Industrial ICS/OT Cybersecurity A to Z as per NIST 800-82
- Description
- Curriculum
- FAQ
- Reviews
Industrial cybersecurity based on the NIST guidelines. OT is critical to the operation of critical infrastructures, which are often highly interconnected, mutually dependent systems. It is important to note that while federal agencies operate many of the nation’s critical infrastructures, many others are privately owned and operated.
This course is created after thoroughly understanding and practically implementing in the OT environment, so this 6-hour course is summarised version of the NIST 800-82 standard. It will help to understand what it contains and how it should be understood. So, following are the basic topics which we will cover in this course:
1. OT Overview: DCS/PLC/PLC/BACS/PACS
2. About Cybersecurity program development
3. Risk Management for OT systems
4. OT Cybersecurity Architecture
5. Cybersecurity Framework
6. OT Security capabilities and tools
After finishing this course, you will have following understanding:
1. Good grasp of NIST 800-82 Standard
2. What technologies are required for securing a OT infrastructure.
3. What is cybersecurity framework
4. What to do to achieve defense in depth architecture
5. Why cybersecurity program is required and how to set up
6. Feel confident about referring standards in professional discussions
7. Will help in cracking interviews
This course provides guidance for establishing secure operational technology (OT) while addressing OT’s unique performance, reliability, and safety requirements. OT encompasses a broad range of programmable systems and devices that interact with the physical environment (or manage devices that interact with the physical environment). These systems and devices detect or cause a direct change through monitoring and/or control of devices, processes, and events.
-
2
OT Based system and their interdependenciesWill learn about types of OT systems and there interdependencies, also will see one use case of interdependent system.
-
3
SCADA Systems
About basic network and communication of SCADA systems.
-
4
Distributed Control Systems
This chapter includes details of DCS and its basic communication architecture.
-
5
Programmable Logic Controller Based Topologies
This chapter includes details of PLC and its basic communication architecture.
-
6
Building Automation Systems
This chapter includes details of BACS and its basic communication architecture.
-
7
Physical Access Control Systems
This chapter includes details of physical access control system and its basic communication architecture.
-
8
Safety Systems
In this chapter we will learn about SIS and Safety Systems
-
9
Industrial Internet of Things
This chapter includes details of IIOT and its basic communication architecture.
-
10
OT Cybersecurity Program
To mitigate cybersecurity risk to their OT systems, organizations need to develop and deploy an OT cybersecurity program. We will learn bout program.
-
11
Establish Charter for OT Cybersecurity program
A charter for a cybersecurity program is a plain-language high-level description that establishes clear ownership and accountability for protecting the OT resources . We will learn about charter.
-
12
Benefits of OT Cybersecurity Program
What are benefits of cybersecurity program? Lets learn!
-
13
OT Cybersecurity Program Content
Learn about contents of a cybersecurity program.
-
14
Managing OT Security Risk
The risk management process and framework outlined in this section can be applied to managing safety, information security, and cyber supply chain risk. Lets learn about it.
-
15
Framing OT Risk
We will learn about framing cybersecurity risk!
-
16
Assessing Risk
We will learn about the assessing risk.
-
17
Responding to Risk
How to respond the cybersecurity incident, that we will learn in this chapter.
-
18
Monitoring Risk
-
19
Applying Risk Management Framework
In this chapter we will learn about application of risk management in the OT cybersecurity enviroment.
-
20
Prepare
Lets see what is prepare pahse!
-
21
Categorize
Now once we are prepared , lets move to categorize!!
-
22
Select
Time to select the initial set of cybersecurity controls for implementation in the OT enviroment
-
23
Implement
Time to implement the selected controls!
-
24
Assess
Now assess again what is working what is not!
-
25
Authorize
Authorisation is required for all the activities, lets learn about it!
-
26
Monitor
Continuous monitoring is required for continuous improvent in the risk management.
-
27
Defense in Depth Architecture
We will leanr about, what is defense in depth and how it can be done.
-
28
Layer-1 Security Management
We will learn about Layer 1 security requirements.
-
29
Layer-2 Physical Security
We will learn about the Layer 2 requirements for defense in depth architecture.
-
30
Layer-3 Network Security
We will learn about the Layer 3 requirements for defense in depth architecture.
-
31
Network Architecture
We will learn about the Layer 3 requirements for defense in depth architecture.
-
32
Centralized Logging
We will learn about the central logging requirements for defense in depth architecture.
-
33
Network Monitoring
We will learn about the network monitoring for defense in depth architecture.
-
34
Zero trust architecture
We will learn about the Zero trust architecture.
-
35
Layer-4 Hardware Security
We will learn about the Layer 4 requirements for defense in depth architecture.
-
36
Layer-5 Software Security
We will learn about the Layer 5 requirements for defense in depth architecture.
-
37
Additional Considerations
We will learn about the additional consideration requirements for defense in depth architecture.
-
38
Distributed Control System (DCS)-Based OT Systems
We will learn about the the transformation of DCS architecture with defense in depth principles.
-
39
DCS/PLC-Based OT with IIoT
We will learn about the the transformation of DCS /PLC architecture with defense in depth principles.
-
40
SCADA-Based OT Environments
We will learn about the the transformation of SCADA architecture with defense in depth principles.
-
41
Identify
The Identify Function provides foundational activities to effectively use the CSF. The intended outcome of the Identify Function is to develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities We will learn about it in this chapter and subsegments.
-
42
Asset Management (ID.AM)
This chapter includes the Identification of assets
-
43
Governance (ID.GV)
Effective governance involves organization leadership incorporating risk management objectives along with resiliency, privacy, and cybersecurity objectives into the strategic planning process and providing the required resources to effectively implement and sustain the cybersecurity program.
-
44
Risk Assessment (ID.RA)
We will learn about risk assessment in this chapter.
-
45
Risk Management strategy (ID.RM)
-
46
Supply Chain Risk Management (ID.SC)
It about supply chain risk management.
-
47
Protect
This chapter contains details about protect domain.
-
48
Identity Management and Access Control (PR.AC)
Identity Management and Access Control (PR.AC) identifies outcomes around establishing and managing the identification mechanisms and credentials for users, devices, and services.
-
49
Logical Access Controls (PR.AC)
We will learn about Logical access in protect segment.
-
50
Physical Access Controls (PR.AC-2)
We will learn about the physical access control requirement
-
51
Network Segmentation and Isolation (PR.AC-5)
When properly configured, network segmentation supports enforcing security policies and segmented traffic at the Ethernet layer and facilitates network isolation. Lets learn about it.
-
52
User, Device, and Asset Authentication (PR.AC-7
Will study about the user, device and asset authentication requiremnet and technical details.
-
53
Awareness and Training (PR.AT)
The Awareness and Training category provides policy and procedures for ensuring that all users are provided basic cybersecurity awareness and training.
-
54
Data Security (PR.DS)
Providing data security includes protecting the confidentiality, integrity, and availability of data-at-rest and data-in-transit, protecting assets after removal, and preventing data leaks.
-
55
Information Protection Processes and Procedures (PR.IP)
Policies, processes, and procedures should be maintained and used to manage protection of information systems and assets
-
56
Least Functionality (PR.IP1)
-
57
Configuration Change Control (Configuration Management) (PR.IP-3)
Configuration management helps ensure that systems are deployed and maintained in a secure and consistent state, allowing organizations to reduce risks from outages due to configuration issues and security breaches through improved visibility and tracking of changes to the system. Lets learn about it.
-
58
Backups (PR.IP-4)
Conducting, maintaining, and testing backups is a critical outcome for the recovery process if a cyber or reliability incident occurs.
-
59
Physical Operating Environment (PR.IP-5)
Learn about managing the physical operating environment
-
60
Response and Recovery Plans (PR.IP-9) and Response and Recovery Plan Testing
Lets learn about how organizations should develop and maintain response plans, including incident response and
business continuity.
-
61
Maintenance (PR.MA)
Maintenance tracking solutions enable an organization to schedule, track, authorize, monitor, and audit maintenance and repair activities to OT, ensuring maintenance logs or changes performed are properly documented.
-
62
Protective Technology (PR.PT)
Lets learn about technical mechanisms assist organizations with protecting the devices
-
63
Detect
The Detect function enables the timely discovery of cybersecurity events by ensuring appropriate activities are developed and implemented.
-
64
Anomalies and Events (DE.AE)
Learn and understand the different events and anomalies
-
65
Security Continuous Monitoring (DE.CM)
Continuous monitoring is quite vital, lets learn about it.
-
66
Network Monitoring (DE.CM-1
Network monitoring as continuous monitoring tool!
-
67
System Use Monitoring (DE.CM-1 and DE-CM-3)
-
68
Malicious Code Detection (DE.CM-4)
Malicious code detection solution is required for OT security, lets learn about it.
-
69
Vulnerability Scanning (DE.CM-8)
Vulnerability scanning gives us view of latest vulnerabilities and we can fill that gap!
-
70
Detection Process (DE.DP)
So over all detection is a process, lets document it!
-
71
Respond
For detected events we need a proper response plan, lets see what it is!
-
72
Response Planning (RS.RP)
When responding to events, organizations should attempt to capture details associated with executing the documented response plans.
-
73
Response Communications (RS.CO)
Need to understand response communications and respective role whom need to communicate.
-
74
Response Analysis (RS.AN)
Analyses of cybersecurity incidents are conducted to ensure effective response and recovery activities, consistent with the detection process and the response plan
-
75
Response Mitigation (RS.MI)
Response mitigation is necessary against any OT incident, lets see mitigation activties.
-
76
Response Improvements (RS.IM)
Organizational response activities are improved by incorporating lessons learned from current and previous detection and response activities
-
77
Recover
Recovery is crucial after the incident , so this essential component.
-
78
Recovery Planning/Improvements/Communication
Planning for recovery is very important for an organisation, so that in case of emergency they can execute the plan.
-
79
Segmentation-Firewall
ABout firewall and type of firewall.
-
80
Segmentation-Unidirectional Gateways
Have you heard about datadiode, lets learn!
-
81
Segmentation-VLAN
Everyone knows VLAN, so just revise it!
-
82
Segmentation-Software Defined Networking
What is software define networking? How it works?
-
83
Network Monitoring/SIEM-BAD/DLP
Anomaly detection? Data loass prevention: Lets learn!
-
84
Network Monitoring/SIEM-Deception & Digital Twin
Learn about network monitoring and deception technologies?
-
85
Data Security- Immutable storage/Hashing
Lets continue learning data security!
-
86
Data Security-Digital Signatures/Remote Access
We can use digital signatures as well for security requiremnet and validation!
