Cyber Intelligence for Critical Infrastructure

Course Description

The value of this discipline stretches across industries and impacts many companies and employees. As tens of millions of people are dependent on critical infrastructure services, it also is a prime target for an adversary. Having a thorough understanding of risks in critical infrastructure, the types of attacks that are more likely to be seen and the development and use of cyber-Intel to increase security is foundational to success. Students will gain insight into how Cyber Intel informs decisions to strengthen infrastructure security and resilience, as well as response and recovery efforts during incidents. Informed professionals protect the nation’s critical infrastructure through an integrated analytical approach evaluating the potential consequences of disruption from cyber threats and incidents and providing data on traditional kinetic attacks. Students will also gain insight into how control systems differ from information systems and how cyber intelligence informs the impact of their exploitation. This course will enable technicians and leaders to identify, mitigate and recover from internal and external cyber threats unique to the control system domain.

Learning Objectives

After completing this course, learners should:

• Understand ICS/OT security history, today’s trends, and threat landscape.
• Understand ICS/OT standards and best practices: NIST SP800-82, IEC62443, MITRE ATT&CK for ICS framework.
• Be comfortable with the Purdue model of architecture, defense in depth, and secure ICS/OT network zoning and segmentation.
• Understand the elements of an effective ICS/OT security monitoring and incident response programs.
• Understand how cyber threat intelligence improves understanding of threats to the ICS environment.
• Have exposure to useful ICS/OT security tools.

Course Outline

Understanding the Threat Environment

• Categories
• Characterizations
• Evolution
• Threats

Case Study

What Came Before

• Types of Attacks
• Frequency of Attacks
• Overview of Recent Attacks

Monitoring ICS Threats

• Cyber Threat Profile
• Threat Reporting
• Trend Data
• Vulnerabilities

Overview of ICS Attack Tools & Pathways

• Protocols
• Exploit Software, Modules and Frameworks
• Adversary: Ghost Sec
• Geopolitics: Cyber Attacks Against ICS

Modeling ICS Threats Using CTI Frameworks & Techniques

• Penetration Testing
• MITRE ATT&CK
• Examples and Profiles
• MITRE ATT&CK Exercise
• Mandiant Attack Lifecycle
• TRITON Attack Lifecycle
• Threat Model Examples
• Threat Model Exercise

Information Sharing Resource

Who Should Attend

OT operators, OT risk management practitioners, cyber threat investigators involving OT-related threats, or other staff who need a general understanding of cyber threats against critical infrastructure.

Delivery Method

In-classroom or virtual instructor-led training

Duration

• 3 days (in-person delivery)
• 4 days (virtual delivery) 
  (24 learning hours)