Cyber Intelligence for Critical Infrastructure
Instructor-led training course
Please contact us if you have any questions.
Course Description
The value of this discipline stretches across industries and impacts many companies and employees. As tens of millions of people are dependent on critical infrastructure services, it also is a prime target for an adversary. Having a thorough understanding of risks in critical infrastructure, the types of attacks that are more likely to be seen and the development and use of cyber-Intel to increase security is foundational to success. Students will gain insight into how Cyber Intel informs decisions to strengthen infrastructure security and resilience, as well as response and recovery efforts during incidents. Informed professionals protect the nation’s critical infrastructure through an integrated analytical approach evaluating the potential consequences of disruption from cyber threats and incidents and providing data on traditional kinetic attacks. Students will also gain insight into how control systems differ from information systems and how cyber intelligence informs the impact of their exploitation. This course will enable technicians and leaders to identify, mitigate and recover from internal and external cyber threats unique to the control system domain.
Learning Objectives
After completing this course, learners should:
- Understand ICS/OT security history, today’s trends, and threat landscape.
- Understand ICS/OT standards and best practices: NIST SP800-82, IEC62443, MITRE ATT&CK for ICS framework.
- Be comfortable with the Purdue model of architecture, defense in depth, and secure ICS/OT network zoning and segmentation.
- Understand the elements of an effective ICS/OT security monitoring and incident response programs.
- Understand how cyber threat intelligence improves understanding of threats to the ICS environment.
- Have exposure to useful ICS/OT security tools.
Course Outline
Understanding the Threat Environment
- Categories
- Characterizations
- Evolution
- Threats
Case Study
What Came Before
- Types of Attacks
- Frequency of Attacks
- Overview of Recent Attacks
Monitoring ICS Threats
- Cyber Threat Profile
- Threat Reporting
- Trend Data
- Vulnerabilities
Overview of ICS Attack Tools & Pathways
- Protocols
- Exploit Software, Modules and Frameworks
- Adversary: Ghost Sec
- Geopolitics: Cyber Attacks Against ICS
Modeling ICS Threats Using CTI Frameworks & Techniques
- Penetration Testing
- MITRE ATT&CK
- Examples and Profiles
- MITRE ATT&CK Exercise
- Mandiant Attack Lifecycle
- TRITON Attack Lifecycle
- Threat Model Examples
- Threat Model Exercise
Information Sharing Resource
Who Should Attend
OT operators, OT risk management practitioners, cyber threat investigators involving OT-related threats, or other staff who need a general understanding of cyber threats against critical infrastructure.
Delivery Method
In-classroom or virtual instructor-led training
Duration
- 3 days (in-person delivery)
- 4 days (virtual delivery)
(24 learning hours)