IACS Cybersecurity for CISOs

As a chief information security officer working in the industrial automation space, not only do you have to protect data or information, you need to be aware of the various security concerns of an environment that uses technologies to monitor and control physical processes governed by the laws of physics and chemistry. This ISA microlearning module set, titled "IACS Cybersecurity for Chief Information Security Officers (CISOs)," provides insight and understanding around the ISA/IEC 62443 series of standards that will help you work with your automation engineering colleagues to improve the safety, reliability, and performance of the physical processes within your operations.
 

IACS Cybersecurity for Chief Information Security Officers (CISOs)

 

Part 1: What CISOs Need to Know About OT Cybersecurity

Topics

• Differences between IT and OT systems
• Industrial cybersecurity terminology
• How IT and OT should work together, what should be protected in each environment, and the associated risks
• Consequences of implementing a disjointed cybersecurity program and not having a program
• Benefits of implementing the ISA/IEC 62443 Series of Standards

Modules

• Industrial Cybersecurity for the CISO—Part 1
  IT and OT have different views of cybersecurity. To implement enterprise-wide cybersecurity, there must be common terminology and mutual understanding of both environments
• Industrial Cybersecurity for the CISO—Part 2
  The CISO must understand what industrial control systems are and the terminology
• Industrial Cybersecurity for the CISO—Part 3
  This MLM discusses the importance of creating a blended team of IT and OT personnel to implement a successful cybersecurity program to ensure that all aspects of the processes and the risks—which are different in the two environments—are understood
• Security Update Management (Patching) for IACS Environments
  This MLM addresses security update management (also known as patch management) for industrial automation and control systems (IACSs).

 

Part Two: Cyber Incident Use cases

Topics

• Consequences of not implementing cybersecurity
• Why cybersecurity is vital to industries using automation and control processes as well as society as a whole; and why automation and control systems and processes are desirable targets
• Understand why cybersecurity is vital to industries using automation and control processes as well as society as a whole—automation and control systems and processes are desirable targets
• Benefits of implementing the ISA/IEC 62443 Series of Standards

Modules

• Case Study: Incident at a Water Utility
  This is a review of a hack at a water utility, how it happened, and what could have been done to prevent it
• Cyberattacks on Ukraine’s Power Grid 2015–2016—Part 1
  This is a review of the first cyberattack on the Ukrainian power grid by the Russians, how it happened, and what could have been done to prevent it
• Cyberattacks on Ukraine’s Power Grid 2015–2016—Part 2
  Cybersecurity methods are becoming more advanced and destructive. Learn what made this attack more insidious and dangerous to mediate