ISA introduces cybersecurity courses and certificate programs | Automation.com

ISA introduces cybersecurity courses and certificate programs

June 30, 2015 - Building on its global leadership in industrial cybersecurity and its commitment to help prepare a new generation of workers capable of preventing potentially catastrophic cyberattacks, the International Society of Automation (ISA) introduces its expanded suite of industrial automation and control system (IACS) cybersecurity training, including three new technical training courses with associated certificate programs.

The three new ISA industrial cybersecurity training courses include:

  • Assessing the Cybersecurity of New or Existing IACS Systems (IC33)
  • IACS Cybersecurity Design & Implementation (IC34)
  • IACS Cybersecurity Operations & Maintenance (IC37)

By combining these three new courses and aligned certificate programs with its current course offerings in IACS security—Using the ANSI/ISA-62443 Standards to Secure Your Industrial Control System (IC32); Cybersecurity for Automation, Control, and SCADA Systems (IC32E); and Introduction to Industrial Automation Security and the ANSI/ISA-62443 Standards (IC32C)—ISA is able to deliver a comprehensive set of industrial cybersecurity training solutions and address the complete “lifecycle” of cybersecurity training requirements.

ISA’s cybersecurity certificate programs are offered to those who successfully complete the requirements of ISA’s cybersecurity courses. Passage of each of the three new certificate exams bestows specialist recognition—enhanced evidence and endorsement of a cybersecurity professional’s subject-matter proficiency.

ISA already offers a first tier, introductory cybersecurity certificate exam—leading to the designation as ISA99 Cybersecurity Fundamentals Specialist—for those who complete ISA courses IC32 or IC32E. Those who complete all four core ISA cybersecurity courses (IC32, IC33, IC34 and IC37) and pass all corresponding certificate exams will achieve the designation level of ISA99 Cybersecurity Expert. However, individuals may explore the training and designation that are most appropriate based upon their current experience and job requirements.

“No organization has a more complete set of industrial cybersecurity courses and certificate programs and is better capable of providing the all-encompassing, expert training needed to develop a highly skilled and well-prepared industrial cybersecurity workforce than ISA,” declares Dalton Wilson, ISA’s Director of Education Services. “We now provide everything from a general overview of industrial automation security to detailed instruction on how to best leverage ISA’s series of industrial cybersecurity standards through a full-circle exploration of IACS assessment, design, implementation, operations and management.”

At the core of ISA’s marketplace leadership in IACS cybersecurity training is the ISA/IEC 62443 set of standards, which are proven to prevent and mitigate IACS security vulnerabilities across all key industry sectors and critical infrastructure. Reducing these vulnerabilities is critical since they can open the door to potentially devastating cyber damage to the industrial plant systems and networks used in power generation, water treatment, refineries and other vital industrial facilities.

The ever-rising volume of industrial cyberattacks combined with the increasing diversity and sophistication of cyberwarfare tactics have generated a tremendous demand for qualified industrial cybersecurity professionals. In fact, the demand for cybersecurity professionals is growing 12 times faster than the overall job market.

Outlined below are descriptions and other important information on each of the three new ISA cybersecurity courses and related certificate exams.

Assessing the Cybersecurity of New or Existing IACS Systems (IC33)
This course provides students with the information and skills needed to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the needs of the project.

Upon completion of this course, students can expect to be able to:

Identify and document to scope of the IACS under assessment

Specify, gather or generate the cybersecurity information required to perform the assessment

Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design

Organize and facilitate a cybersecurity risk assessment for an IACS

Identify and evaluate realistic threat scenarios

Identify gaps in existing policies, procedures and standards

Establish and document security zones and conduits

Prepare documentation of assessment results

Who should attend?

Control systems engineers and managers

System integrators

IT engineers and managers of industrial facilities

IT corporate/security professionals

Plant safety and risk management professionals

Note that completion of ISA's IC32 course or equivalent knowledge or work experience is a pre-requisite for registering for this course. This course is required to sit for the ISA99 Cybersecurity Risk Assessment Specialist certificate exam.

For more detail on the topics covered; classroom/laboratory exercises, course locations, date and times; and how to register; visit the IC33 course page.

IACS Cybersecurity Design & Implementation (IC34)
This course provides students with the information and skills needed to select and implement cybersecurity countermeasures for a new or existing IACS in order to achieve the target security level assigned to each IACS zone or conduit. Additionally, students will learn how to develop and execute test plans to verify that the cybersecurity of an IACS solution has properly satisfied the objectives in the cybersecurity requirements specification.

Upon completion of this course, students can expect to be able to:

Interpret the results of an IACS cybersecurity risk assessment

Develop a cybersecurity requirements specification (CRS)

Develop a conceptual design based upon information in a well-crafted CRS

Explain the security development lifecycle process and deliverables

Perform a basic firewall configuration and commissioning

Design a secure remote access solution

Develop system hardening specification

Implement a basic network intrusion detection system

Develop a Cybersecurity Acceptance test plan (CFAT/CSAT)

Perform a basic CFAT or CSAT

Who should attend?

Control systems engineers and managers

System integrators

IT engineers and managers of industrial facilities

Plant managers

Plant safety and risk management professionals

Note that completion of ISA's IC32 and IC33 courses or equivalent knowledge or work experience is a pre-requisite for registering for this course. This course is required to sit for the ISA99 Cybersecurity Design Specialist certificate exam.

For more detail on the topics covered; classroom/laboratory exercises, course locations, date and times; and how to register; visit the IC34 course page.

IACS Cybersecurity Operations & Maintenance (IC37)
This course provides students with the information and skills needed to detect and troubleshoot potential cybersecurity events and to maintain the security level of an operating system throughout its lifecycle despite the challenges of an ever-changing threat environment.

Upon completion of this course, students can expect to be able to:

Perform basic network diagnostics and troubleshooting

Interpret the results of IACS device diagnostic alarms and event logs

Develop and follow IACS backup and restoration procedure

Understand the IACS patch management lifecycle

Develop and follow an IACS patch management procedure

Develop and follow an antivirus management procedure

Define the basics of application control and whitelisting tools

Define the basics of network and host intrusion detection

Define the basics of security incident and event monitoring tools

Develop and follow an incident response plan

Develop and follow an IACS management of change procedure

Conduct a basic IACS cybersecurity audit

Who should attend?

Operations and maintenance personnel

Control systems engineers and managers

Systems integrators

IT engineers and managers of industrial facilities

Plant safety and risk management professionals

Note that completion of ISA’s TS06, TS12, TS20, IC32, IC33 and IC34 courses or equivalent knowledge or work experience is a pre-requisite for registering for this course. This course is required in order to sit for the ISA99 Cybersecurity Maintenance Specialist certificate exam.

For more detail on the topics covered; classroom/laboratory exercises; course locations, dates and times; and how to register; visit the IC37 course page.

About ISA Education & Training
ISA is recognized worldwide as a leader in non-biased, vendor-neutral education and training programs for automation professionals. Industry professionals—whether an experienced engineer, practicing technician, or newcomer to the industry—can hone their skills at ISA’s regional training centers, through onsite training programs at their company, or via distance education.

About ISA
The International Society of Automation is a nonprofit professional association that sets the standard for those who apply engineering and technology to improve the management, safety, and cybersecurity of modern automation and control systems used across industry and critical infrastructure. Founded in 1945, ISA develops widely used global standards; certifies industry professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its 36,000 members and 350,000 customers around the world.

Did you Enjoy this Article?

Check out our free e-newsletters
to read more great articles.

Subscribe Now

MORE INDUSTRY NEWS

VIEW ALL

RELATED