Industrial Cybersecurity Training
aeSolutions offers Industrial Cybersecurity training in a variety of forms and for a number of job roles. We offer trainings through partnerships with the ISA and the SANS Institute as well as bespoke developed training for you organization.
Through an agreement with the International Society of Automation (ISA), aeSolutions is proud to offer a variety of Industrial Cybersecurity courses. aeSolutions instructors are certified to lead the following ISA courses:
The move to using open standards such as Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has begun to expose these systems to the same cyberattacks that have wreaked so much havoc on corporate information systems. This course provides a detailed look at how the ANSI/ISA99 standards can be used to protect your critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.
Understanding how to secure factory automation, process control, and Supervisory Control and Data Acquisition (SCADA) networks is critical if you want to protect them from viruses, hackers, spies, and saboteurs.
This seminar teaches you the basics of the ISA/IEC 62443 standards and how these can be applied in the typical factory or plant. In this seminar, you will be introduced to the terminology, concepts, and models, as well as the element of creating a cybersecurity management system will be explained along with how these should be applied to industrial automation and control systems.
The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).
This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.
The second phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) focuses on the activities associated with the design and implementation of IACS cybersecurity countermeasures. This involves the selection of appropriate countermeasures based upon their security level capability and the nature of the threats and vulnerabilities identified in the Assess phase. This phase also includes cybersecurity acceptance testing of the integrated solution, in order to validate countermeasures are properly implemented and that the IACS has achieved the target security level.
This course will provide students with the information and skills to select and implement cybersecurity countermeasures for a new or existing IACS in order to achieve the target security level assigned to each IACS zone or conduit. Additionally, students will learn how to develop and execute test plans to verify that the cybersecurity of an IACS solution has properly satisfied the objectives in the cybersecurity requirements specification.
The third phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) focuses on the activities associated with the ongoing operations and maintenance of IACS cybersecurity. This involves network diagnostics and troubleshooting, security monitoring and incident response, and maintenance of cybersecurity countermeasures implemented in the Design & Implementation phase. This phase also includes security management of change, backup and recovery procedures and periodic cybersecurity audits.
This course will provide students with the information and skills to detect and troubleshoot potential cybersecurity events as well as the skills to maintain the security level of an operating system throughout its lifecycle despite the challenges of an every changing threat environment.
aeSolutions, a leader in industrial control system (ICS) and operational technology (OT) cybersecurity services, has partnered with SANS Institute, the global leader in cyber security training and certifications, to offer ICS cybersecurity training specifically designed to meet the needs of managers working for industrial companies.
ICS Cybersecurity for Managers
The course is a "Reader's Digest" of what the instructors have learned over the last decade regarding effective management and implementation of an ICS/OT cybersecurity program. Throughout the course, they share practical advice and illuminating anecdotes about their experiences working with both large and small companies across a wide range of industries. You will leave with a set of techniques, tools, and templates to more confidently lead your company's ICS/OT cybersecurity program.
You Will Learn About:
History and Trends in ICS Cybersecurity
Regulations that Address ICS Cybersecurity
ICS Cybersecurity Standards
Building and Managing a Cybersecurity Program
Preparing and Implementing a Governance Strategy
Quantifying and Managing ICS Cybersecurity Risk
Integrating ICS Cybersecurity into Your Organization
Implementing Security Controls to Mitigate ICS Cybersecurity Risk
Monitoring ICS Environments for ICS Cybersecurity Threats and Vulnerabilities
Operationalizing ICS Cybersecurity
aeSolutions has a library of turnkey courses created and ready for customization for your facility and your people. Our trainers will work with you to assess your specific needs and design custom course material to develop your staff’s ability to support your distinct needs.
Training specific to a project or facility may be customized with training materials and manuals for operators or technical personnel. Project classes can be scheduled at aeSolutions’ offices in conjunction with activities such as Factory Acceptance Testing, or at the client’s site in conjunction with Site Acceptance Testing.
Courses can be delivered ways ranging from a one-hour webinar or multi-day on-site workshop.