aeSolutions and ISA Brazos Section are pleased to offer:

Using the ANSI/ISA99 (IEC62443) Standards to Secure Your Industrial Control System (IC32)

Length: 2 days

CEU Credits: 1.4
Course Hours: 8:00 a.m. - 4:00 p.m.
Course: $1,585

This course is required for the ISA99/IEC 62443 Cybersecurity Fundamentals Specialist Certificate Program

Description:

The move to using open standards such as Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has begun to expose these systems to the same cyberattacks that have wreaked so much havoc on corporate information systems. This course provides a detailed look at how the ANSI/ISA99 standards can be used to protect your critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

This course is required for the ISA99/IEC 62443 Cybersecurity Fundamentals Specialist Certificate Program. You can register for the exam through ISA after completing the course.

Those who successfully complete this course and pass the exam receive the designation of ISA99/IEC 62443 Cybersecurity Fundamentals Specialist.

You will be able to:

• Discuss the principles behind creating an effective long term program security Interpret the ANSI/ISA99 industrial security guidelines and apply them to your operation 
• Define the basics of risk and vulnerability analysis methodologies 
• Describe the principles of security policy development 
• Explain the concepts of defense in depth and zone/conduit models of security 
• Analyze the current trends in industrial security incidents and methods hackers use to attack a system 
• Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks

You will cover:

• Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same 
• How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks 
• Creating A Security Program: Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program 
• Risk Analysis: Business Rationale | Risk Identification, Classification, and Assessment | The DNSAM Methodology 
• Addressing Risk with Security Policy, Organization, and Awareness: CSMS Scope | Organizational Security | Staff Training and Security Awareness 
• Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control 
• Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management 
• Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS

Classroom/Laboratory Exercises:

• Develop a business case for industrial security 
• Conduct security threat analysis Investigate scanning and protocol analysis tools 
• Apply basic security analysis tools software 

Includes ISA Standards:

• ANSI/ISA-62443-1-1 (ANSI/ISA-99.00.01-2007) - Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models 
• ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009) - Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program 
• ANSI/ISA-62443-3-3 - Security for industrial automation and control systems: System security requirements and security levels 

About the Instructor - Marco (Marc) Ayala, Senior Project Manager, aeSolutions 

Marc Ayala has been involved in process automation and safety and is active in the Chemical Sector cybersecurity effort working alongside DHS for securing the private sector.

Marc has trained extensively with INL Idaho National Labs with colleagues focusing on ICS-CERT and has worked as an end user from I&E and I&C throughout his career handling advanced process control, maintained and designed enterprise historians and has worked with enterprise-IT to perfect a direct balance of ICS/SCADA Industrial-IT and demarc with Enterprise-IT.

Marc has secured multiple chemical plant processes in the U.S.A. for CFATS (Chemical Facility Anti-Terrorism Standards) and has secured facilities in the Netherlands creating the first global ICS/SCADA security operations center (SOC) based in Houston Texas. Marc previously worked for AkzoNobel for 14 years and Siemens Process Automation as a PCS7 AE Applications Engineer for the Gulf Coast.