Abhisam is pleased to announce that the popular ICS security training course, which is available as an e-course online, will now have an advanced module that can be accessed by all current learners and GOLD members. This will have many sub modules such as concepts of Kill Chains, the MITRE ATT&CK framework for ICS, Honeypots for Industrial Automation and Control systems and more.
Cybersecurity is a growing concern for all companies and organizations worldwide. However not many people are aware that IT security and OT Security are two different disciplines. IT security is what is done to make business IT systems secure (think banks, credit card unions or travel portals). OT stands for Operations Technology. Hence OT security refers to those systems that are used in manufacturing plants, storage terminals and similar to control processes and keep them safe.
OT systems are primarily Industrial Automation and Control Systems (IACS for short). This is a term that is used for a wide range of automation systems based on multiple technology platforms such as DCS (Distributed Control Systems), PLC (Programmable Logic Controllers) and SCADA (Supervisory Control and Automation Systems). Within this, we also have specialized systems such as Safety Instrumented Systems (SIS), HIPPS (High Integrity Pressure Protection Systems), BMS (Burner Management Systems) and similar.
Failures due to cyberattacks on these systems, either by targeted or non-targeted malware can cause not only production shutdowns, but also catastrophic events such as fires, explosions and loss of containment. Traditionally, these systems were analyzed using reliability models that are based on only Random Hardware failures (such as transistors blowing off or resistors getting shorted) and Systematic Failures (that take into account specification failures, improper design,etc). All of these however assume that the failures are not caused by malicious actors, which is no longer true. Several state and non-state actors have the inclination and capability of breaching these systems and causing disasters.
To prevent these, it is absolutely essential for not only IT security professionals, but also practitioners like Instrumentation, Automation and Control systems engineers to be familiar with the vulnerabilities of these systems to such attacks. Thus we must be aware of DCS security, PLC security and similar terms that are used to describe the cybersecurity of these systems.
The Abhisam Industrial Cybersecurity course is an easy way to do this. It is important to note that merely following the guidelines of evolving standards such as IEC 62443 is not enough to secure these systems, one needs to do much more and these steps are detailed in the course. Successful learners earn a Professional Competency certificate and an electronic badge from Abhisam, that can be displayed online on places like LinkedIn, that signal your clients and bosses that you are skilled in the subject.
ICS Security is a growing area of concern with several attacks having taken place in recent years after the infamous Stuxnet attack that damaged Iran’s nuclear enrichment facility at Natanz. These attacks have taken place in Germany on a Steel Mill control system, on the entire electrical distribution grid in Ukraine in peak winter, on a gas processing plant’s Safety Instrumented System in the Middle East and a ransomware attack on a pipeline management company in the US. So it is very important to be aware and prepare to secure your plant or facility control systems from such attacks.
The advanced module goes beyond the generic IEC 62443 training courses from other providers and helps the learners grasp real world issues as well.