concepts
-
TCP/IP Concepts
-
ICS Protocols over TCP/IP
-
Wireshark and ICS Protocols
-
Attacks on Networks
-
-
Enforcement Zone Devices
-
Firewalls and NextGen Firewalls
-
Data Diodes and Unidirectional Gateways
-
NIDS/NIPS and Netflow
-
-
Understanding Basic Cryptography
-
Crypto Keys
-
Encryption, Hashing, and Signatures
-
-
Level 2 and 3
-
Historians and Database
-
HMI and UI Attacks
-
Web-based Attacks
-
Password Defenses
-
-
Wireless Technologies
-
Satellite and Cellular
-
Mesh Networks and Microwave
-
Bluetooth and Wi-Fi
-
-
Wireless Attacks and Defenses
-
Risks of Wireless
-
Sniffing, DoS, Masquerading, Rogue AP
-
-
Patching ICS Systems
-
Patch Decision Tree
-
Vendors, CERTS, and Security Bulletins
-
-
Defending IT Systems
-
Microsoft : Windows Services
-
Microsoft : Windows Security Poolicies and GPOs
-
Linux : Differences with Windows
-
Linux Daemons, SystemV, and SystemD
-
-
Endpoint Protection and SIEMS
-
Application Runtime and Execution Control
-
Configuration Integrity and Containers
-
Logs in Windows and Linux
-
-
Event Logging and Analysis
-
Windows Event Logs and Audit Policies
-
Syslog and Logrotate
-
-
Internet connectivity
-
Honeypots
-
Attacks on the perimeter
-
-
ICS Cybersecurity Programs
-
Starting the Process
-
Frameworks: ISA/IEC 62443, ISO/IEC 27001, NIST CSF
-
Using the NIST CSF
-
-
ICS Cybersecurity Policy
-
Policies, Standards, Guidance, and Procedures
-
Culture and Enforcement
-
Examples
-
-
Measuring Cybersecurity Risk
-
Quantitative vs Qualitative
-
Traditional Models
-
-
Incident Response
-
Digital forensics
-
Key focus
-
Key sources
-
Analyze digital evidence
-
Instructeur
