Defending Critical National Infrastructure

 As the Internet of Things starts to become mainstream, the `things’ in question start to become a target for cyber attacks of many kinds. When many of those `things’ are also components of services and operations that go to make up any nation’s critical infrastructure, defending them against cyber attack becomes an issue of significant importance.

 Security professionals looking to understand more about Critical National Infrastructure information security will, therefore, be interested to know about a training course to be run for the first time, in London, in May.

Run by the SANS Institute, the course is its first offering of the popular ICS410: ICS/SCADA Security Essentials course, dedicated to equipping security professionals and control system engineers with the cybersecurity skills needed to defend Critical National Infrastructure (CNI).

The course provides an in-depth training programme tailored specifically for industrial cybersecurity professionals. The course aims to ensure those involved in supporting and defending industrial control systems are trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats. Individuals who influence the attack surface and are responsible for or support efforts to maintain a secure, safe and reliable Industrial Control System environment. The roles performed by personnel should attend.

The 5-day course will be led by SANS Instructor and ICS security expert Justin Searle. According to Searle, gaps are emerging across the skill sets of industrial control system personnel, whether it is cybersecurity skills for engineers or engineering principles for cybersecurity experts.

“In recent years, both information technology and operational technology roles have converged in industrial control system environments, so there is a greater need for a common understanding between the various groups who support or rely on these systems,” he said. “Students in ICS410 will learn the language, the underlying theory, and the basic tools for industrial control system security in settings across a wide range of industry sectors and applications.”

This intensive programme provides sessions on defending ICS servers, workstations, networks and devices against attack, complemented by a broad understanding of the attack surface, governance and resource issues around CNI.

ICS410 provides an essential level ICS defense training to help prepare for the new Global Industrial Cyber Security Professional (GICSP) certification exam. The GICSP certification focuses on the knowledge of securing critical infrastructure assets and bridges together IT, engineering and cybersecurity to achieve security for industrial control systems from design through retirement. This vendor-neutral, practitioner focused industrial control system certification is a collaborative effort between GIAC and representatives from a global industry consortium involving organisations that design, deploy, operate and/or maintain industrial automation and control system infrastructure.

The certification is increasingly required by industry leaders for employment or consulting assignments in ICS security. The GICSP bridges together IT, engineering and cybersecurity to achieve security for industrial control systems from design through retirement.

The course will be held Monday May 12^th - Friday May 16^th 2014 at the Kensington Close Hotel, London. More information and registration forms can be found here.