Critical Infrastructure Cyber Security (SCADA)
This is a technical course, designed to use simulation tools and equipment to replicate the potential threats against Critical Infrastructure Services (CIS) utilising real life SCADA models. The course provides hands on experience with the complexity of modern information technology equipment and the components in control systems and legacy systems, the threat environment and attackers’ capabilities as well as techniques for securing these systems.
Topics covered include:
- IT architectures
- Control System architectures
- Security vulnerabilities
- Mitigation strategies
- Nature of attacks
- Defence of SCADA and Industrial Control Systems
*Note: Students should have a basic understanding of Cyber Security gained in the workplace or through the UNSW Canberra Cyber Security Boot Camp or SANS SEC401 or similar. A knowledge of basic networking principles such as OSI/ Internet stack and TCP/IP will also be helpful.
On completion of this course, participants should be able to:
- Understand and evaluate the vulnerabilities of Critical Infrastructure.
- Understand the principles behind the industrial hardware and software of control systems that are used in the operation of Critical Infrastructure.
- Examine technical specifics about the vulnerabilities of critical infrastructure service delivery with an emphasis of those services dependent on control systems reliability and recoverability.
- Develop and implement comprehensive mitigation strategies as well as effective administrative and technical risk management plans to protect and secure process control systems.
Course Day Breakdown
Critical Infrastructure (CI)
Day 1 begins with a comprehensive overview of critical infrastructure sectors. Students will gain an understanding of the current threat landscape and will be provided with real world examples of cyber attacks to study and analyse.
CI in the Economy, Phishing, SQL Injection, Cross-Site Scripting, Malware Attacks, DoS, DDoS.
This session will cover the history of control systems, where are they found and how they work. We’ll also look at the hardware used in these systems and give an overview of the types of common configurations.
Control system implementations, Industrialised hardware, Open-loop Control, Closed-loop Control.
Components of an Industrial Control System (ICS)
Day 3 starts with an overview of ICS Hardware. We’ll look at Unintelligent Field Devices, Intelligence Electronic Devices and Distributed Control Systems. Students will become familiar with the roles and limitations of various components.
Limit Switches, Sensors, Robotics, Programmable Logic Controller (PLC), Supervisory Control and Data Acquisition (SCADA), IP Addresses, Binary Coded Decimal, Pulse Width Modulation.
Cyber Security Fundamentals
This session will provide an overview of cyber threats and attacks. The various stages of cyber attacks will be covered, along with common ICS security vulnerabilities. Students will gain an understanding of cyber security in an Industrial Control System setting.
Threat Actors and Agents, Threat targets, Attack Vectors, Asymmetric Warfare, Cyber Resiliency.
Protection of CI and ICS Forensics
Day 5 consists of a Red team vs. Blue team exercise utilising actual industrial control equipment and the cyber range. Students will gain experience attacking and defending physical real-world type infrastructure scale models that includes traffic management, water supply and electrical supply systems.
Red teaming, Blue teaming, Cyber physical systems, Cyber offence, Cyber defence, SCADA.
Who Should Attend
This course is useful for IT and Engineering graduates in the Cyber Security profession managing or securing Industrial Control Systems or those in intermediate Security roles within Defence and utility security managing SCADA and other Industrial Control Systems on all types of platforms.
What You Will Receive
- Comprehensive set of course notes.
- UNSW Canberra certificate of attendance.
- Morning tea, lunch and afternoon tea.
NICE Framework Mapping
This course maps to the following NICE Framework KSAs (Knowledge, Skills & Abilities):
K0011: Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware.
K0033: Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
K0061: Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
K0070: Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
K0177: Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
K0362: Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).
K0437: Knowledge of general Supervisory control and data acquisition (SCADA) system components.
S0027: Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
A0097: Ability to monitor system operations and react to events in response to triggers and/or observation of trends or unusual activity.
A0107: Ability to think like threat actors.
What is the NICE Framework?
The National Initiative for Cybersecurity Education (NICE) Cyber Security Workforce Framework developed by the National Institute of Standards and Technology (NIST) establishes a taxonomy and common lexicon that describes cyber security work and job roles.
To find out more about the NICE Framework, go to: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework
UNSW Canberra Cyber
UNSW Canberra Cyber is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.
The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.
Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.
Contact us at email@example.com to discuss how.
Further Informationcyber@adfa.edu.au W: