Navigation

Search:

Cybersecurity Design + Implementation

Cybersecurity Design + Implementation

Participating in this 4,5 days training course will enhance the skill set of those involved to fulfill their responsibilities and undertake activities in compliance with industry recognized security standards such as the IEC 62443, to:

  • reduce the risk of a successful cyber attack
  • satisfy legal and regulatory requirements
  • meet the organisation’s system cybersecurity and business objectives.



Participants will understand:

  • The principles and concepts as provided with the international agreed standard IEC 62443
  • The concepts and principles behind international standards and guidelines that cover the area of cyber security and how and when to apply them including:
    • Security Risk Assessment (SRA) - IEC 61511-1, ISA TR84.00.09 & IEC 62443
    • Cybersecurity Management System (CSMS) – IEC 62443
    • Information Security Management System (ISMS) - ISO 27000 series
    • Overview of ICS Threats & Vulnerabilities - NIST SP 800 Series
    • Cyber Resilience Act (CRA)
    • EU Directive on Network and Information Systems (NIS2).
  • The IACS cybersecurity lifecycle and the key roles and responsibilities
  • Security risk assessment and the interface with security requirements specification
  • The IEC 62443 foundational requirements’ countermeasures & their implementation
  • High-level and low-level design requirements
  • Cybersecurity verification and validation requirements
  • The requirements for cybersecurity documents in order to demonstrate conformance.

Target Group

Functional, Process and Technical Safety Engineers, Control and Instrument Engineers and Managers, Process Engineers, Operations personnel and managers, maintenance staff, consultants, advisors and persons involved in management, engineering, operations and safety of process operations as well as persons with operational experience and who are currently involved in cybersecurity activities on their facilities from within the following process industry user groups:

  • Asset Owners / End User
  • Engineering Contractors / EPCs
  • Power and Automation system integrators
  • Service providers

Course Objectives

The objective of this course is to provide participants with a fundamental understanding of the requirements of IACS Cybersecurity design and implementation with respect to the security measures identified in IEC 62443 and to understand:

  • The role and the process of Security Risk Assessment (SRA) in gaining an understanding of the security risks and required foundational requirement security measures.
  • The relationship between Security Level (SL)-T and Cybersecurity Requirements Specification (CRS) to the design and implementation of security countermeasures that achieve the security requirements needed of the determined SL.
  • How those security measures / countermeasures should be implemented, verified and validated.
  • The importance of Cybersecurity Lifecyle Management to gain and maintain SL.

The course includes practical case studies that will be developed by candidates across the four days of the training course taking the delegate through the IEC 62443 design and implementation process. The course follows a modular structure and is typically delivered as a tutor led classroom session with case studies.

Agenda

Show all Hide all

Day 1

Introduces the background, concepts and principles to be applied to the design and implementation process, competency, compliance, security risk assessment, zone and conduit (Z&C) and security management as well as related international standards. The design and implementation is based on the identified SL and IEC 62443 foundational requirements and this will be discussed as well as the introduction to the case study

The topics covered are:

  • Cybersecurity basics and design fundamentals
  • Introduction to related Security and Functional Safety standards
  • Introduction to the IEC 62443 Security Lifecycle and management system processes
  • Key roles and responsibilities
  • Introduction to Security Risk Assessment
  • Cybersecurity Requirement Specification (CRS)

Day 2 and Day 3

Further develops on the concepts, principles and techniques carried out in day one and the case study work by taking the output from the SRA and CRS evaluates the risks based on their likelihood and consequence and prioritises them for examination in the Detailed-Level SRA. The second day also includes an explanation of what outputs comprise from the High-Level SRA. The principles and activities of the Zoning and Conduit sections of the IEC 62443 will also be explained.

The topics covered are:

  • Identification and Authentication Control (IAC) - Control access to devices and information to protect against unauthorized interrogation
  • Use Control (UC) - Control use of devices and information to protect against unauthorized operation
  • System Integrity (SI) - Ensure the integrity of data on selected channels to protect against unauthorized changes
  • Data Confidentiality (DC) - Ensure the confidentiality of data on selected channels to protect against eavesdropping
  • Restricted Data Flow (RDF) - Restrict flow of data on channels to protect against publication to unauthorized sources
  • Timely Response to Event (TRE) - Respond to violations by notifying the proper authority, needed reporting and taking timely corrective action in mission-critical or safety-critical situations
  • Resource Availability (RA) - Ensure the availability of all network resources to protect against denial-of-service attacks

Day 4

Develop on the countermeasure case study work carried out in day two taking the outputs into the high- and low-level operational technology (OT) network design bridging the gap between the CSRA and the actual implementation of the solution. Examining the detailed Z&C and network diagrams considering the relevant countermeasures for each Z&C and how they will be validated / documented to demonstrate the necessary risk reduction and IEC 62443 requirements.

The topics covered are:

  • High Level Design requirements
  • Low Level Design requirements
  • Implementation best practice
  • Review of targeted countermeasures
  • Validation and Acceptance testing
  • IEC 62443 Required Documentation for demonstrating conformance

Day 5

A three (3) hour exam existing of 2 parts.

Exam

A three (3) hour exam existing of 2 parts.

Part 1: Multiple-choice questions

Part 2: Open questions

The pass score criterion is 70% overall score covering both exam parts.

Eligibility Requirements

In accordance with the TÜV Rheinland Functional Safety and Cyber Security Training Program:

Experience:

  • A minimum of 3 years of industrial experience in a related field

(e.g. Control & Instrumentation, process engineering, IT/OT, functional safety or cyber security).

Qualifications:

  • Technical Education or Diploma (University degree) or vocational course qualification

or

  • Equivalent engineer level experience and responsibilities status as certified by employer / engineering institution om a reference letter.

CySec Specialist (TÜV Rheinland) Certificate

Successful participants, who have the requisite experience and who pass both parts of the Cybersecurity design and implementation exam, will be eligible for the prestigious CySec Specialist (TÜV Rheinland) certificate in Design & Implementation.

Holders of this certificate will be listed at the TÜV Rheinland Certipedia website.

Costs

€ 2.690 + VAT

Includes: exam and CySec Specialist (TÜV Rheinland) certificate (if requirements are fulfilled and the exam is passed), training proceedings, lunch and beverages.

€ 2.390 + VAT

Without exam and CySec Specialist (TÜV Rheinland) certificate.

Includes: training proceedings, lunch and refreshments.

Contact