SCADA SECURITY TRAINING COURSE

Center for Professional Excellence One UTSA Circle, San Antonio, Texas 78249 Business Building 1.01.20 | 210.458.4778 | execed@utsa.edu

execed.utsa.edu

SCADA Human Machine Interface (HMI): In this scenario, the training system emulates an attack on a plant. The attacker enters the SCADA network by exploiting an outdated web server that is installed on the Human Machine Interface (HMI) computer on the SCADA network. The attack cripples the plant completely, using Modbus Force packets to toggle the plant machines such as turbines and centrifuges on and off. The plant machines are represented by fans and lights on the SCADA plate.

SCADA Field to Field: In this scenario, the system simulates an attack that originates from a remote SCADA segment, and advances directly to the local PLC, disabling the local SCADA emergency button. The outcome of the attack in this scenario is “silent” and does not raise any noticeable physical flags. Participants should conduct a full investigation on the network and the force packets to discover the attack and the specific issue with the PLC.

Scenarios

SCADA VPN: In this scenario, the attack originates from a trusted support company of the SCADA system. The system attacks the VPN server from the external network using the Heartbleed vulnerability. After revealing the credentials to the VPN, the attacker connects to the network and starts sending direct force packets to the PLC causing the plant to shut down.

$5,000 | Includes tuition, course materials (printed and online), parking at UTSA, meals and refreshments

Cost

We offer a discounted rate to support and make training accessible to not-for-profit organizations and small businesses. Group discounts for all organizations are also available, contact execed@utsa.edu for more information.

http://bit.ly/388Ujrv

Registration

Cyber Range, College of Business, Business Building (BB) 1.01.02 Main Campus, One UTSA Circle, San Antonio, TX 78249

Location

CENTER FOR PROFESSIONAL EXCELLENCE (CPE) UTSA COLLEGE OF BUSINESS

Training is held over five days from 9 a.m. to 5 p.m.

Commitment

This course is suitable for anyone who needs to understand and deal effectively with advanced SCADA issues. Participants should already have basic knowledge of cyber security.

Audience

Experience hands-on training using real-life scenarios in a live virtual environment. The Supervisory Control and Data Acquisition (SCADA) Security Training course provides advanced SCADA technical overview of the emerging trends, advanced applications, operations, management and security.

Program OverviewSCADA SECURITY TRAINING COURSE

The main activities of the course include: • Theory: Understanding concepts behind ICS and SCADA security.• Scenario-based training: Test practical skills in a virtual

environment, while experiencing attack scenarios.• Scenario debrief: Instructor will discuss the solution of the

scenario, including an analysis of participant’s results, additional insights, mitigation plans and more.

• Review & Preparation: Review of prior information and preparation for the next scenario.

Activities

Participants should have basic knowledge in:• Intrusion Detection System (IDS) Configuration • Linux Forensics• Network Forensics• SCADA Protocol Forensics• Virtual Public Network (VPN) Log Forensics• Windows Forensics• Basic cyber security concepts at a high level:

• Anti-Malware • Firewalls • IDS/IPS• Security Information and Event Management (SIEM) • Security Operations Center (SOC)

Required Knowledge

During this course, you will review the unique challenges of protecting critical infrastructures, gain familiarity with SCADA protocols and how to analyze them, investigate attacks across both IT and OT systems, and cover proper response tactics to an IT or OT attack.

UTSA Continuing Education Units (CEUs) are available for completing this workshop.

Attacking critical infrastructure control systems such as SCADA requires planning, passive monitoring, intelligence gathering, active attacks and the use of alternative access methods. Details about dozens of SCADA, Programmable Logic Controllers (PLC), Industrial Control System (ICS) vulnerabilities will be discussed in case studies with proof-of-concept exploit code.

Center for Professional Excellence One UTSA Circle, San Antonio, Texas 78249 Business Building 1.01.20 | 210.458.4778 | execed@utsa.edu

execed.utsa.edu

CENTER FOR PROFESSIONAL EXCELLENCE (CPE) UTSA COLLEGE OF BUSINESS

Training Schedule

DAY 1 DAY 2 DAY 3 DAY 4 DAY 5

9:00 a.m.Review and Preparation

Review and Preparation Review and Preparation Review and Preparation Review and Preparation

9:30 a.m.

Understanding SCADA Protocols Part 1

SCADA Malware and Attack History

SCADA Intrusion Detection

Advanced Data Forensics

10:00 a.m.

The IT/OT/IOT Challenge

10:30 a.m.

11:00 a.m.

11:30 a.m.

12:00 p.m.

12:30 - 1:30 p.m. Lunch Break

1:30 p.m.

SCADA Network Infrastructure

Understanding SCADA Protocols Part 2

Scenario 1: SCADA HMI

Scenario 2: SCADA VPN

Scenario 3: SCADA Field to Field2:00 p.m.

2:30 p.m.

3 - 3:15 p.m. Break

3:15 p.m.

Continued SCADA Network Infrastructure

Continued Understanding SCADA

Protocols Part 2

Scenario 1 Continued: SCADA HMIand Debrief

Scenario 2 Continued:SCADA VPNand Debrief

Scenario 3 Continued:

SCADA Field to Field and Debrief

3:30 p.m.

4:00 p.m.

4:30 p.m.Certificate Presentation

5:00 p.m. Summary and Feedback

DRAFT

The University of Texas at San AntonioCenter for Professional ExcellenceCollege of BusinessOne UTSA CircleSan Antonio, TX 78249

execed.utsa.edu

Contact Us

210.458.4778 execed@utsa.edu