SA introduces new, enhanced suite of integrated industrial cybersecurity courses and certificate programs addressing the IACS lifecycle
“No organization has a more complete set of industrial cybersecurity courses and certificate programs and is better capable of providing the all-encompassing, expert training needed to develop a highly skilled and well-prepared industrial cybersecurity workforce than ISA”
Research Triangle Park, North Carolina, USA (30 June 2015) - Building on its global leadership in industrial cybersecurity and its commitment to help prepare a new generation of workers capable of preventing potentially catastrophic cyberattacks, the International Society of Automation (ISA) today introduces its expanded suite of industrial automation and control system (IACS) cybersecurity training, including three new technical training courses with associated certificate programs.
The three new ISA industrial cybersecurity training courses include:
* Assessing the Cybersecurity of New or Existing IACS Systems (IC33)
* IACS Cybersecurity Design & Implementation (IC34)
* IACS Cybersecurity Operations & Maintenance (IC37)
By combining these three new courses and aligned certificate programs with its current course offerings in IACS security—Using the ANSI/ISA-62443 Standards to Secure Your Industrial Control System (IC32); Cybersecurity for Automation, Control, and SCADA Systems (IC32E); and Introduction to Industrial Automation Security and the ANSI/ISA-62443 Standards (IC32C)—ISA is able to deliver a comprehensive set of industrial cybersecurity training solutions and address the complete "lifecycle" of cybersecurity training requirements.
ISAs cybersecurity certificate programs are offered to those who successfully complete the requirements of ISAs cybersecurity courses. Passage of each of the three new certificate exams bestows specialist recognition—enhanced evidence and endorsement of a cybersecurity professionals subject-matter proficiency.
ISA already offers a first tier, introductory cybersecurity certificate exam—leading to the designation as ISA99 Cybersecurity Fundamentals Specialist—for those who complete ISA courses IC32 or IC32E. Those who complete all four core ISA cybersecurity courses (IC32, IC33, IC34 and IC37) and pass all corresponding certificate exams will achieve the designation level of ISA99 Cybersecurity Expert. However, individuals may explore the training and designation that are most appropriate based upon their current experience and job requirements.
"No organization has a more complete set of industrial cybersecurity courses and certificate programs and is better capable of providing the all-encompassing, expert training needed to develop a highly skilled and well-prepared industrial cybersecurity workforce than ISA," declares Dalton Wilson, ISAs Director of Education Services. "We now provide everything from a general overview of industrial automation security to detailed instruction on how to best leverage ISAs series of industrial cybersecurity standards through a full-circle exploration of IACS assessment, design, implementation, operations and management."
At the core of ISAs marketplace leadership in IACS cybersecurity training is the ISA/IEC 62443 set of standards, which are proven to prevent and mitigate IACS security vulnerabilities across all key industry sectors and critical infrastructure. Reducing these vulnerabilities is critical since they can open the door to potentially devastating cyber damage to the industrial plant systems and networks used in power generation, water treatment, refineries and other vital industrial facilities.
The ever-rising volume of industrial cyberattacks combined with the increasing diversity and sophistication of cyberwarfare tactics have generated a tremendous demand for qualified industrial cybersecurity professionals. In fact, the demand for cybersecurity professionals is growing 12 times faster than the overall job market.
Outlined below are descriptions and other important information on each of the three new ISA cybersecurity courses and related certificate exams.
Assessing the Cybersecurity of New or Existing IACS Systems (IC33)
This course provides students with the information and skills needed to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the needs of the project.
Upon completion of this course, students can expect to be able to:
* Identify and document to scope of the IACS under assessment
* Specify, gather or generate the cybersecurity information required to perform the assessment
* Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
* Organize and facilitate a cybersecurity risk assessment for an IACS
* Identify and evaluate realistic threat scenarios
* Identify gaps in existing policies, procedures and standards
* Establish and document security zones and conduits
* Prepare documentation of assessment results
Who should attend?
* Control systems engineers and managers
* System integrators
* IT engineers and managers of industrial facilities
* IT corporate/security professionals
* Plant safety and risk management professionals
Note that completion of ISA's IC32 course or equivalent knowledge or work experience is a pre-requisite for registering for this course. This course is required to sit for the ISA99 Cybersecurity Risk Assessment Specialist certificate exam.
For more detail on the topics covered; classroom/laboratory exercises, course locations, date and times; and how to register; visit the IC33 course page.
IACS Cybersecurity Design & Implementation (IC34)
This course provides students with the information and skills needed to select and implement cybersecurity countermeasures for a new or existing IACS in order to achieve the target security level assigned to each IACS zone or conduit. Additionally, students will learn how to develop and execute test plans to verify that the cybersecurity of an IACS solution has properly satisfied the objectives in the cybersecurity requirements specification.
Upon completion of this course, students can expect to be able to:
* Interpret the results of an IACS cybersecurity risk assessment
* Develop a cybersecurity requirements specification (CRS)
* Develop a conceptual design based upon information in a well-crafted CRS
* Explain the security development lifecycle process and deliverables
* Perform a basic firewall configuration and commissioning
* Design a secure remote access solution
* Develop system hardening specification
* Implement a basic network intrusion detection system
* Develop a Cybersecurity Acceptance test plan (CFAT/CSAT)
* Perform a basic CFAT or CSAT
Who should attend?
* Control systems engineers and managers
* System integrators
* IT engineers and managers of industrial facilities
* Plant managers
* Plant safety and risk management professionals
Note that completion of ISA's IC32 and IC33 courses or equivalent knowledge or work experience is a pre-requisite for registering for this course. This course is required to sit for the ISA99 Cybersecurity Design Specialist certificate exam.
For more detail on the topics covered; classroom/laboratory exercises, course locations, date and times; and how to register; visit the IC34 course page.
IACS Cybersecurity Operations & Maintenance (IC37)
This course provides students with the information and skills needed to detect and troubleshoot potential cybersecurity events and to maintain the security level of an operating system throughout its lifecycle despite the challenges of an ever-changing threat environment.
Upon completion of this course, students can expect to be able to:
* Perform basic network diagnostics and troubleshooting
* Interpret the results of IACS device diagnostic alarms and event logs
* Develop and follow IACS backup and restoration procedure
* Understand the IACS patch management lifecycle
* Develop and follow an IACS patch management procedure
* Develop and follow an antivirus management procedure
* Define the basics of application control and whitelisting tools
* Define the basics of network and host intrusion detection
* Define the basics of security incident and event monitoring tools
* Develop and follow an incident response plan
* Develop and follow an IACS management of change procedure
* Conduct a basic IACS cybersecurity audit
Who should attend?
* Operations and maintenance personnel
* Control systems engineers and managers
* Systems integrators
* IT engineers and managers of industrial facilities
* Plant safety and risk management professionals
Note that completion of ISAs TS06, TS12, TS20, IC32, IC33 and IC34 courses or equivalent knowledge or work experience is a pre-requisite for registering for this course. This course is required in order to sit for the ISA99 Cybersecurity Maintenance Specialist certificate exam.
For more detail on the topics covered; classroom/laboratory exercises; course locations, dates and times; and how to register; visit the IC37 course page.
About ISA Education & Training
ISA is recognized worldwide as a leader in non-biased, vendor-neutral education and training programs for automation professionals. Industry professionals—whether an experienced engineer, practicing technician, or newcomer to the industry—can hone their skills at ISAs regional training centers, through onsite training programs at their company, or via distance education.
About ISA
The International Society of Automation (www.isa.org) is a nonprofit professional association that sets the standard for those who apply engineering and technology to improve the management, safety, and cybersecurity of modern automation and control systems used across industry and critical infrastructure. Founded in 1945, ISA develops widely used global standards; certifies industry professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its 36,000 members and 350,000 customers around the world.
ISA owns Automation.com, a leading online publisher of automation-related content, and is the founding sponsor of The Automation Federation (www.automationfederation.org), an association of non-profit organizations serving as "The Voice of Automation." Through a wholly owned subsidiary, ISA bridges the gap between standards and their implementation with the ISA Security Compliance Institute (www.isasecure.org) and the ISA Wireless Compliance Institute (www.isa100wci.org).