Transcription

Kaspersky ICS m

Table of Contents1IntroOur Trainers and PartnersKaspersky Industrial Cybersecurity Training Program – At a GlanceTesting and Certification2For Engineers and Other Technical PersonnelIndustrial Cybersecurity Awareness Training3For IT/OT ProfessionalsIndustrial Cybersecurity Awareness Training4For ExecutivesIndustrial Cybersecurity Awareness Executive Training5For IT/OT Security ProfessionalsAdvanced Industrial Cybersecurity in Practice6Digital Forensics and Incident Response in ICS7IoT Vulnerability Research and Exploitation8Industrial Cyber-Safety Games9Further Training for All LevelsIndustrial cybersecurity technical workshops and tech talksCurrent ICS workshops and technical talks10Capture the Flag with Kaspersky ICS CERTWhy a Capture the Flag (CTF) Competition at your CompanyWhat is an ICS CTFWhat does a CTF achieve11Our PartnersAbiroyFraunhofer IOSBAcademy of Information Systems (AIS)12Become a Trainer – Train the TrainerAbout KasperskyAbout Kaspersky Industrial CyberSecurityAbout the Kaspersky ICS CERT TeamContact Information

IntroKaspersky offers Industrial Cybersecurity Awareness Courses based on the latest research and analysisconducted by the entire company.Our ICS training program was developed specifically to enable - information technology (IT), operationaltechnology (OT) and information security (IS) professionals, as well as executives and other staff, toenhance their knowledge of industrial cybersecurity.Our Trainers andPartners ICS expertsHighly motivatedProvide in-depth knowledgeFlexibleOffer customizationKaspersky Industrial CybersecurityTraining Program – At a Glance Changes behavior – stimulates individual employees’ commitment toworking safely and responsibly; builds a corporate environment whereeveryone believes that “I care about cybersecurity because everyone does– it’s part of the job”. Combines a motivational approach; gamification, different learningtechniques, simulated attacks based on real-life industrial situations with indepth, interactive cybersecurity skills training. Grows your organizational expertise. Training courses enable organizationsto improve their cybersecurity knowledge pool in five main areas: Basic knowledge of Industrial Control System (ICS) cybersecurity ICS penetration testing ICS digital forensics Secure Internet of Things Expert workshops and tech talks You can request to have our training programs provided on a one-time basis orat regular intervals. Details of exact topics to be covered during each sessioncan be discussed and adapted for your organization's specific needs.Testing and CertificationWe provide evaluations and certificates for all of our programs. At the endof each training program we conduct a 'Lessons Learned' session. We alsoadminister knowledge tests to provide actionable feedback for everyone: thestudents, the trainers and the customer's management.Our careful analysis of course results ensures that your organization can becertain that your staff members internalized the course materials. We alsoinclude course surveys , which provide feedback to both the customer and thetrainers, ensuring that everyone understands the overall impact of the course.This allows you to evaluate the training success and provides our trainers withinformation to continue improving of our courses.01Kaspersky Industrial Cybersecurity Training Program

For Engineers and Other Technical PersonnelIndustrial Cybersecurity AwarenessTrainingHelps your non-IT/OT specialists to increase their awareness of the currentindustrial cybersecurity issues by learning about IT/OT differences andsimilarities, general cyber security basics and industrial cybersecurity specifics.Course Contents Differences between IT & OT and IT/OT convergence, discovering the OTarchitecture Information security basics: attacks, vulnerabilities, exploits &malware, threats, exposures, APTs (kill chain) Attacker profiles for IT & OT Third party trust relationships Roles & responsibilities Security policies & procedures CountermeasuresTakeaways Information security basics: attack, attacker profiles, threats, vulnerabilities, etc. How to recognize cyber security incidents, malware and social engineeringattacks Cybersecurity rules and measures & recommendations for daily workDuration1 day02Kaspersky Industrial Cybersecurity Training Program

For IT/OT ProfessionalsIndustrial Cybersecurity AwarenessTrainingRaises awareness for your IT/OT specialists of current industrial cybersecuritytrends; both attacks and protection techniques. Your staff members will learnto identify the main types of ICS vulnerabilities, clarify the key differencesbetween typical ICS and pure IT malware, and understand how the on-goingevolution of the Internet of Things can impact ICS security.Course Contents Discovering the OT architecture Network basics: the architecture and topology of IT and OT, IT and OTcomponents, IT & OT protocols, differences between IT & OT and IT/OTconvergence How the evolution of the Industrial Internet of Things (IIoT) can affectICS security Attacker profiles for IT & OT Information security basics: attacks, vulnerabilities, exploits & malware,threats, exposures, APTs (kill chain) Third party trust relationships Roles & responsibilities Security policies CountermeasuresTakeaways Network basics: typical topology, components, protocols, design practices Information security basics: attack vectors, attacker profiles, threats,vulnerabilities, etc. Malware attacks APT (Advanced Persistent Threat) social engineering Countermeasures: segmentation, firewalling, access control for devices, users,services, etc. Hardening measures & recommendationsDuration1 day03Kaspersky Industrial Cybersecurity Training Program

For ExecutivesIndustrial Cybersecurity AwarenessTraining for Executives and ManagersHelps executives and managers developtheir awareness of current industrialcybersecurity issues and recent incidents, identify the main types of ICSvulnerabilities, clarify the key differences between typical ICS and pure ITnetworks, and understand how the evolution of the Internet of Things canimpact ICS security.Course Contents Takeaways After completing the course, the participantswill know about: Information security essentials: attack, attacker profiles, threats,vulnerabilities, etc. Countermeasures: segmentation, firewalling, access control for devices,users, services, etc. Malware attacks APT (Advanced Persistent Threat) social engineering Hardening measures & recommendationsDuration3 hours04Kaspersky Industrial Cybersecurity Training ProgramAwareness about current cybersecurity issues in industrial control systemsClarify key differences between typical ICS and pure IT etworksAwareness about the possible attacks on SCADA systemsUnderstanding the principles of network protectionRecognition of social engineeringProviding recommendations on the implementation of Defense in DepthOrganizing an efficient cybersecurity departmentHandling security incidents properly and in a timely mannerDetailed investigation of real SCADA cybersecurity incidentsHow the evolution of the Industrial Internet of Things (IIoT) can affectICS security

For IT/OT Security ProfessionalsAdvanced Industrial Cybersecurityin PracticeRaises awareness for your IT/OT specialists of current industrial cybersecuritytrends; both attacks and protection techniques. Your staff members will learnto identify the main types of ICS vulnerabilities, clarify the key differencesbetween typical ICS and pure IT malware, and understand how the on-goingevolution of the Internet of Things can impact ICS security.Course Contents Overview of the current threat landscape, security issues, human factors,ICS network attacks Network security in IT and ICS environments – special considerations Case study demonstrating the use of prevention, detection and mitigationtechniques Compliance with industrial standards and legislation Network topologies and how network security technologies work Cybersecurity roles and team structures Common security mistakesTakeaways Understanding current industrial cyber threats and how to combatcybersecurity incidents targeting your industry or organization Recognizing and identifying security incidents Performing simple investigations Drawing up and implementing an effective incident response plan This course includes highly customized elements and can be adapted to runfor 1 or 2 days, as preferred Leads to certificationDuration2 days05Kaspersky Industrial Cybersecurity Training Program

For IT/OT Security ProfessionalsDigital Forensics and IncidentResponse in ICSEnables IT/OT security professionals to conduct successful forensicinvestigations in industrial environments and to provide expert analysis andrecommendations.Course Contents Introduction to ICS components, architectures and deployment in industriesincluding electric power generation & distribution, oil & gas, transportation Recognizing and working with the challenges and constraints of ICS Digital forensics techniques as applied to ICS environments Creating an ICS digital forensics plan Manual forensic data acquisition and preservation – working with RTOS andICS protocols Artifact analysis and anomaly verification Reporting Practical labsTakeaways DurationStandard course – 5 daysСourse with in-depth practice – 10 days06Kaspersky Industrial Cybersecurity Training ProgramConducting successful forensic investigations in ICS environmentsCreating an effective digital forensics plan for ICSCollecting physical and digital evidence and dealing with it appropriatelyApplying the tools and instruments of digital forensics to SCADA and PLCFinding traces of an intrusion based on the artifacts uncoveredReconstructing incidents and using time stampsProviding expert reporting and actionable recommendations.Leads to certification

For IT/OT Security ProfessionalsIoT Vulnerability Research andExploitationRaises awareness for your IT/OT specialists of current industrial cybersecuritytrends; both attacks and protection techniques. Your staff members will learnto identify the main types of ICS vulnerabilities, clarify the key differencesbetween typical ICS and pure IT malware, and understand how the on-goingevolution of the Internet of Things can impact ICS security.Course Contents Overview of the current threat landscape, security issues, human factors,ICS network attacks Network security in IT and ICS environments – special considerations Case study demonstrating the use of prevention, detection and mitigationtechniques Compliance with industrial standards and legislation Network topologies and how network security technologies work Cybersecurity roles and team structures Common security mistakesTakeaways Understanding current industrial cyber threats and how to combatcybersecurity incidents targeting your industry or organization Recognizing and identifying security incidents Performing simple investigations Drawing up and implementing an effective incident response plan This course includes highly customized elements and can be adapted to runfor 1 or 2 days, as preferred Leads to certificationDuration3 days07Kaspersky Industrial Cybersecurity Training Program

Industrial Cyber-Safety GamesOn-site and online interactive training modules and cyber-safety gamesconducted at all levels of technical expertise. These games are alwaysmodified for the appropriates levels of technical expertise ranging fromexecutives and management to IT/OT personnel, to any employees whointeract with industrial automation systems – on production lines, in thecontrol room or in the back office.Course ContentsTakeaways Fun, engaging and fastTeam-work builds cooperationCompetition fosters initiative & analysis skillsThe gameplay develops the understanding of cybersecurity measures Cyberattacks hurt revenues and need to be addressed at the topmanagement level Cooperation between IT and Business people is essential for cybersecurity An effective security budget is much smaller than the revenue you risk losingand does not amount to millions People adjust to specific security controls and their importance (audittraining, antivirus, etc.)Duration2 hours08Kaspersky Industrial Cybersecurity Training Program

Further Training for All LevelsIndustrial cybersecurity technicalworkshops and tech talksThese sessions are provided by KasperskyCERT experts and can be conducted as asingle course or as separate webinars.They include: Industrial and IIoT cybersecurity insights and case studies Real-world examples, explaining vulnerabilities identified by Kaspersky experts Introduction to vulnerability research conceptsCurrent ICS workshopsand technical talksDetailed descriptions are available onrequest (talks and workshops are from20 minutes to 2-3 hours long). 09IoT the Hard Way: Introduction to IoT Security and Hands-On ExercisesReal-world binary exploitationSandbox Redemption: escaping process isolationSecurity analysis into the Linux kernelThe cyberthreat landscape – generalICS cyberthreat landscapeAdvanced persistent threatsAttack attribution – analyzing ‘artifacts’Reverse engineering binary applications (basics) – Win32, Win64, dotNET,ELF32, ELF64, AndroidCreating YARA rulesCreating SNORT/Suricata rulesForensics in WindowsAdvanced reverse engineering: fighting packers, obfuscation and antidebuggingThreat modeling for Internet of Things solutionsSecurity capabilities supporting the safety of the Internet of Things systemsSecurity maturity. How to focus on vital security enhancement practicesThe architecture of trust and trustworthinessCritical infrastructure protection – governance around the worldCritical infrastructure protection and reliability standards for electric utilitiesICS Forensic WorkshopICS Incident Response case studyUnusual effects of usual malware in ICS networksRATs in ICS attacks - direct and indirect usageKaspersky Industrial Cybersecurity Training Program

Capture the Flag with Kaspersky ICS CERTWhy a Capture the Flag (CTF)Competition at your CompanyCTFs are an integral part of our ICS training portfolio. We organize CTFs basedon your company needs and provide the materials and staff. CTFs can beconducted as a jeopardy game, simulated attack/defense scenarios or a mix ofthe two.The Kaspersky ICS CERT experts begin by conducting an on-site meeting toagree on the format of the CTF and other general aspects of the event. Duringthe meeting, Kaspersky experts will provide a brief overview of potential CTFscenarios and will help define the goals for your company. We will developan initial outline and budget based on this preliminary meeting. To achieve asuccessful outcome, the Customer will need to involve management, sponsorsand specialists with the relevant roles and expertise, such as IT, InformationSecurity, HR, PR, etc. as appropriate.What is an ICS CTFThe winner is usually the team or individualscoring the most points at the end ofthe game. As in many sporting events,prizes are commonly awarded for first,second and third places. In the interest ofcontest integrity and respect for the gameplatform, CTF ground rules are shared withparticipants prior to the event. Violation ofthese rules may result in restrictions or evenelimination from the competition.An ICS capture the flag (CTF) contest is a competition for people with aninterest or existing skills in ICS cybersecurity. The CTF is organized in theform of a contest, in which the participants solve general cyber security andspecifically ICS security problems and thus win flags. They must either capture(attack/bring down) or defend computer systems in a CTF environment.Typically, these competitions are team-based and attract a diverse rangeof participants, including students, IT/OT professionals and even amateurcybersecurity enthusiasts. A CTF competition can be conducted for variouslevels of expertise and can last from a few hours to several days.What does a CTF achieveThere are many reasons for organizing a CTF contest, including generalawareness and education of an industrial enterprise’s management andtechnical staff about cyberthreats before the company experiences themfirst-hand.The attack-defense scenario can be used both to train OT specialists inresponding to cyberattacks and to test the IT/OT security staff’s skills innear-real-world attack scenarios.A CTF offers a good chance to introduce security specialists to modern attackvectors, kill chains, as well as defensive tactics and technologies used bydifferent cyber security expert teams from around the world.Another objective of a CTF could be to test ICS equipment and systemconfigurations already used at an enterprise’s facilities or being consideredfor installation / upgrade. This is also a good chance to test ICS securityproducts and solutions already used at the enterprise or those which are beingconsidered for installation on its IT and OT networks.More information is available on request.10Kaspersky Industrial Cybersecurity Training Program

Our PartnersThe ICS CERT team at Kaspersky collaborates with researchers andeducators to conduct awareness and in-depth training about industrialcybersecurity.Today there is a significant shortage of qualified ICS IT/OT securityprofessionals, making it very important to make quality training availablefor professional development in this field.We at the Kaspersky ICS CERT team and our partners develop new andinteractive training materials for IT/OT managers and non-technical staffthat leverage the knowledge and technical expertise of both the ICS CERTexperts and our partners.Abiroy has been implementingturn-key projects in recruitment,training and full board projectmanagement since 1998.Established on January 1, 2010,the Fraunhofer Institute ofOptronics, System Technologies,and Image Exploitation IOSBgrew to become Europe s largestresearch institute in the fieldof image acquisition, processingand analysis.Our key areas of business are: Management skills development Technical training Health, safety & environmentOur projects secure your investment in business development, equipment andtechnology through competent personnel training.IOSB s other areas of activity are control and automation technology, andinformation and knowledge management. Three core competencies ofOptronics, System Technologies and Image Exploitation give the institute itsdistinctive profile.Fraunhofer IOSB’s IT security lab for industrial automation provides an ideal testenvironment to simulate real-world scenarios and analyze the effects. To thisend, the IT security lab includes a specific smart factory with genuine automationcomponents controlling a simulated production plant. All the network levels ofa factory environment, including their typical components such as IndustrialEthernet, industrial firewalls and wireless components, are in place.Our main areas of study: Information Technology Information Security Enterprise Security Business Management Personal developmentThe Academy of InformationSystems (AIS) is a center forcontinuing vocational educationlicensed by the MoscowDepartment of Education.During its existence, the AIS has trained more than 20 thousand professionals.We work with major companies and public institutions in Russia such as theBank of Russia, the Federal Treasury, the Federal Tax Service, the State PensionFund, JSC Russian Railways, JSC Gasprom, JSC Sberbank, JSC Rostelecom,JSC Rostec Corporation and many others.AIS was founded in 1996 as anon-governmental educationalinstitution, providing trainingand professional retraining ofspecialists with a postgraduatedegree.We offer original courses, developed by AIS trainers, methodologists and ourpartners, as authorized courses from leading Russian and international vendorsin the IT and Information Sec