This course addresses the quality and understanding employees and contractors need to have on the topic of Cyber Security for the IACS space. The access granted to IACS networks is often the same for employees and contractors. The seriousness of access must be established with a joint work process similar to a Job Safety Assessment. The Job Cyber Assessment is a work process to protect both client and contractor from inadvertent impact on the given IACS cyber protective system The ability to access the client’s network without an impact on the IACS cyber protective systems whilst leveraging the tools on site requires a clear understanding of the following.
Skills You Will Learn:
Regulatory, Industry & Client Standards - This section of the training is to provide the attendee a high level view of the standards that apply NIST, DHS, NERC/CIP, ISA, IEC
Automation Cyber Hygiene - This section provides practices and tactics regards the IACS that are aligned with the proper level of cyber hygiene for IACS systems that addresses Client Standards Awareness, How to handle & manage; Portable Media, Downloadable Content, Software & Hardware Equipment Inventory
Cyber Job Assessment - This section provides pragmatic guidance and rationale for the creation of a Job Cyber Assessment that leads to standard operating & maintenance procedures when accessing IACS networks that pose high risk to the corporation. These cover topics such as Scope, Tools, Approach, Limits of authority, Portable Media Scope Internet file scope, Firmware third-party tools, zone and conduit review/awareness.
IACS Access - This section provides guidance on Access, Authorization and audit logs for MOC. Tools, access points, Temporary passwords and logons for IACS Access
SW/HW Inventory - This section provides guidance on SW/HW inventory that needs to be managed & maintained be on site for the contracted work. Specific applications to avoid, Documentation of hardware set and secure custody responsibility for purchased equipment
Offsite work - This section provides guidance for offsite, protocol for offsite engineering scope for IACS equipment Access log, MOC procedures, Internet file down load expectations, procurement stewardship, PC’s and versions management, Equipment Security, etc.
Onsite work - This section provides guidance for on-site protocol for on-site engineering scope for IACS equipment Access log, MOC, JCA, physical security Backup, Client Cyber Checklist, procurement stewardship, purchasing standard terms and conditions for software development, etc.
Target Audience
- Control Engineer
- Maintenance / Instrumentation Technician
- Project Engineer
- Electrical Engineer
- Engineering/Operations Management
- Operator
- Other: IT Personnel, Risk Managers
Duration: 2 Days