SCADA SECURITY 101

Gain the most updated knowledge on how to design, assess and implement security of SCADA networks.

Student Pre-requisite

All students are required to have a technical background either in computer administration or in SCADA operations administration.

Software Requirement

None

Hardware Requirement

None

Course Outline

Introduction

  • Introduction
    • What is SCADA?
    • Introduction to Security
    • Unique Aspects of Security in SCADA Systems
  • Unique Aspects of Security in SCADA Systems
  • Network Terminology and Architecture Concepts
    • 7 Layers, WAN, LAN, IP, Routers etc.
  • SCADA Terminology and Architecture Concepts
    • EMS, DCS, HMI, FEP etc.
  • Lab . Collaborative Design of a Simple Gas Utility Network
Security and SCADA
  • Security Terminology and Architecture Concepts
    • Vulnerabilities, Segregation, Firewalls, NAC etc.
  • SCADA threats and Attack Vectors
    • Corporate to Field
    • Field to Center
    • Field to Field
    • Remote Support
    • Unauthorized Control Center Access
  • Overview of Published Vulnerabilities
  • Lab . Attack a IT-centric Server to Practice Offensive Cycle
Control Center Security
  • Control Center Elements
  • Brief Overview of Physical Security
  • Securing the Connection to the Corporate Network
  • Securing Remote Maintenance Links
  • WAN Security . Fiber, Radio, GPRS, 3G, PSTN Modems
  • LAN Security
  • Redundancy
  • Best Practice for OS Patches and Anti Virus Updates in a mission-critical environment
  • SCADA-Aware One-Way Links
  • Secure PI Deployment
  • Lab . Improving the Design of the Previous Module
    • DMZ Architecture, Logical Security, Physical Security
Field Devices Security
  • Introduction Field Devices
  • Common Control Protocols (Modbus, DNP3, IEC60870-5-101/4)
  • Protocol Vulnerabilities
  • Implementation Vulnerabilities
  • Layer 1 Considerations
  • Lab . Attack a Field Device
  • Introduction to Fides and Status Quo
Standards and Processes
  • Regulations . US and abroad
  • Relevant Standards
    • NIST, ISA, NERC CIP, etc.
  • Processes
    • Who's in charge? IT, Operations or Internal Auditing?
    • Threat Assessment
    • Education and Awareness
    • Procurement Changes
    • Secure Design
    • FAT/SAT Penetration Tests
    • Risk Assessments
  • Forensics
  • Final Exam
  • Course Summary

About Instructor

Nimrod Ben-Em is security expert specializing in SCADA security since 2005.

Mr. Ben-Em performed hundreds of penetration tests against financial, governmental, military and SCADA clients. He specializes in protocol analysis, reverse engineering of binary code, passive and active reconnaissance of computer networks and exploiting vulnerabilities uncovered in proprietary software.