SCADA SECURITY TRAINING COURSE · 2020. 2. 7. · using Modbus Force packets to toggle the plant...
Transcript of SCADA SECURITY TRAINING COURSE · 2020. 2. 7. · using Modbus Force packets to toggle the plant...
SCADA SECURITY TRAINING COURSE
Center for Professional Excellence One UTSA Circle, San Antonio, Texas 78249 Business Building 1.01.20 | 210.458.4778 | [email protected]
execed.utsa.edu
SCADA Human Machine Interface (HMI): In this scenario, the training system emulates an attack on a plant. The attacker enters the SCADA network by exploiting an outdated web server that is installed on the Human Machine Interface (HMI) computer on the SCADA network. The attack cripples the plant completely, using Modbus Force packets to toggle the plant machines such as turbines and centrifuges on and off. The plant machines are represented by fans and lights on the SCADA plate.
SCADA Field to Field: In this scenario, the system simulates an attack that originates from a remote SCADA segment, and advances directly to the local PLC, disabling the local SCADA emergency button. The outcome of the attack in this scenario is “silent” and does not raise any noticeable physical flags. Participants should conduct a full investigation on the network and the force packets to discover the attack and the specific issue with the PLC.
Scenarios
SCADA VPN: In this scenario, the attack originates from a trusted support company of the SCADA system. The system attacks the VPN server from the external network using the Heartbleed vulnerability. After revealing the credentials to the VPN, the attacker connects to the network and starts sending direct force packets to the PLC causing the plant to shut down.
$5,000 | Includes tuition, course materials (printed and online), parking at UTSA, meals and refreshments
Cost
We offer a discounted rate to support and make training accessible to not-for-profit organizations and small businesses. Group discounts for all organizations are also available, contact [email protected] for more information.
http://bit.ly/388Ujrv
Registration
Cyber Range, College of Business, Business Building (BB) 1.01.02 Main Campus, One UTSA Circle, San Antonio, TX 78249
Location
CENTER FOR PROFESSIONAL EXCELLENCE (CPE) UTSA COLLEGE OF BUSINESS
Training is held over five days from 9 a.m. to 5 p.m.
Commitment
This course is suitable for anyone who needs to understand and deal effectively with advanced SCADA issues. Participants should already have basic knowledge of cyber security.
Audience
Experience hands-on training using real-life scenarios in a live virtual environment. The Supervisory Control and Data Acquisition (SCADA) Security Training course provides advanced SCADA technical overview of the emerging trends, advanced applications, operations, management and security.
Program OverviewSCADA SECURITY TRAINING COURSE
The main activities of the course include: • Theory: Understanding concepts behind ICS and SCADA security.• Scenario-based training: Test practical skills in a virtual
environment, while experiencing attack scenarios.• Scenario debrief: Instructor will discuss the solution of the
scenario, including an analysis of participant’s results, additional insights, mitigation plans and more.
• Review & Preparation: Review of prior information and preparation for the next scenario.
Activities
Participants should have basic knowledge in:• Intrusion Detection System (IDS) Configuration • Linux Forensics• Network Forensics• SCADA Protocol Forensics• Virtual Public Network (VPN) Log Forensics• Windows Forensics• Basic cyber security concepts at a high level:
• Anti-Malware • Firewalls • IDS/IPS• Security Information and Event Management (SIEM) • Security Operations Center (SOC)
Required Knowledge
During this course, you will review the unique challenges of protecting critical infrastructures, gain familiarity with SCADA protocols and how to analyze them, investigate attacks across both IT and OT systems, and cover proper response tactics to an IT or OT attack.
UTSA Continuing Education Units (CEUs) are available for completing this workshop.
Attacking critical infrastructure control systems such as SCADA requires planning, passive monitoring, intelligence gathering, active attacks and the use of alternative access methods. Details about dozens of SCADA, Programmable Logic Controllers (PLC), Industrial Control System (ICS) vulnerabilities will be discussed in case studies with proof-of-concept exploit code.
Center for Professional Excellence One UTSA Circle, San Antonio, Texas 78249 Business Building 1.01.20 | 210.458.4778 | [email protected]
execed.utsa.edu
CENTER FOR PROFESSIONAL EXCELLENCE (CPE) UTSA COLLEGE OF BUSINESS
Training Schedule
DAY 1 DAY 2 DAY 3 DAY 4 DAY 5
9:00 a.m.Review and Preparation
Review and Preparation Review and Preparation Review and Preparation Review and Preparation
9:30 a.m.
Understanding SCADA Protocols Part 1
SCADA Malware and Attack History
SCADA Intrusion Detection
Advanced Data Forensics
10:00 a.m.
The IT/OT/IOT Challenge
10:30 a.m.
11:00 a.m.
11:30 a.m.
12:00 p.m.
12:30 - 1:30 p.m. Lunch Break
1:30 p.m.
SCADA Network Infrastructure
Understanding SCADA Protocols Part 2
Scenario 1: SCADA HMI
Scenario 2: SCADA VPN
Scenario 3: SCADA Field to Field2:00 p.m.
2:30 p.m.
3 - 3:15 p.m. Break
3:15 p.m.
Continued SCADA Network Infrastructure
Continued Understanding SCADA
Protocols Part 2
Scenario 1 Continued: SCADA HMIand Debrief
Scenario 2 Continued:SCADA VPNand Debrief
Scenario 3 Continued:
SCADA Field to Field and Debrief
3:30 p.m.
4:00 p.m.
4:30 p.m.Certificate Presentation
5:00 p.m. Summary and Feedback
DRAFT
The University of Texas at San AntonioCenter for Professional ExcellenceCollege of BusinessOne UTSA CircleSan Antonio, TX 78249
execed.utsa.edu
Contact Us
210.458.4778 [email protected]