Program
The training is designed to cover all the topics presented below in 3 days.
Day 1
Introduction, Definition & General Concepts
- Definitions & Vocabulary
- Statement & challenges of cybersecurity in the OT world
- The scope of cybersecurity in the company / in the projects
- Types of cyberattacks applicable for OT
- IEC 62443 Architecture of the standard
- IEC 62443 Common Concepts
- Overview of IEC 62443: different sub-parts, global structure
Introduction to the Automation world
- Description of IACS layers
- ICS components
- Protocols used in OT
Cybersecurity Organization
- Threats and risks in organization security
- Requirements for an IACS security management system (IEC 62443-2-1)
Life cycle & Risk assessment
- The life cycle of products and IACS (IEC 62443-1-1)
- Zones and conduits: concepts
- Risk assessments / Architecture partitioning (IEC 62443-3-2)
Day 2
Focus on IEC 62443-3-3 & 4-2
- Description of Security Requirements (SR) and Component Requirements (CR)
- Specific requirements for dedicated devices
A detailed review of requirements
- System Security Requirements and security level, IEC 62443-3-3
- Differences between IEC 62443- 3-3 and IEC 62443- 4-2
- Usual Questions
- Pieces of evidence
- Testing aspects
Key security mechanisms
- Authentication, encryption, signature
- Defense-in-depth, least privileges, reduce attack surfaces.
- Security by design, Segmentation,
- Vulnerabilities, pentesting, patch management
Day 3
Focus on IEC 62443-2-4
- Description of Functional areas
- Maturity model
Focus on IEC 62443-4-1
- Description of the security practices (SM, SRs, SD, SI, SVV, DM, SUM, SG)
- A detailed review of requirements
- Questions
- Pieces of evidence
- Audit
Overview of certification under the IECEE scheme
- IECEE organization and its activities
- CBTL & NCB
- IECEE 62443 Certifiable parts
- Templates, certification rules
Use case - Ukraine power grid cyberattack