OT Security - Fundamentals

Formation créée le 16/09/2022.
Version du programme : 1

Type de formation

Formation présentielle

Durée de formation

35 heures (5 jours)

OT Security - Fundamentals


Objectif de formation : According to Gartner, OT security is defined as "the set of practices and technologies used to (a) Protect people, resources, and information, (b) Monitor and/or control devices, processes, and events, and (c) Initiate change within enterprise OT systems." OT security solutions span a wide range of security technologies, from next-generation firewalls to SIEM systems, and deploy different layers of protection. Historically, OT-specific cybersecurity was not necessary, since OT systems were not connected to the Internet. Therefore, they were not exposed to external threats. As digital innovation initiatives progress, and IT and OT networks converge, companies have tended to deploy standalone tools to address specific issues. These approaches to OT security have resulted in a complex network that no longer shares information or provides the necessary visibility. Often, IT and OT networks operate separately, resulting in a duplication of security efforts and a lack of transparency in operations. These IT/OT networks cannot track what is happening across the entire attack surface. Because of different referees in security organization of both platforms, this results in two separate security teams protecting their respective network perimeters. When looking into OT, the biggest subset is ICS. ICS (Industrial Control System) is a broad term that embodies both SCADA and DCS.

Objectifs de la formation

  • Understand ICS components
  • Understand the different layers/levels
  • Enhance threat handling

Profil des bénéficiaires

Pour qui
  • Cybersecurity expert
  • OT expert in charge of the security
Prérequis
  • Basic understanding of IT systems (Linux/Windows)
  • Basic networking knowledge
  • Basic system administration

Contenu de la formation

Overview of ICS
  • Processes & Roles
  • Industries
Purdue Model
  • Levels 0 and 1 : Controllers and Field Devices
  • Levels 0 and 1 : Programming Controllers
  • Levels 2 and 3 : HMIs, Historians, Alarm Servers
  • Levels 2 and 3 : Specialized Applications and main Servers
  • Levels 2 and 3 : Control Rooms and Plants
  • Levels 2 and 3 : SCADA
IT & ICS Differences
  • ICS Life Cycle Challenges
Secure Network Architectures for ICS
  • Design example
ICS Attack Surface
  • Threat Actors and Reasons for Attack
  • Attack Surface and Inputs
  • Vulnerabilities
  • Threat/Attack Models
Level 0 and 1
  • Attacks Schemes
  • Control Things Platform
  • Technologies
  • Fieldbus Protocol Families
  • Defenses
Ethernet and TCP/IP
  • Ethernet Concepts
  • TCP/IP Concepts
  • ICS Protocols over TCP/IP
  • Wireshark and ICS Protocols
  • Attacks on Networks
Enforcement Zone Devices
  • Firewalls and NextGen Firewalls
  • Data Diodes and Unidirectional Gateways
  • NIDS/NIPS and Netflow
Understanding Basic Cryptography
  • Crypto Keys
  • Encryption, Hashing, and Signatures
Level 2 and 3
  • Historians and Database
  • HMI and UI Attacks
  • Web-based Attacks
  • Password Defenses
Wireless Technologies
  • Satellite and Cellular
  • Mesh Networks and Microwave
  • Bluetooth and Wi-Fi
Wireless Attacks and Defenses
  • Risks of Wireless
  • Sniffing, DoS, Masquerading, Rogue AP
Patching ICS Systems
  • Patch Decision Tree
  • Vendors, CERTS, and Security Bulletins
Defending IT Systems
  • Microsoft : Windows Services
  • Microsoft : Windows Security Poolicies and GPOs
  • Linux : Differences with Windows
  • Linux Daemons, SystemV, and SystemD
Endpoint Protection and SIEMS
  • Application Runtime and Execution Control
  • Configuration Integrity and Containers
  • Logs in Windows and Linux
Event Logging and Analysis
  • Windows Event Logs and Audit Policies
  • Syslog and Logrotate
Internet connectivity
  • Honeypots
  • Attacks on the perimeter
ICS Cybersecurity Programs
  • Starting the Process
  • Frameworks: ISA/IEC 62443, ISO/IEC 27001, NIST CSF
  • Using the NIST CSF
ICS Cybersecurity Policy
  • Policies, Standards, Guidance, and Procedures
  • Culture and Enforcement
  • Examples
Measuring Cybersecurity Risk
  • Quantitative vs Qualitative
  • Traditional Models
Incident Response
  • Digital forensics
  • Key focus
  • Key sources
  • Analyze digital evidence

Équipe pédagogique

Professionnel expert technique et pédagogique.

Suivi de l'exécution et évaluation des résultats

  • Feuilles de présence.
  • Questions orales ou écrites (QCM).
  • Mises en situation.
  • Formulaires d'évaluation de la formation.
  • Certificat de réalisation de l’action de formation.

Ressources techniques et pédagogiques

  • Accueil des apprenants dans une salle dédiée à la formation.
  • Documents supports de formation projetés.
  • Exposés théoriques
  • Etude de cas concrets
  • Quiz en salle
  • Mise à disposition en ligne de documents supports à la suite de la formation.