The European Agency for Network and Information Security (ENISA) in its 2011 report, ",”Protecting Industrial Control Systems. Recommendations for Europe and Member States", stated in its recommendation No. 4 the need to foster training and awareness on cyber security in industrial automation and control systems. In particular, this recommendation highlights the need for ongoing initiatives to be focused on standards and security best practices and to address, among others, crosscutting topics such as technology, security solutions, etc. It also recommends that guiding principles should be: i) to highlight particular aspects of different sectors; ii) avoid duplication with other similar initiatives; iii) ensure the quality of parties involved. Moreover, this recommendation identifies public agencies as potential leaders in this field.
In response to the needs identified by ENISA, INCIBE has developed a MOOC course on cyber security in industrial automation and control systems. This initiative is one of the results of the measures identified in the Spanish Digital Trust Plan aiming at building an ecosystem for attracting and generating talent around INCIBE, in collaboration with universities and the private sector and always looking the complementary action of other initiatives that are developing agents for the training of professionals.
Miguel Rego, Director General de INCIBE en el vídeo de bienvenida al curso
The course is primarily aimed at professionals of Information Technology (IT) with knowledge in the management of IT security, vulnerability analysis and security solutions (surely, if you're reading this publication, you have felt identified). Throughout the seven teaching units you will learn the fundamental concepts of industrial automation and control systems and infrastructures, and particularly the smart grid, including PLCs, RTUs, SCADA, MES, BATCH systems among others, as well as the fundamentals of cyber security that affect them. Aspects such as vulnerabilities, threats, risks, attack techniques, and the main good practices, principles of defense and ongoing security initiatives currently will be covered.
More specifically, if you are already interested, you should know that you will find the following contents:
- Unit 1: it will review the history of industrial automation and control, introduce the ISA-95 framework, and cover the most relevant aspects to the protection of Industrial Automation and Control Systems (IACS).
- Unit 2: This unit will describe the different automation and local control devices (E.g. PLCs, RTUs, I/O, robots) and present programming and configuration guidelines of these devices always with an eye on safety (ladder-logic programming, functional programming, etc.).
- Unit 3: which presents communications used in IACS, reviewing the three basic types of industrial communications (monitoring and control, programming and parameterization, and communication between supervisory applications). Moreover, this unit delves into the physical media and link-level technologies that are used by automation and control protocols as well as the concept of distributed periphery. The units ends by detailing the secure versions of some prominent protocols such as OPC UA and DNP3.
- Unit 4: This unit will describe the systems in charge of the supervisory control of processes and of operations management, including SCADA systems, historians, batch systems, MES systems and the novel industrial business Intelligence solutions. Moreover, the unit will also introduce some native security features of all these systems.
- Unit 5: This unit is fully devoted to the security issues of the IACS, identifying threats, vulnerabilities and risk factors. The last part of the unit will focus on the analysis of the origin of these potential incidents and takes a look at some relevant real cases.
- Unit 6: This unit begins with an approach to the protection of control systems, where the main constraints to the implementation of security measures factors are discussed. Besides, this unit presents the most important international initiatives that are helping to raise the security level of IACS and propose commonly accepted security techniques and strategies for the protection of these environments.
- Unit 7: it is the most visual and practical unit of the course. It begins with an introduction to the smart grid and its problems through a virtual tour accompanied by first class professionals in low and medium voltage infrastructures, where the various devices needed for management and control (including smart meters, concentrators, remote, etc.) are presented. Following this, the unit presents some specific business solutions that help implement the protection techniques and strategies as well as a series of attack simulations and how to avoid them or mitigate their impact.
Capturas del recorrido virtual a un entorno de media y baja tensión
The course has been developed in collaboration with S21sec, Logitek and Tecnalia, companies of international reference in the field of automation and control systems security, of automation and control systems themselves, smart grids, as well as on existing security solutions. Moreover, thanks to the contribution of the Centre for Industrial Cybersecurity, the course counts with the collaboration of professionals like Ayman AL-Issa, Patrick Miller and Ruben Santamarta.
The course, free of charge, is rich and unique in Spain and is offered through the MOOC (Massive Open Online Courses) philosophy, which is, online, massive, and open to everyone. Under this paradigm, information sharing among the community of students and collaboration between them is key to overcome the course. The course is available on the new training platform of INCIBE, which is based on this new training paradigm. The advanced course in industrial cyber security will be the first of the many topics for which courses will be offered. If you decide to register, you must know that this platform provides you with educational resources such as presentations, video tutorials, downloadable documentation, self-assessment exercises, forums where to raise questions and learn with your future colleagues, spaces where you can create collaborative notes (wikis), and tools for collaborative correction (P2P) of evaluation exercises. Additionally, you will get reputation levels (karma) in the community based on your participation in spaces for interaction among students (i.e. Forum and wiki). Moreover, once passed the mandatory activities of the course, you will have a diploma certifying that you have overcome the course.
We believe this is a unique opportunity for you, so we encourage you to register on the platform and enroll in the course as soon as possible (on October 27, contents will be already available, and the registration deadline is November 3). You also see that this course is available in both Spanish and English, thus strengthening the international vocation of the training initiatives of INCIBE. We hope it is to your liking and enjoy it as much as we enjoyed preparing it.