ISA/IEC 62443 Cybersecurity Training - System Integrators
Empowering you to make educated choices about implementing security based on the ISA/IEC 62443 family of standards
The use of commercial off-the-shelf (COTS) technologies, the increase in networking, the move to using ethernet and transmission control protocol/internet protocol (TCP/IP), as well as the increased use of web technologies in supervisory control and data acquisition (SCADA) and process control networks has exposed industrial automation and control systems (IACS) to similar vulnerabilities as information systems.
This course provides a detailed look at how solution and service providers and system integrators can use the ISA/IEC 62443 standards framework to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for distributed control systems (DCS), programmable logic controllers (PLCs), safety instrumented systems (SIS) or SCADA for plant floor environments.
The system integrator has a key role in the supply chain and the security of an IACS solution. This course addresses solution providers acting as integrators and ongoing support of industrial automated control systems and how they interact with asset owner/operators as part of the overall supply chain throughout the owner/operator’s lifecycle.
This three-day training course is heavily focused on the ISA/IEC 62443 standard. The ISA/IEC 62443 series of standards was developed to secure industrial automation and control systems (IACS) throughout their lifecycle. It includes several standards, technical reports (TR) and technical specifications (TS). During an interactive training for system integrators, we will empower you to make educated choices about the implementation of security based on the ISA/IEC 62443 family of standards, considering security issues related to control and automation systems. This training has a core focus on those three IEC 62443 sub-standards most relevant to IACS system integrators:
- 2-4: Security program requirements for IACS service providers
- 3-2: Security risk assessment for system design
- 3-3: System security requirements and security levels
- Introduction to ISA/IEC 62443
- Understanding the framework of ISA/IEC 62443
- Overview of the automation cybersecurity lifecycle
- Industry 4.0 trends and challenges
- Cyber-attacks in IACS – vulnerabilities and consequences
- IACS concept, principal roles and architecture
- Recommended requirements for IACS solution, service and system integrators
- Security levels and maturity levels
- Defense in depth
- Zero Trust
- Security for IoT devices
- Security supply chain
- Cybersecurity risk assessment
- Developing zones and conduits
- Cybersecurity requirement specification (CSRS)
- Designing secure systems
- Security level determination and verification
- Detailed design considerations and operations requirements
- Vulnerabilities and countermeasures
- Challenges during IACS patch and update management
- Security design embracing ISA/IEC 62443 architecture
- Specification of security requirements
- Secure by design
- Secure implementation
- Security verification and validation testing
- Management of security-related issues
- Security guidelines
Upon successful completion of this training, you will be able to:
- Determine the right level of security for products and systems.
- Update and maintain the system to the level of security required.
- Gain IT and industrial cybersecurity knowledge in recognizing security problems as required by modern IACS.
- Increase your security awareness by communicating existing threats and current attack vectors.
- Demonstrate that services, systems and products are developed and integrated in accordance with security needs.
- Establish security by design for your systems and products by understanding relevant security methods, security systems and standards.
- Manage supply chain complexity.
- Build trust across your supply network.
- Understand and help to minimize the risk of integrating IT and operational technology (OT) infrastructure.
- Meet customer demands regarding requirements from specific industries.
- Enhance brand protection.
- Control operations in terms of cybersecurity resilience.
- Take care of the product and system security due diligence.
- Demonstrate your security compliance to a wide range of target markets and customers.
- Differentiate products/systems based on security against competitive products/systems.
- Gain a competitive advantage and enhance your market position.
- Make your components’ security transparent and accessible to system integrators and end users.
- Embed security into development processes.
- Instill cybersecurity rigor into your processes.
- Use a tailored, risk-based way of assessing security.
- Demonstrate validation of security to customers.