North American ICS & SCADA Summit

Lake Buena Vista, FL | Wed, Feb 6 - Fri, Feb 15, 2013
This event is over,
but there are more training opportunities.

Critical Infrastructure and Control System Cybersecurity

Excellent course allowing you to get hands-on with ICS in a fun and understandable learning environment.

Ben, MOD

Hands on training is the true test of what you've learned. Understanding the real life implementation is critical.

Daniel Williams, Imperial Oil

What are the security risks of Control System components, communication protocols and operations?

Whether the Control System is automating an industrial facility or a local amusement park roller coaster, the system was designed to operate in a physically, cyber and operationally secure domain. This domain extends throughout the facility using a combination of Programmable Logic Controllers, Programmable Automation Controllers, embedded logic controllers, Remote Terminal Units, as well as Human Machine Interfaces interlinked with one or a variety of SCADA systems and communication protocols across local and long distance geographic regions. The risks vary from simple eavesdropping or electronic denial of service to more sophisticated asset misuse and destruction. To further compound the challenge, today there are not enough professionals with security skills to sufficiently deter, detect and defend active threats against our critical infrastructure's control systems.

How can we progress from Control System security policy development to design, deployment, and assessment?

This course was designed to help organizations struggling with control system cybersecurity by equipping personnel with the skills needed to design, deploy, operate, and assess a control system's cybersecurity architecture. The course begins by quickly describing the risks and then introducing the participants to a customizable actuator and sensor control system trainer and programmable logic environment. This automation programming analysis creates the platform to identify logic flaws that combined with active cyber, physical, and operational procedures may lead to increased risk. The participants then utilize this knowledge to analyze the control system architecture through cyber, physical and operational risks including:

  • Control System component engineered, programmed and firmware logic flaws
  • Wired and wireless communication protocol analysis
  • Physical, cyber and operational procedures
  • Deterrence, detection and response to threats

The participant's knowledge is challenged through non-kinetic and kinetic analysis associated with common industry components as well as red team/blue team exercises of both physical and simulated control system environments such as Traffic Lights, Chemical Storage and Mixing, Pipelines, Robotic Arms, Heavy Rail and Power Grids.

What is critical infrastructure Control System cybersecurity?

Control Systems (Local, Distributed and SCADA systems) are used throughout the world to automate common processes. These systems need to provide reliable and safe automation for such critical infrastructures as the Bulk Electric System (BES), natural gas, oil, transportation, chemical, mining, fresh water/waste water, manufacturing, food, and defense. The critical necessities for both government and its people to survive are automated using industrial control systems. In the past decade, advances in technology have added automation that has intertwined of these systems with the Internet, wireless, business networks and traditional hardware and communications protocols. Many Control Systems (CSs) are in some way electronically connected to networks of less trust, potentially even a slight distance away from the Internet. These CSs typically use vulnerable communication protocols. Many even use TCP/IP and in specific situations, common off-the-shelf hardware and chipsets. It is paramount to the safety of our society to sufficiently understand the architecture of and protect these critical systems.

More

  • Brief history of critical infrastructure and control systems
  • Control system risk management (Threats, Vulnerabilities and Exploits)
  • Surveying your attack surface; fingerprinting control system components and communications inside your organization
  • Introduction to programmable logic controllers, function block diagrams, ladder logic, points/tags, communications and OLE for process control (OPC) / Human Machine Interface (HMI) programming
  • Sensor and actuator design analysis using customizable I/O control system trainer units
  • Performing physical-cyber-operational assessments and penetration tests
  • Hardware hacking networks, mice, technician PLC/PAC USB cables and more within control systems using a Teensyduino++, Arduino and Netduino Plus
  • Analyze small scale mock control system environments
  • AB PCCC, Ethernet/IP, DNP3, IEC Variants, ICCP, Modbus communication protocol analysis
  • Secure remote access solutions; Architecture and operations for administrative and operations remote access
  • Integrating and monitoring layered operational, cyber and physical controls
  • Simulated power grid control system red team / blue team exercise

Hide

Notice:

SANS Hosted are a Series of Classes Presented by Other Educational Providers to Complement Your Needs for Training Outside of our Current Course Offerings.

Course Syllabus

Additional Information

Each team of two participants (a Pod) are provided training kits containing all hardware and software necessary for the course: a laptop, PLC programming software, HMI software, customizable actuator/sensor training unit, communications network and cabling, external wireless card, teensyduino++, customized Backtrack platform. The participant is not required to bring any technology to the class; however, the participant may use their own analysis tools.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

The class establishes a high-level understanding of Control System cybersecurity valuable to a wide-range of professionals, whether directly in the field or responsible for compliance. The class also dives into a great deal of real-world cybersecurity applications and satisfies those who need or want to understand the inner-workings of the systems as well as the programming behind industrial automation. Therefore, the class is applicable to:

  • Security personnel whose job involves assessing, deploying, or securing control system components, communications and operations
  • Programmers, network and system administrators supporting control systems
  • Process engineers and field technicians
  • Operations and plant management personnel
  • Control System vendor personnel
  • Penetration testers
  • NERC CIP, DHS CFATS and other Auditors who need to build deeper technical skills
  • Computer emergency response teams

Author Statement

I wrote this class so that people could understand the elements of, ethically hack and proactively defend our control systems. This course will help the participants figuratively and literally get their hands around the challenges of protecting local and geographically dispersed control environments.