Print this page Improving Industrial Control Systems Security
Anthony K. Ho, P.E.
Course Outline
This 4-hour PDH course reviews the recommended practice and “defense-in-depth” strategies provided by the U.S. Department of Homeland Security. It offers insight into some of the more prominent cyber risk issues and presents them in the context of industrial control systems. It provides commentary on how mitigations strategies can be developed for specific problems and provides direction on how to create a defense-in-depth security program for control system environments.
This course includes a multiple-choice quiz at the end, which is designed to enhance the understanding of the course materials.
Learning Objective
The goal of this course is to provide guidance regarding cyber mitigation strategies and how to apply them specifically to an industrial control systems environment.
At the conclusion of this course, the student will acquire the following specific knowledge and skills:
- Security Challenges within Industrial Control Systems;
- Security Profiles and Attack Methodologies;
- Defense-In-Depth Strategic Framework;
- Firewalls;
- Creating Demilitarized Zones;
- Intrusion Detection Systems;
- Policies and Procedures; and
- Security Countermeasures for Industrial Control Systems.
Intended Audience
This course is intended for control systems, process, automation, and industrial engineers.
Benefit for Attendee
Attendee of this course will be able to gain a better understanding on the security challenges that today’s industrial control systems are facing and develop countermeasures for such threats. Attendee can adopt the guidance for developing “defense-in-depth” strategies for organizations that use control system networks while maintaining multitier information architectures.
Course Introduction
Information infrastructures across many public and private domains share several common attributes regarding information technology (IT) deployments and data communications. This is particularly true in the industrial control systems domain where an increasing number of organizations are using modern networking to enhance productivity and reduce costs by increasing the integration of external, business, and control system networks. However, these integration strategies often lead to vulnerabilities that greatly reduce the cybersecurity posture of an organization and can expose mission-critical industrial control systems to cyber threats.
Course Content
The course content is contained in the following PDF file:
Improving Industrial Control Systems Security
Please click on the above underlined hypertext to view, download or print the document for your study. Because of the large file size, we recommend that you first save the file to your computer by right clicking the mouse and choosing "Save Target As ...", and then open the file in Adobe Acrobat Reader. If you still experience any difficulty in downloading or opening this file, you may need to close some applications or reboot your computer to free up some memory.
Course Summary
Industrial control systems are an integral part of critical infrastructure, helping facilitate operations in vital sectors such as electricity, oil and gas, water, transportation, and chemical. A growing issue with cybersecurity and its impact on industrial control systems have highlighted some fundamental risks to critical infrastructures. To address cybersecurity issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. A holistic approach, one that uses specific countermeasures to create an aggregated security posture, can help defend against cybersecurity threats and vulnerabilities that affect an industrial control system. This approach, often referred to as “defense-in-depth,” can be applied to industrial control systems and can provide for a flexible and useable framework for improving cybersecurity defenses.
Concerns in regard to cybersecurity and control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to other networks. These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability can preclude using contemporary cybersecurity solutions. An industrial control system’s connectivity to a corporate, vendor, or peer network can exacerbate this problem.
Related Links
For additional technical information related to this subject, please visit the following websites or web pages:
Department of Homeland Security: Cyber Security Procurement Language for Control Systems
Critical Infrastructure and Control Systems Security Curriculum
Defense in Depth: A practical strategy for achieving Information Assurance in today’s highly networked environments.
Quiz
Once you finish studying the above course content, you need to take a quiz to obtain the PDH credits.
DISCLAIMER: The materials contained in the online course are not intended as a representation or warranty on the part of PDH Center or any other person/organization named herein. The materials are for general information only. They are not a substitute for competent professional advice. Application of this information to a specific project should be reviewed by a registered architect and/or professional engineer/surveyor. Anyone making use of the information set forth herein does so at their own risk and assumes any and all resulting liability arising therefrom.
