ISA Unveils Critical Infrastructure Security Training

ISA Unveils Critical Infrastructure Security Training

The International Society of Automation (ISA) has unveiled the ISA/IEC 62443-based cybersecurity training and certificate program.

Developed in partnership with aeSolutions, the program is designed to arm professionals with the knowledge to identify and mitigate vulnerabilities in industrial automation and control systems, which represent an increasingly diverse and extensively connected set of technologies. ICS controls and automates significant portions of our connected society, including power moving through the electrical grid, oil flowing through pipelines, travelers commuting on rail systems, and systems controlling pharmaceutical and food manufacturing.

The certification program is focused on giving those involved in industrial IT and ICS a way to improve their understanding of, and acquire a command of the principles covered in, the ISA/IEC 62443 series of standards. These standards apply to all key industry sectors and critical infrastructure.

The program consists of four training courses. The fundamentals course is two days in length, while additional three-day courses take deeper dives into risk assessment, design and maintenance. All the courses include extensive high-quality hands-on labs.

“It was an honor for me and my team to work with ISA, to fulfill our mutual vision to develop a practical, standards-based curriculum, that will quickly enable industrial IT and automation professionals with the knowledge and skills needed to protect their companies’ ICS systems,” said John Cusimano, director of Industrial Cybersecurity at aeSolutions. “I am particularly thankful to the ICS vendors who provided ISA with hardware, software and support to make the hands-on labs extremely realistic.”

After attending each course, students may take an exam to demonstrate their command of the material. Students taking all four courses, and passing all four exams, are awarded the title of “ISA/IEC 62443 Cybersecurity Expert.”

In addition to the training materials, the aeSolutions’ industrial cybersecurity team created exercises to take students from a variety of backgrounds and introduce them to a range of technology solutions, such as passive and active vulnerability scanning, intrusion detection, network monitoring, industrial firewalls, white listing, secure remote access, PLC configuration management and system hardening.

The move comes as threats to industrial control systems are on the rise: More incidents involving ICS operators—organizations that use and maintain ICS as part of their operations—occurred in 2015 than any year prior. According to Booz Allen, the number of incidents reported to US authorities rose by 17% in FY 2015—and for the first time since ICS-CERT began tracking reported incidents in 2009, critical manufacturing experienced more incidents than the energy sector.

Photo © Dim Tik

Source: Information Security Magazine