Können - Foster your Digital Transformation OT - IT

July 13, 2021

OT-IACS Cybersecurity Training

Introduction and awareness training

OT-IACS Cybersecurity Training

OT-IACS Cybersecurity introduction - Awareness Training

เรียบเรียง ตาม Framework

ISA/IEC 62433

อ้างอิง ข้อ แนะนำการนำไปประยุกติ์ จาก

NIST SP 800-82

and also knowledge sharing and discussion from a decade of experience in Control system implementation

OT-Industrial Cyber security Awareness Training

Raise awareness for your IT/ OT-ICS personal of current industrial Cybersecurity, differences and similarities, general Cybersecurity basics and industrial Cybersecurity specifics.

Personal will learn to clarify the key differences between typical OT-ICS and pure IT network, and understand the evolution in OT-ICS Cybersecurity.

Course Goal:

  • Understand OT-ICS Network basics: typical topology, components, protocols
  • Understand Information security basics: attack vectors, threats, vulnerabilities, etc.
  • Know principle to Identify countermeasures: segmentation and etc.
  • Getting to know standard and recommendations

Course Contents:

  • ICS Cybersecurity Landscape

    • Recognize Cybersecurity in your overall risk management process.
    • Identify types of ICS threats, vulnerabilities, and consequences.
  • Difference between IT and ICS

    • Network basics: the architecture and topology of IT and ICS
    • Common ICS component
    • Identify ICS type
    • Discuss Data flow within ICS
    • Recognize ICS communication typologies and methods
  • Attack Methodologies in IT & ICS

    • Describe the anatomy of a Cyber attack.
    • Recognize how attack methods can apply to control systems.
  • Countermeasures

    • Standard and Practice

Introduction to ISA/IEC 62443 – Standard and aspect of NIST SP 800 - 82

Getting to know a structural concept, approach and methodology when consider managing ICS Cybersecurity

Course Goal:

  • Discuss the need and importance for control system security
  • Learn about current principles and best practices
  • Understand the structure and content of the ISA/IEC 62443 series of documents and NIST SP 800 - 82 framework
  • Discuss the principles behind the creating of an effective long term program security
  • Learn the basics of risk analysis, industrial networking and network security
  • Understand the concepts of defense in depth and zones and conduits
    • Learn how to apply key risk mitigation techniques in principle
    • Visit the recommendation and key takeaway from NIST SP800 - 82

Course Contents:

  • Control System cybersecurity – by definition

    • Trend and potential impact
  • Reference standard – ISA/IEC62443 and NIST SP 800 - 82 Framework

    • Structure, Phase, Role, responsibility discussion
    • Approach and development of NIST SP 800 - 82
  • Concept used in ISA/IEC62443 and NIST SP 800 - 82

    • Defense-in Depth
    • Zones and Conduits
    • Model
    • Steps and instructions recommended by NIST Framework
  • Cybersecurity requirements, assumptions and constraints

    • Need to address security
  • Applying ISA IEC62443 in control system and what NIST SP 800 - 82 has recommended

  • Security Risk Assessment and System Design

    • Security Levels (SL)
    • Foundational Requirements (FR)
  • Establishing an Industrial Automation and Control Systems Security Program

    • Process to Develop a CSMS
  • Cybersecurity Life Cycle for IACS


email: nuttapong@koennen.co.th; Tel. 66 62 3944987, 66 81 9062927