IEC62443 Training

This training provides you with an overview of the IEC62443 series of standards. It presents the main cybersecurity concepts in industrial security and includes an overview of all the requirements contained in IEC62443.

The training can be used by both cybersecurity professionals focusing on Information Technology (IT) to gain a deeper understanding of Operational Technology (OT) and also by OT professionals to gain a better understanding of cybersecurity.

About IEC62443 Series of Standards

IEC62443 is an internationally recognized family of standards providing a complete framework for assessing various actors involved in OT, also known as Industrial Automation and Control Systems (IACS). Initially designed for Industrial Control Systems (ICS), IEC 62443 is now considered a relevant standard across many industry verticals due to the holistic way in which its requirements are expressed. The series of standards was created in line with this increasing awareness of OT security.

Why should you attend?

The IEC62443 training will allow you to:

• Understand the general concepts of OT cybersecurity;
• Get an understanding of how the IEC62443 family of standards is organized;
• Deep dive into the requirements of IEC62443 standards;
• Learn about potential certification schemes based on IEC62443;
• Explore lessons learned from several case studies.

Intended Audience

Required Skills & Expertise

The training is designed to explain and deep dive into the contents of the IEC62443 series of standards. No previous knowledge of IEC62443 is necessary. Basic knowledge of cybersecurity concepts is preferred to follow the presented concepts smoothly.

Program

The training is designed to cover all the topics presented below in 3 days.

Day 1

Introduction, Definition & General Concepts

• Definitions & Vocabulary
• Statement & challenges of cybersecurity in the OT world
• The scope of cybersecurity in the company / in the projects
• Types of cyberattacks applicable for OT
• IEC 62443 Architecture of the standard
• IEC 62443 Common Concepts
• Overview of IEC 62443: different sub-parts, global structure

Introduction to the Automation world

• Description of IACS layers
• ICS components
• Protocols used in OT

Cybersecurity Organization

• Threats and risks in organization security
• Requirements for an IACS security management system (IEC 62443-2-1)

Life cycle & Risk assessment

• The life cycle of products and IACS (IEC 62443-1-1)
• Zones and conduits: concepts
• Risk assessments / Architecture partitioning (IEC 62443-3-2)

Day 2

Focus on IEC 62443-3-3 & 4-2

• Description of Security Requirements (SR) and Component Requirements (CR)
• Specific requirements for dedicated devices

A detailed review of requirements

• System Security Requirements and security level, IEC 62443-3-3
• Differences between IEC 62443- 3-3 and IEC 62443- 4-2
• Usual Questions
• Pieces of evidence
• Testing aspects

Key security mechanisms

• Authentication, encryption, signature
• Defense-in-depth, least privileges, reduce attack surfaces.
• Security by design, Segmentation,
• Vulnerabilities, pentesting, patch management

Day 3

Focus on IEC 62443-2-4

• Description of Functional areas
• Maturity model

Focus on IEC 62443-4-1

• Description of the security practices (SM, SRs, SD, SI, SVV, DM, SUM, SG)
• A detailed review of requirements
• Questions
• Pieces of evidence
• Audit

Overview of certification under the IECEE scheme

• IECEE organization and its activities
• CBTL & NCB
• IECEE 62443 Certifiable parts
• Templates, certification rules

Use case - Ukraine power grid cyberattack

Interested in this IEC62443 Training?

If you are interested in hosting this interactive and tailored training at your company, please let us know via the contact form below, at +31 (0)88 888 31 00 or email info@secura.com.