Cybersecurity| Information Training and Certification
What is Cybersecurity? What is Industrial Cybersecurity?
How can I know more about Industrial Cybersecurity?
How can I get certified as an ICS Security Professional?
WHAT IS CYBERSECURITY?
Cybersecurity is the protection of computer related systems, as well as the information and data that they hold, from malicious attacks. The discipline of cybersecurity is vast and encompasses information security, business systems cybersecurity (also referred to as IT security), industrial cybersecurity (that itself covers various sub areas such as Industrial Control Systems ( ICS) security, SCADA security and SIS security), Internet of Things (IoT) security, mobile network & device security, embedded systems security and so on.
Note that OT security (Operational Technology security) is considered to encompass Industrial Cybersecurity as well as security of other systems that are used in operations, but that do not fall under the area of IT security.
In short, the security of literally anything that is connected to a computer based system, can be called as cybersecurity.
Abhisam has a popular online training course on Industrial Cybersecurity.
Why Cybersecurity Training is Important?
As you can see, computers are now omnipresent in all our lives. For example, you are reading this on a computer/tablet/phone that is powered by a computer. The information is itself hosted on a web server, another computer.
When you commute to office via a car, or other vehicle, you use computers (in the vehicle itself which may control the engine, braking system, air bags, etc) as well as external to the vehicle, such as a GPS. When you wash clothes in a washing machine, it is controlled by an embedded computer.
When you withdraw cash from an ATM, you actually key in your commands to a computer in the teller machine, which then checks back with the bank’s server and based on your credit balance, issues a command to the teller machine to dispense the cash.
Anything to do with the security and integrity of any of these systems, can be considered to be a part of cybersecurity. So you can see that almost everybody has to be aware of cybersecurity due to the enormous influence of various computer based systems in our daily lives.
What is Industrial Cybersecurity?
Industrial Control and Automation systems are responsible for controlling the vast majority of industrial operations like manufacturing steel, the production and refining of oil & gas, the manufacturing of pharmaceuticals, generation of electric power and so on. These systems are also present in installations like electrical distribution systems (electric grids), operation and control of water treatment plants, operation of dams that handle enormous quantities of water, effluent treatment plants and even building automation systems that control Hearing/Ventilation/Air conditioning (HVAC) in buildings. Simply put, they are prevalent everywhere.
These systems are mostly based on technology that has been invented in the 1970ss to the 1980s or so and not modified much since those times (except that it now runs on newer versions of Windows and UNIX/Linux variants). They include DCS (Distributed Control Systems), PLCs (Programmable Logic Controllers) and SCADA (Supervisory Control and Data Acquisition systems).
The security of all these Industrial Control & Automation systems is called Industrial Cybersecurity.
What is ICS Security? What is SCADA Security?
ICS is short for Industrial Control Systems. These are also referred to as IACS , which is Industrial Automation and Control Systems. Security of these systems is referred to as ICS security, which implies it is the same as Industrial Cybersecurity.
SCADA is short for Supervisory Control and Data Acquisition System. These are used in industrial facilities as a higher level monitoring and control system. Typically the lower level units could be PLCs (Programmable Logic Controllers) or RTU (Remote Terminal Units). These along with other parts included wired and wireless networks can form a SCADA. Thus SCADA security can also be referred to as Industrial Cybersecurity.
What is DCS Security?
DCS is short for Distributed Control System. This name has a historical background, without going into too many details, we can say that a DCS is a system with several controllers (which may have several cards inside to interface inputs (sensors, transmitters, switches, push buttons, etc) and outputs ( valves, actuators, motors, drives, displays,etc), CPUs, communication cards and so on.
These controllers typically can control entire plant units (such as Distillation, Filtration, etc) and are themselves networked using proprietary bus networks. Note that the sensors and actuators may also use analog (e.g.4-20 mA) or digital (e.g.FOUNDATION Fieldbus or Profibus). All of these are linked via several Operator Stations and Human Machine Interfaces (HMI panels). The cybersecurity of these systems is referred to as DCS security. As you can guess, it is the same as Industrial Cybersecurity.
What is OT Security?
OT Security is short for Operations Technology security. It is distinct from IT security which is short for Information Technology security, which covers cybersecurity of Information Technology systems (e.g. those used in banks, or online stock trading, or e-commerce). OT security refers to security of systems used in Operational areas such as manufacturing, oil and gas processing, etc. So OT security encompasses DCS Security, SCADA security, ICS security and more. We can consider OT security and Industrial Cybersecurity as being the same.
What is so different about Industrial Systems security?
One of the biggest myths present in laypersons is that a DCS, SCADA or a PLC is “just a computer controlling machinery”. No, it is not. It is much more than just a computer. These systems are hardwired to thousands of sensors, transmitters, switches, actuators, valves and motors that are in turn used to control the plant (like an oil refinery for instance). Thus these systems are better classified as “cyber-physical systems”. Any deviation in their working can cause a disaster. This not true for a business IT system, where for example, malfunctioning of the system cannot result in any physical damage to physical assets or harm people physically.
Thus the techniques and methods that are used to protect business IT systems are completely different from those that are used to protect Industrial Systems.
Hence it is a different ball game altogether. To understand the subject you must have a good background in Industrial Systems, as well as IT security concepts.
But don’t worry, we have you covered. When you take the Abhisam Industrial Cybersecurity course, you will be a pro.
To understand more about why is Industrial Cyber Security different from conventional IT cyber security, please read this free Abhisam Whitepaper on Industrial Cyber security myths.
To know more about the latest Industrial Cyber Security threats and vulnerabilities, please see here.
Safety instrumented systems and security standards
Safety Instrumented Systems are those safety critical industrial control systems that are used to either maintain the plant in a safe state or to shut it down safely in case of a problem. These systems are also known by various names such as Emergency Shutdown Systems, Safety PLCs and HIPPS (High Integrity Pressure Protection Systems). These are very critical to ensure the safety of the plant, people and the environment (as any malfunction could lead to a disaster that will almost certainly damage physical assets, cause injuries and fatalities among the people working there or in the nearby areas and could also pollute the surrounding environment. Most of these systems are built according to IEC 61508 standard. The users in the process industry also follow IEC 61511 (a related standard). Historically these standards mostly dealt with random hardware failures and systematic failures but did not consider malicious attacks. The newer versions do and this is where these systems need to be cyber secure. When you take the Abhisam Industrial Cybersecurity course, you will learn about these relevant clauses of the above standards too.
Popular Cyber Security Courses
We have the following Online Courses and E-learning courses related to Cybersecurity. Each of these courses consist of several modules that have text, animations & simulations, graphics, assessments, examples, real life case studies that help you become a professional. You can complete them from the comfort of your home or office or anywhere else. You can either take them online over the internet (Online version). On passing the associated exam, you can get qualified as a professional, earn an electronic certificate with a unique ID number and a badge issued via Badgr, that can be added to your Linked In Profile or other places online such as email signatures. This displays your qualifications and competencies to your colleagues, peers, bosses and potential employers and clients.
Industrial Cybersecurity deals with the protection of Industrial Control Systems (ICS) from malicious cyber attacks. The term ICS is broad and includes DCS (Distributed Control Systems), PLC (Programmable Logic Controllers), SCADA (Supervisory Control and Data Acquistion systems), SIS (Safety Instrumented Systems), BMS (Building Management Systems) among others. This detailed self paced e-learning course covers all aspects of protecting these systems and the assets that they control (the manufacturing plants, machinery or building systems). Learners can get a Certificate of Completion, as well as an electronic badge via Credly, after completing the course and the associated exam.
This e-course has the following modules
1.Introduction to Industrial Cybersecurity
2. Overview of IACS (Industrial Automation & Control Systems)
3. Basic Concepts of Cybersecurity
4. ICS Threats, Vulnerabilities and Attacks
5. Security Standards (including IEC 62443)
6. ICS Cyber Risk Assessment
7. Case Study of an ICS Attack
8. Self Assessment Test
Get the Industrial Cybersecurity certification course now
IoT Security (Coming Soon)
The Internet of Things ( IoT) is seeing rapid adoption in a broad spectrum of industries & business sectors around the world. However, very few of them pay any attention to the security aspects of their implementation. This not only can compromise their own IoT networks, but can also become dangerous for the general internet itself. This is because attackers can seize control of these poorly secured networks and use it to conduct attacks on anything that is internet facing, not just other IoT networks.
This easy e-learning course will enable you to understand all aspects of securing your IoT networks from these attacks. This course will consist of several modules as under:
1.Introduction to IoT
2. Basic Concepts of cybersecurity
3. IoT communication protocols
4. Securing your IoT (Endpoints, networks and cloud servers)
5. Security Standards
6. Self Assessment Test
On passing the associated exam, you can earn a Certificate of Competency and an electronic badge that you can display online on places such as LinkedIn.
Cybersecurity Blog Posts
Here are the latest cyber security posts from the Abhisam blog, which you may find interesting.
- Cybersecurity in Oil and Gas
- Industrial Cybersecurity Trends- What to expect in 2021 and beyond?
- Get the Abhisam Industrial Cybersecurity Report 2020 here.
- ICS Cybersecurity training becomes exciting-participate in an Industrial Cybersecurity Red Team Blue Team exercise and win!
- Abhisam ICS Cybersecurity training gets Advanced Modules.
- Supply chain attacks in ICS Security