Print this page Print this page

Improving Industrial Control Systems Security

Anthony K. Ho, P.E.


Course Outline

This 4-hour PDH course reviews the recommended practice and “defense-in-depth” strategies provided by the U.S. Department of Homeland Security.  It offers insight into some of the more prominent cyber risk issues and presents them in the context of industrial control systems.  It provides commentary on how mitigations strategies can be developed for specific problems and provides direction on how to create a defense-in-depth security program for control system environments.

This course includes a multiple-choice quiz at the end, which is designed to enhance the understanding of the course materials.

Learning Objective

The goal of this course is to provide guidance regarding cyber mitigation strategies and how to apply them specifically to an industrial control systems environment.

At the conclusion of this course, the student will acquire the following specific knowledge and skills:

Intended Audience

This course is intended for control systems, process, automation, and industrial engineers.

Benefit for Attendee

Attendee of this course will be able to gain a better understanding on the security challenges that today’s industrial control systems are facing and develop countermeasures for such threats.  Attendee can adopt the guidance for developing “defense-in-depth” strategies for organizations that use control system networks while maintaining multitier information architectures.

Course Introduction

Information infrastructures across many public and private domains share several common attributes regarding information technology (IT) deployments and data communications. This is particularly true in the industrial control systems domain where an increasing number of organizations are using modern networking to enhance productivity and reduce costs by increasing the integration of external, business, and control system networks.  However, these integration strategies often lead to vulnerabilities that greatly reduce the cybersecurity posture of an organization and can expose mission-critical industrial control systems to cyber threats.

Course Content

The course content is contained in the following PDF file:

Improving Industrial Control Systems Security

Please click on the above underlined hypertext to view, download or print the document for your study. Because of the large file size, we recommend that you first save the file to your computer by right clicking the mouse and choosing "Save Target As ...", and then open the file in Adobe Acrobat Reader. If you still experience any difficulty in downloading or opening this file, you may need to close some applications or reboot your computer to free up some memory.

Course Summary

Industrial control systems are an integral part of critical infrastructure, helping facilitate operations in vital sectors such as electricity, oil and gas, water, transportation, and chemical.  A growing issue with cybersecurity and its impact on industrial control systems have highlighted some fundamental risks to critical infrastructures.  To address cybersecurity issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required.  A holistic approach, one that uses specific countermeasures to create an aggregated security posture, can help defend against cybersecurity threats and vulnerabilities that affect an industrial control system.  This approach, often referred to as “defense-in-depth,” can be applied to industrial control systems and can provide for a flexible and useable framework for improving cybersecurity defenses.

Concerns in regard to cybersecurity and control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to other networks.  These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain.  Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability can preclude using contemporary cybersecurity solutions.  An industrial control system’s connectivity to a corporate, vendor, or peer network can exacerbate this problem.

Related Links

For additional technical information related to this subject, please visit the following websites or web pages:

Department of Homeland Security: Cyber Security Procurement Language for Control Systems
Critical Infrastructure and Control Systems Security Curriculum  
Defense in Depth: A practical strategy for achieving Information Assurance in today’s highly networked environments.

Quiz

Once you finish studying the above course content, you need to take a quiz to obtain the PDH credits.

Take a Quiz


DISCLAIMER: The materials contained in the online course are not intended as a representation or warranty on the part of PDH Center or any other person/organization named herein. The materials are for general information only. They are not a substitute for competent professional advice. Application of this information to a specific project should be reviewed by a registered architect and/or professional engineer/surveyor. Anyone making use of the information set forth herein does so at their own risk and assumes any and all resulting liability arising therefrom.