WHAT IS CYBERSECURITY?
Cybersecurity is the protection of computer related systems, as well as the information and data that they hold, from malicious attacks. The discipline of cybersecurity is vast and encompasses information security, business systems cybersecurity (also referred to as IT security), industrial cybersecurity (that itself covers various sub areas such as Industrial Control Systems ( ICS) security, SCADA security and SIS security), Internet of Things (IoT) security, mobile network & device security, embedded systems security and so on. Note that OT security (Operational Technology security) is considered to encompass Industrial Cybersecurity as well as security of other systems that are used in operations, but that do not fall under the area of IT security.
In short, the security of literally anything that is connected to a computer based system, can be called as cybersecurity.
Why Cybersecurity Training is Important?
As you can see, computers are now omnipresent in all our lives. For example, you are reading this on a computer/tablet/phone that is powered by a computer. The information is itself hosted on a web server, another computer. When you commute to office via a car or other vehicle, you use computers (in the vehicle itself which may control the engine, braking system, air bags, etc) as well as external to the vehicle, such as a GPS. When you wash clothes in a washing machine, it is controlled by an embedded computer. When you withdraw cash from an ATM, you actually key in your commands to a computer in the teller machine, which then checks back with the bank's server and based on your credit balance, issues a command to the teller machine to dispense the cash.
Anything to do with the security and integrity of any of these systems, can be considered to be a part of cybersecurity. So you can see that almost everybody has to be aware of cybersecurity due to the enormous influence of various computer based systems in our daily lives.
What is Industrial Cybersecurity?
Industrial Control and Automation systems are responsible for controlling the vast majority of industrial operations like manufacturing steel, the production and refining of oil & gas, the manufacturing of pharmaceuticals, generation of electric power and so on. These systems are also present in installations like electrical distribution systems (electric grids), operation and control of water treatment plants, operation of dams that handle enormous quantities of water, effluent treatment plants and even building automation systems that control Hearing/Ventilation/Air conditioning (HVAC) in buildings. Simply put, they are prevalent everywhere. These systems are mostly based on technology that has been invented in the 1970ss to the 1980s or so and not modified much since those times (except that it now runs on newer versions of Windows and UNIX/Linux variants). They include DCS (Distributed Control Systems), PLCs (Programmable Logic Controllers) and SCADA (Supervisory Control and Data Acquisition systems).
The security of all these Industrial Control & Automation systems is called Industrial Cybersecurity.
What is ICS Security? What is SCADA Security?
ICS is short for Industrial Control Systems. These are also referred to as IACS , which is Industrial Automation and Control Systems. Security of these systems is referred to as ICS security, which implies it is the same as Industrial Cybersecurity.
SCADA is short for Supervisory Control and Data Acquisition System. These are used in industrial facilities as a higher level monitoring and control system. Typically the lower level units could be PLCs (Programmable Logic Controllers) or RTU (Remote Terminal Units). These along with other parts included wired and wireless networks can form a SCADA. Thus SCADA security can also be referred to as Industrial Cybersecurity.
What is DCS Security?
DCS is short for Distributed Control System. This name has a historical background, without going into too many details, we can say that a DCS is a system with several controllers (which may have several cards inside to interface inputs (sensors, transmitters, switches, pushbuttons, etc) and outputs ( valves, actuators, motors, drives, displays,etc), CPUs, communication cards and so on. These controllers typically can control entire plant units (such as Distillation, Filtration, etc) and are themselves networked using proprietary bus networks. Note that the sensors and actuators may also use analog (e.g.4-20 mA) or digital (e.g.FOUNDATION Fieldbus or Profibus). All of these are linked via several Operator Stations and Human Machine Interfaces (HMI panels). The cybersecurity of these systems is referred to as DCS security. As you can guess, it is the same as Industrial Cybersecurity.
What is OT Security?
OT Security is short for Operations Technology security. It is distinct from IT security which is short for Information Technology security, which covers cybersecurity of Information Technology systems (e.g. those used in banks, or online stock trading, or e-commerce). OT security refers to security of systems used in Operational areas such as manufacturing, oil and gas processing, etc. So OT security encompasses DCS Security, SCADA security, ICS security and more. We can consider OT security and Industrial Cybersecurity as being the same.
What is so different about Industrial Systems security?
One of the biggest myths present in laypersons is that a DCS, SCADA or a PLC is "just a computer controlling machinery". No, it is not. It is much more than just a computer. These systems are hardwired to thousands of sensors, transmitters, switches, actuators, valves and motors that are in turn used to control the plant (like an oil refinery for instance). Thus these systems are better classified as "cyber-physical systems". Any deviation in their working can cause a disaster. This not true for a business IT system, where for example, malfunctioning of the system cannot result in any physical damage to physical assets or harm people physically. Thus the techniques and methods that are used to protect business IT systems are completely different from those that are used to protect Industrial Systems.
Hence it is a different ball game altogether. To understand the subject you must have a good background in Industrial Systems, as well as IT security concepts. But don't worry, we have you covered. When you take the Abhisam Industrial Cybersecurity course, you will be a pro.
Safety instrumented systems and security standards
Safety Instrumented Systems are those safety critical industrial control systems that are used to either maintain the plant in a safe state or to shut it down safely in case of a problem. These systems are also known by various names such as Emergency Shutdown Systems, Safety PLCs and HIPPS (High Integrity Pressure Protection Systems). These are very critical to ensure the safety of the plant, people and the environment (as any malfunction could lead to a disaster that will almost certainly damage physical assets, cause injuries and fatalities among the people working there or in the nearby areas and could also pollute the surrounding environment. Most of these systems are built according to IEC 61508 standard. The users in the process industry also follow IEC 61511 (a related standard). Historically these standards mostly dealt with random hardware failures and systematic failures but did not consider malicious attacks. The newer versions do and this is where these systems need to be cyber secure. When you take the Abhisam Industrial Cybersecurity course, you will learn about these relevant clauses of the above standards too.
Popular Cyber Security Courses
We have the following Online Courses and E-learning courses related to Cybersecurity. Each of these courses consist of several modules that have text, animations & simulations, graphics, assessments, examples, real life case studies that help you become a professional. You can complete them from the comfort of your home or office or anywhere else. You can either take them online over the internet (Online version). On passing the associated exam, you can get qualified as a professional, earn an electronic certificate with a unique ID number and a badge issued via Credly, that can be added to your Linked In Profile or other places online such as email signatures. This displays your qualifications and competencies to your colleagues, peers, bosses and potential employers and clients.
Industrial Cybersecurity deals with the protection of Industrial Control Systems (ICS) from malicious cyber attacks. The term ICS is broad and includes DCS (Distributed Control Systems), PLC (Programmable Logic Controllers), SCADA (Supervisory Control and Data Acquistion systems), SIS (Safety Instrumented Systems), BMS (Building Management Systems) among others. This detailed self paced e-learning course covers all aspects of protecting these systems and the assets that they control (the manufacturing plants, machinery or building systems). Learners can get a Certificate of Completion, as well as an electronic badge via Credly, after completing the course and the associated exam.
This e-course has the following modules
1.Introduction to Industrial Cybersecurity
2. Overview of IACS (Industrial Automation & Control Systems)
3. Basic Concepts of Cybersecurity
4. ICS Threats, Vulnerabilities and Attacks
5. Security Standards (including IEC 62443)
6. ICS Cyber Risk Assessment
7. Case Study of an ICS Attack
8. Self Assessment Test
Get the Industrial Cybersecurity certification course now
IoT Security (Coming Soon)
The Internet of Things ( IoT) is seeing rapid adoption in a broad spectrum of industries & business sectors around the world. However, very few of them pay any attention to the security aspects of their implementation. This not only can compromise their own IoT networks, but can also become dangerous for the general internet itself. This is because attackers can seize control of these poorly secured networks and use it to conduct attacks on anything that is internet facing, not just other IoT networks.
This easy e-learning course will enable you to understand all aspects of securing your IoT networks from these attacks. This course will consist of several modules as under:
1.Introduction to IoT
2. Basic Concepts of cybersecurity
3. IoT communication protocols
4. Securing your IoT (Endpoints, networks and cloud servers)
5. Security Standards
6. Self Assessment Test
On passing the associated exam, you can earn a Certificate of Competency and an electronic badge via Credly that you can display online on places such as LinkedIn.
Industrial Cybersecurity Training Courses and Workshops By Abhisam
In addition to the above online courses, we along with our associates, also conduct traditional classroom style Training Workshops from time to time in multiple cities around the world. These are offered as public courses but can also be offered as on site training at your location. Our trainers will travel to your location and deliver these programs. They can be customized as per your needs.
1.Introduction to ICS Security training (1 day)
2. Industrial Cybersecurity Workshop ( 3 days)
Contact Us to hold the workshop at your location.
Free White Papers
The following free white papers on Cybersecurity are available on the Abhisam website and can be accessed from the links below.
1. How the Internet of Things can wreck the Internet itself
Free Videos By Abhisam
The following free videos are on topics related to cyber security and provide useful information to learn the basics.Feel free to share, like them or embed them wherever you wish.
Industrial Control Systems (ICS) Security Myths
There are several myths regarding ICS security. This video explains them.
Take part in the Abhisam Cybersecurity thrillerNow enrolled learners can take part in this exciting thriller. Watch it to learn more.
Cybersecurity Consulting from Abhisam
Abhisam does niche cybersecurity related consulting for some clients in the following areas.
- Security Vulnerability Assessment for your Safety Instrumented System
- Cyber Risk Assessment for BPCS and SIS
- IEC 62443 Gap Analysis for owner/operators
For more details contact us. We do not share any specific details of our current and past clients, so if you need references of specific clients, we regret we will not be able to do that.
Cybersecurity Posts from the Abhisam Blog
- ICS cyber security in 2020- and the road ahead in 2021 - Update (16 Oct 2020) :We have started receiving contributions/paper submissions for inclusion in this report. If you have not yet sent in your thoughts, please do so at the earliest. We will be publishing this report by end October 2020 or latest by early November 2020. A lot of exciting insights from Industry leaders and ... Read more
- ICS cyber security training becomes exciting - Now ICS cyber security training has become more exciting than ever. Abhisam has added an assignment module in the Industrial Cybersecurity training program, where enrolled learners take part in an exciting thriller. Background As you know this training program leads to industrial control systems security certifications that you must have, in today’s industrial automation world. ... Read more
- ICS Security training course gets advanced module - Abhisam is pleased to announce that the popular ICS security training course, which is available as an e-course online, will now have an advanced module that can be accessed by all current learners and GOLD members. This will have many sub modules such as concepts of Kill Chains, the MITRE ATT&CK framework for ICS, Honeypots ... Read more