Module 1 16:30 to 17:30 CET Tuesday 7th March 2023 |
Core Components of the Standard - Gaining an overview of the 62443 family of standards to provide a foundation for a risk-based approach to securing IACS in the smart grid environment • Understanding the basic concepts and terminology laid out in IEC 62443-1-1 • Learning the foundational requirements of IEC 62443 to understand methods for securing IACS encompassing People, Processes and Technology • Applying IEC 62443 concepts and models to real-life grid scenarios • Gaining insight into the activities of Working Group TC65 and the roadmap for the ongoing development of IEC 62443  Gabriel Faifman
Co-Convenor
TC65 WG10 |
Module 2 16:30 to 17:30 CET Tuesday 14th March 2023 |
Understanding IT and OT Requirements - Achieving visibility of OT assets and interdependencies with IT systems to understand how IEC 62443 can provide the basis for OT cybersecurity governance • Understanding the demands of converged IT and OT architecture and IoT connectivity to apply cybersecurity principles across the grid environment • Determining key cybersecurity objectives and setting policies in line with business and safety drivers and the evolving priorities of availability, confidentiality, and integrity • Applying IEC 62443 to help overcome the nuances of secure data exchange in OT environments with legacy assets and their connectivity with IT systems • Preparing your asset register in readiness for IEC 62443 Risk Assessment  Michael Knuchel
Head of SAS Engineering
Swissgrid |
Module 3 16:30 to 17:30 CET Tuesday 28th March 2023 |
Key Resilience Concepts - Understanding concepts of defence in depth, zones, and conduits as a basis for grid systems security • Practically applying the principle of security zones and conduits to grid architecture based on criticality and securing communication between zones • Achieving layered protection based on the military concept of defence in depth by applying cybersecurity countermeasures to people, processes, and technologies • Gaining insight into information exchange requirements to determine appropriate solutions for securing systems, zones, and conduits • Applying operable security by developing a coherent architecture based on IEC 62443 principles • Overcoming common vulnerabilities of IACS operating on a flat network, without segregation to mitigate external threats and avoid communication degradation  Rishikesh Sahay
Senior OT Security Engineer
Ørsted |
Module 4 16:30 to 17:30 CET Tuesday 4th April 2023 |
Applying 62443 with other Standards - Mapping IEC 62443 to ISO 27000, NIST, NERC CIP and IEC 62351 to understand the role that various standards play in the development of a cybersecurity management system • Gaining an appreciation of the combination of the key standards needed to manage the complexity and diversity of interconnected smart grid systems • Understanding the overlap between IEC 62443 and ISO 27000 series standards, where they can be applied to complement one another, and the organisational challenges that arise in their joint application • Appreciating the role that each standard plays on a high general level, high energy-specific level, and detailed technical level • Finding the appropriate balance of standards for your organisational priorities based on common requirements in the NIST cybersecurity framework • Developing a CSMS based on an optimal combination of IEC 62443 with other standards to ensure compliance to national and transnational cybersecurity regulations  Maarten Hoeve
Researcher
ENCS |
Module 5 16:30 to 17:30 CET Tuesday 11th April 2023 |
Conducting 62443 risk Assessment - Applying IEC 62443 3-2 to conduct a risk assessment in support of organisational goals and regulatory compliance • Understanding criticality and taking a balanced approach to risk, likelihood, and consequence • Defining boundaries of systems under consideration and integrating operational, and safety considerations when assessing IACS risk • Conducting high level risk assessment to support the business case and rationale • Performing detailed risk assessment in alignment with IEC 62443 3-2 • Demonstrating compliance against organisational and regulatory requirements  Tahir Saleem
Senior Specialist, OT Security
DEWA |
Module 6 16:30 to 17:30 CET Tuesday 18th April 2023 |
Technical Requirements for Products or Components - Gaining an appreciation of IEC 62443 4-2 vendor requirements to establish a common language with your partner ecosystem • Learning the seven foundational requirements for each component type detailed in IEC 62443 4-2 • Evaluating security by design principles against real software applications, embedded devices, host devices, and network devices • Leveraging the NIST secure software development framework requirements mapped to IEC 62443 controls • Developing a collaborative approach with vendors to set achievable technical specifications for the security level of components and simplify product selection • Creating security documentation for all components in your system to tangible, measurable, demonstrable compliance  Dale Geach
Head of Digitalisation, IoT and Cybersecurity
Siemens |
Module 7 16:30 to 17:30 CET Tuesday 25th April 2023 |
Requirements for Integrators - Leveraging IEC 62443 2-4, Technical requirements for systems to support the secure design and implementation of grid systems • Classifying security, confidentiality, availability, integrity and safety from the beginning of a partnership with an integrator to gain oversight of systems and avoid the need to retrofit controls • Contextualising overall system security with the likelihood and impact of threat and vulnerabilities across IT, OT, IoT and Cloud architecture • Utilizing zones and conduits to implement security • Effectively quantifying, communicating, and managing risk for the purposes of system design • Providing confidence in each phase of the implementation journey with the systematic use of IEC 62443 to ensure lifecycle operability and security  Andrew West
Regional Technical Director
SUBNET |
Module 8 16:30 to 17:30 CET Tuesday 2nd May 2023 |
Security Lifecycle Development - Lifecycle development framework to manage patching and lifecycle demands of industrial control systems • Using the NIST secure lifecycle development framework - Identify, detect, protect, respond, and recover as a basis for applying IEC 62443 across your systems’ lifecycle • Leveraging IEC 62443 2-1 CSMS requirements to develop a cost-effective and secure approach to patch management and maintenance of PLCs and IACS devices and legacy operating systems • Overcoming challenges of continuously improving from a relatively low level of maturity after IEC 62443 certification • Developing a continuous system monitoring capability to conduct effective forensic analysis and enhance visibility • Using IEC 62443 4-1 secure system development to engrain security by design • Hardening your incident response and recovery capabilities .png) Hariharan Ramachandran
Principal Security Assurance
Ofgem |
Module 9 16:30 to 17:30 CET Tuesday 9th May 2023 |
Defining Security Levels - Using IEC 62443 to define security levels based on the criticality of assets mapped with threat and adversarial capability • Assessing criticality and applying security levels to zones, conduits, and products • Grouping assets and systems into security zones within your architecture and defining countermeasures to meet the required security level • Mapping foundational requirements to security level requirements to inform your defence-in-depth strategy • Aligning asset vulnerabilities to real threat and adversarial levels • Practically applying security levels in line with organisational risk acceptance and budgetary constraint  Deniz Tugcu
Lead OT Security Specialist
Vattenfall |
Module 10 16:30 to 17:30 CET Tuesday 23rd May 2023 |
Setting Security Controls in Specific Grid Environments - Using IEC 62443 3-3 technical requirements and suggestions for countermeasures to apply specific security measures in key grid domains • Evaluating existing countermeasures and selecting additional countermeasures based on criticality, cost, complexity, and effectiveness • Conducting IEC 62443 3-3 gap analysis • Developing a plan to address unacceptable risk, considering the foundational requirements of use control, system integrity, data confidentiality, restricted data flow, timely response to events, and resource availability • Learning how to apply controls in specific DSO and TSO environments within real operational, budgetary and system constraints  Siv Houmb
Senior Adviser
Statnett |
Module 11 16:30 to 17:30 CET Module 11: Tuesday 30th May 2023 |
Maturity Level - Including IEC 62443 specifications in procurement documentation to ensure the maturity level of component providers and capability of integrators • Learning the requirements throughout product development and integration to assess IEC 62443 maturity levels • Understanding the documentation required to demonstrate security throughout the product lifecycle, support, quality control, performance validation, and vulnerability response requirements under IEC 62443 • Combining Security Levels and Maturity Levels to define security protection ratings and effectively communicate specifications to partners in tendering documents • Providing clarity on internal security requirements, and effectively communicating with partners to drive efficiency, support regulatory compliance, and enable security by design |
Module 12 16:30 to 17:30 CET Tuesday 6th June 2023 |
Certification and Testing - Using IEC 62443 certification to provide demonstrable security for regulators and the board • Defining a methodology for validating the authenticity of testing and certification institutions to guarantee trust in component certification • Overcoming supply chain visibility challenges on a sub-component level and defining mitigation where there is any uncertainty • Collaborating with integrators to ensure demonstrable testing and certification of components and systems and developing adequate tools to document the processes • Simplifying and accelerating the process of providing evidence of methods used to continuously ensure IACS security to regulators  Christopher Robinson
Principal Consultant
Applied Risk |