OT Cyber Security Training Workshop at Toyo Engineering India at Mumbai

OT Cyber Security Training workshop in Mumbai, India

Abhisam successfully conducted an OT Cyber security Training workshop, at Toyo Engineering India’s Mumbai office. The two day workshop was attended by more than 35 senior engineering and  IT professionals from Toyo. This comprehensive event included OT/ICS cyber security,  as well as IEC 62443 training, ISO 27001 training and NIST 800-82 training.

Toyo Engineering India Private Limited (Toyo-India), an Engineering Consultancy & Contracting Company, is a perfect blend of Japanese technology and management practices with Indian expertise and ingenuity. The India office has been operational for more than 40 years and is considered a highly reputed organization for project execution involving large and complex plants in various industry domains.

 

What is OT in cyber security?

OT refers to Operational Technology. The cybersecurity problems and solutions for OT systems are different from those of IT systems. OT Systems are cyber-physical systems and include (but are not limited to) the following systems:

• • • Industrial Control Systems (ICS) including those based on DCS, PLC and similar technology
    • SCADA (Supervisory Control and Data Acquisition systems) used in applications such as Oil and Gas pipelines, or electrical grids
    • Safety Instrumented Systems (SIS) including specialized ones such as HIPPS or BMS
    • Building Automation Systems
    • Warehouse Automation Systems
    • Industrial Robots
    • Automotive Control Systems
    • Aircraft Controls
    • Ship Control Systems
    • Military systems like Missile launchers or Multiple Rocket Firing systems
    • Healthcare related systems
    • Marine Port Cranes
    • and many more

What did the OT Cyber security training consist of?

This two day OT cyber security event covered the following topics in depth, including practical exercises:

1. 1. 1. Introduction to OT cyber security including:

• • • • Various kinds of OT systems and challenges of securing OT systems
      • Differences between IT and OT  cyber security approaches
      • Threats & Vulnerabilities, Zero day vulnerabilities, Firewalls, Unidirectional Gateways related to  OT cyber security systems
      • Supply Chain cybersecurity cases

1. 1. 2. Recent and past attacks against Cyber-attacks against industrial control systems (ICS)
      3. Mapping the Attack Surface of an OT system and discovering vulnerabilities in OT system architectures.
      4. Case Study of a Cyberattack on an Industrial Automation System
      5. OT cyber security assessments challenges and security standards
      6. Concepts of IEC 62443 standards including

• • • • Different parts of IEC 62443 (published parts and drafts)
      • Foundational requirements of IEC 62443
      • Cyber Security Management System (CSMS)
      • Concept of People, Processes and Technology based controls
      • Security Levels SL1 to SL4
      • Zones and conduits
      • Risk Assessment
      • Patch Management

1. 1. 7. IEC 62443– all published parts
      8. Abhisam OT Cybersecurity Lifecycle– Top 10 controls to secure your systems
      9. OT Cybersecurity Risk Assessment studies

• • • • Risk Matrix approach
      • Calibrating the Risk Matrix
      • Building scenarios
      • Example cases

1. 1. 10. ISO 27001– Implementing Information Security Management System (ISMS) and Information Security Controls
      11. NIST 800-82 Rev 3

• • • • Key changes as compared to Rev 2
      • Understanding the intent and structure of NIST 800-82
      • Understanding Risk Management Framework
      • Implementing Defense in Depth- Practical Exercise
      • Intrusion Detection Systems (OT cyber security tools)
      • NIST Cybersecurity Framework (revised) including Governance

Why is OT Cyber security training  important?

OT Cyber security training is very important not only for asset owners such as those who own and/or operate chemical manufacturing plants, power generation plants, discrete parts manufacturing plants, oil & gas facilities, and similar installations, but also for design engineering consulting and EPC companies who design, build, install, commission, operate and maintain these facilities.

This is because OT cyber security can be implemented best if it is part of the project right from the very beginning and not added later as a bolt on solution.

 

What other OT cybersecurity courses are available?

Abhisam has both, self paced e-learning courses related to OT cybersecurity such as the Certified Industrial Cybersecurity Professional (CICP) course, as well as other courses such as Cybersecurity for Process Safety Professionals. Here is a list of currently available and soon to be available OT cybersecurity training courses.

Where can I get more information about OT Cyber Security?

You can refer to Cybersecurity | Information Training Certification for more information. Abhisam has a lot of useful information regarding Industrial Cybersecurity and OT Cyber Security including on popular topics such as the IEC 62443 Guide, NIST 800-82 and more.