Connectivity has become an integral part of industrial processes but it can also leave them more exposed to cyberthreats that can have wide-ranging physical impact. The cybersecurity of Industrial control systems (ICS) needs to catch up. To help organizations address this challenge, Kaspersky Lab ICS CERT, and the Fraunhofer Institute of Optronics, Systems Technologies and Image Exploitation (IOSB), have introduced a new training program designed to raise ICS cybersecurity awareness and skills: Advanced Industrial Cybersecurity in Practice. The courses are aimed both at IT security specialists responsible for industrial cyber protection and ICS engineers who need to consider cybersecurity in their work.
In an industrial organization, ICS cybersecurity may not always get the same level of attention as protection for corporate infrastructure. There are several reasons for this: sometimes the ICS operational technology (OT) relies on legacy systems that are difficult to patch or update, or it has been built without the expectation that it would ever be exposed to hackers. An organization may also lack relevant expertise in delivering OT cybersecurity, even if it employs specialists who understand corporate cybersecurity.
Meanwhile, ICS is increasingly exposed to different kinds of cyberthreats. In the first half of 2018, Kaspersky Lab registered attack attempts on more than 40% of ICS computers protected by the company — a 4.59% increase compared to H1 2017, and there is nothing to suggest this figure will decline in the future. At the same time, operational technology is at risk of advanced threat actors targeting industrial infrastructures. Threats like Triton, Industroyer/Crashoverride, the Energetic Bear/Crouching Yeti APT, Shamoon, BlackEnergy and others, are constantly evolving in order to penetrate ICS-equipped facilities for the purpose of cyberespionage, sabotage and intellectual property theft.
Tailored cybersecurity measures can protect organizations from both ICS-specific and generic attacks. The new training from Kaspersky Lab ICS CERT and Fraunhofer IOSB will deliver expert advice on how to combat these dangers. Through a series of interactive modules, hands-on exercises, attack examples and simulations, participants will learn the difference between IT and OT and their protection, how an attack can be launched and what defensive measures can be implemented, as well as which standards apply to ICS cybersecurity.
“IT security specialists may not have sufficient knowledge of the OT in industrial organizations, while OT engineers may lack expertise in protecting critical infrastructure from emerging threats,” says Evgeny Goncharov, Head of Industrial Control Systems, Cyber Emergency Response Team at Kaspersky Lab. “That’s why we are sharing our knowledge with OT engineers, IT specialists and IT security staff, giving them a comprehensive picture of the state of industrial cybersecurity and helping them to develop a skillset and awareness for dealing with ICS cybersecurity challenges.”
Christian Haas, Head of Fraunhofer IOSB's Cybersecurity Training Lab, agreed: “Industrial control systems are at the heart of manufacturing processes, energy providers, utility companies, and more. If something goes wrong with any of these systems, there can be harsh consequences for businesses, but also for the people that rely on industry everyday – for example for their gas, electricity, or water supplies. That’s why it’s vital that these systems are secure from threats. And with ICS being increasingly connected to wider networks and the online world, that security needs to provide protection against cyberthreats. We hope that through this partnership, our training sessions will help organizations to mitigate the risk factors.”
The new Kaspersky Lab ICS CERT and Fraunhofer IOSB training courses launch today (26 September 2018) with the first two-day session taking place in Ingolstadt, Germany, giving participants:
- An overview of the current threat landscape, security issues, human factors and ICS attacks
- An understanding of cybersecurity in IT and ICS environments, the differences between IT and OT and how to bridge the gaps between them
- An understanding of how to apply prevention, detection and mitigation techniques
- An understanding of network topologies and the workings of network security technologies
- An overview of cybersecurity roles and team structures, as well as common security mistakes
The training is likely to be of particular interest to IT specialists, cybersecurity practitioners and OT engineers. It can also be tailored and conducted for individual organizations according to their requirements.
The next training session will also take place in Ingolstadt, on 4-5 December. To learn more about upcoming training sessions and to book a place, please contact ICS-CERT-EDU@kaspersky.com
 According to ‘Threat Landscape for Industrial Automation Systems in H1 2018’ report