Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security solutions appropriatefor traditional IT environments and those appropriate for SCADA or plant floor environments.
With the move to using open standards, such as Ethernet, Transmission Control Protocol/Internet Protocol (TCP/IP), and web technologies, in supervisory control and data acquisition (SCADA) and process control networks (PCN), systems are being exposed to the same cyberattacks facing corporate information systems, protecting control systems is more important than ever.
Who Should Attend IC32?
- Control systems engineers and managers
- System integrators
- IT engineers and managers in industrial facilities
- Plant managers
- Plant safety and risk management personnel
View Offerings by Format
Classroom (IC32)Length: 2 days |
Virtual Classroom (IC32V)Length: 2 days |
|
Instructor-Guided Online (IC32E)Length: 8 weeks |
Self-Paced Modular (IC32M)Length: 12 Modules, (25-65 minutes each) |
Visit our course formats page for a detailed description of each format.
Note: A one-day overview version of this course is available as part of a custom training solution. Contact ISA Customer Service at info@isa.org or by calling +1 919-549-8411.
Learning Objectives
This course includes a broad list of learning objectives you will be able to achieve upon completing this course.
- Discuss the principles behind creating an effective long-term program security
- Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
- Define the basics of risk and vulnerability analysis methodologies
- Describe the principles of security policy development
- Explain the concepts of defense in depth and zone/conduit models of security
- Analyze the current trends in industrial security incidents and methods hackers use to attack a system
- Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks
- Describe how secure software development strategies can make systems inherently more secure
- Explain how systems security is verified
Topics Covered
- Understanding the current industrial security environment
- Establishing an industrial automation and control systems security program
- Regulations and standards, ISA/IEC 62443 series and ISA99 committee
- Networking basics
- Network security basics
- Industrial protocols
- Introduction to patch management in the IACS environment
- Security risk assessment and system design introduction
- Security program requirements for IACS service providers and developing secure products
Exercise
- Packet Capture (PCAP) Live Capture Analysis (Note: this hands-on exercise is only available for the in-person classroom-format. The exercise will be presented as a demonstration for all online course formats.)
Resources Included
Standards*
- ISA-62443-1-1-2007, Security for industrial automation and control systems – Part 1: Terminology, concepts & models
- ISA-62443-2-1-2009, Security for industrial automation and control system – Part 2-1: Establishing an industrial automation and control systems security program
- ANSI/ISA-62443-3-3, Security for industrial automation and control systems: System security requirements and security levels
Recommended Reading
Recommended Prerequisites
There are no required prerequisites for taking this course; however, it is highly recommended that applicants meet one of the three recommended requirements to be successful in this course.- A minimum of one to three years of experience in the cybersecurity field and some experience in an industrial setting
- Successful completion of ISA courses:
- Knowledge and/or experience equivalent to that of the previous bullets is strongly recommended