Asia ICS Cyber Security Workshop 2019
25 - 26 November 
IBIS Singapore on Bencoolen 

Overview

Reliable and safe operation of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) are considered critical for industries supporting the well-being on a national level.

The growing convergence of these long-separated domains calls for special attention and adoption of best practices. That being said, the ICS functionality can be also be jeopardized internally by an incentivised individual, hence appropriate preventive measures should be taken to cover internal breaches as well.

Target Audience

The introductory and advance levels workshops are aimed to empower the competency of a wide range of position holders in the ICS/SCADA arena. Graduates of this course will master the key terms, technologies, and vector activities related to the computerized control which they operate. The training program is suitable for the following groups:

  • IT personnel who need to know more on ICS/SCADA risks and defense in order to assure better collaboration amongst these teams;
  • SCADA/ICS engineers involved with design, maintenance of industrial plants and manufacturing processes;
  • Operators dealing with control of renewable and other power technology plants, sewage plants, desalination and other chemical process plants;
  • A broad range of managers interested in upgrading their technical knowledge and to be able to make informed and cost-effective investment decisions

Upon completion of this program, graduates should be able to defend critical infrastructures and comprehend the mechanisms behind it. It will also better prepare them to apply for certification in classes such as CISO and CISSP.

A certificate of completion will also be provided at the end of the Workshop.

DAY 1 

Part 1           08:30 – 12:30 Introduction to ICS Technologies

  • Introduction to ICS (SCADA, DCS, OT) architectures
  • Description of the Triangle and the Purdue ICS models
  • Roles of main computers and servers in ICS Architecture
  • Field Control units PLC, RTU, IED and Remote I/Os
  • Complementing Sensors and Field Control Devices
  • Structuring ICS architectures and installations
  • ICS Data communications; Networks and protocols
  • PLC / RTU Configuration and Programming principles

Part 2           13:30 – 17:30 ICS Cyber Security Basics

  • ICS and IT systems differences related to cyber risks
  • Introduction to ICS system Security Vulnerabilities
  • Cyber risk development through Social Engineering
  • Introduction to encryption and authentication basics
  • Technologies: Certificates, TLS 1.2, IPsec, 802.1x, Kerberos
  • External & Internal attacks: MitM, DOS, DDoS, GPS, Ransomware
  • Brief overview on ICS cyber attacks in the last decade
  • Cyber defense achieved by PPT, CIA, SRP and RDC

DAY 2

Part 1           08:30 – 12:30 to ICS and Cyber Security Vulnerabilities

  • Building and defining wireless-based ICS
  • Implementation for IIoT in ICS architectures
  • Cyber risks and defense measures for IIoT
  • Industrial Cyber Kill Chain attack step-by-step process
  • Step-by-step description of an attack on ICS
  • Products Overview: Firewalls, DMZ, UGW, SIEM, Deception
  • Systems Overview: Visibility Analysis, Sensor Monitoring
  • Communications and Process Anomaly detection with IDS

Part 2           13:30 – 17:30 ICS Cyber Security Risk and Defense

  • Cyber secured ICS Maintenance procedures
  • Connection between Safety and Cyber Security
  • Step-by-step description: Safety disaster prevention
  • Cyber secure project / program designing
  • Cyber secured System Integration and testing
  • Best practices to enhance ICS-IIoT Cyber defense
  • Periodic assessment directed to ICS Cyber security
  • Applicable standards: NERC-CIP, IEC 62443, NIST 800-82, NIST Framework 1.1

About the Trainer

Daniel Ehrenreich 2

Interview (Nov 2018) with Magda Chelly during Asia ICS Cyber Security Conference 2018

Daniel Ehrenreich, BSc. is a Consultant and Lecturer acting at SCCE - Secure Communications and Control Experts, teaching in cyber security colleges and presenting at industry conferences on integration of cyber defense with ICS; Daniel has over 25 years’ engineering experience with electricity, water, gas and power plants systems as part of his activities at Tadiran, Motorola, Siemens and Waterfall Security. Daniel is certified lead auditor for ISO 27001-2013 and was re-selected as Chairman for the ICS Cybersec 2019, taking place in Israel September 2019 and the Asia Cyber Security Conference in Singapore taking place in November 2019.