12-Week Online Training for Power Grid Cyber Security Leaders and Specialists

Date: 5th September to 5th December 2023

Time: 16:00 - 17:30 CET every Tuesday

Format: Virtual

Venue: LearnWorlds Online Platform

Very Early Bird – Save up to €1,000 on Delegate places by booking before Friday 26th May 2023!

 

Group Booking Discount - 10% discount for 3+ delegates, 20% discount for 5+ delegates and 30% discount for 10+ delegates booked from the same organisation at the same time!

Module Topics

Module 1
16:30 to 17:30 CET

Tuesday 5th September 2023

Core Components of the Standard - Gaining an overview of the 62443 family of standards to provide a foundation for a risk-based approach to securing IACS in the smart grid environment
• Understanding the basic concepts and terminology laid out in IEC 62443-1-1 
• Learning the foundational requirements of IEC 62443 to understand methods for securing IACS encompassing People, Processes and Technology
• Applying IEC 62443 concepts and models to real-life grid scenarios
• Gaining insight into the activities of Working Group TC65 and the roadmap for the ongoing development of IEC 62443

Gabriel Faifman-3

Gabriel Faifman

Co-Convenor

TC65 WG10 

Module 2
16:30 to 17:30 CET

Tuesday 12th September 2023

Understanding IT and OT Requirements - Achieving visibility of OT assets and interdependencies with IT systems to understand how IEC 62443 can provide the basis for OT cybersecurity governance
• Understanding the demands of converged IT and OT architecture and IoT connectivity to apply cybersecurity principles across the grid environment
• Determining key cybersecurity objectives and setting policies in line with business and safety drivers and the evolving priorities of availability, confidentiality, and integrity 
• Applying IEC 62443 to help overcome the nuances of secure data exchange in OT environments with legacy assets and their connectivity with IT systems
• Preparing your asset register in readiness for IEC 62443 Risk Assessment

Michael Knuchel-2

Michael Knuchel

Head of SAS Engineering

Swissgrid

Module 3
16:30 to 17:30 CET

Tuesday 19th September 2023

Key Resilience Concepts - Understanding concepts of defence in depth, zones, and conduits as a basis for grid systems security
• Practically applying the principle of security zones and conduits to grid architecture based on criticality and securing communication between zones 
• Achieving layered protection based on the military concept of defence in depth by applying cybersecurity countermeasures to people, processes, and technologies
• Gaining insight into information exchange requirements to determine appropriate solutions for securing systems, zones, and conduits
• Applying operable security by developing a coherent architecture based on IEC 62443 principles
• Overcoming common vulnerabilities of IACS operating on a flat network, without segregation to mitigate external threats and avoid communication degradation 

Rishikesh Sahay

Rishikesh Sahay

Assistant Professor in Cybersecurity

Oregon Institute of Technology

Module 4
16:30 to 17:30 CET

Tuesday 26th September 2023

Applying 62443 with other Standards - Mapping IEC 62443 to ISO 27000, NIST, NERC CIP and IEC 62351 to understand the role that various standards play in the development of a cybersecurity management system
• Gaining an appreciation of the combination of the key standards needed to manage the complexity and diversity of interconnected smart grid systems
• Understanding the overlap between IEC 62443 and ISO 27000 series standards, where they can be applied to complement one another, and the organisational challenges that arise in their joint application
• Appreciating the role that each standard plays on a high general level, high energy-specific level, and detailed technical level
• Finding the appropriate balance of standards for your organisational priorities based on common requirements in the NIST cybersecurity framework 
• Developing a CSMS based on an optimal combination of IEC 62443 with other standards to ensure compliance to national and transnational cybersecurity regulations

Photo - Maarten Hoeve

Maarten Hoeve

Researcher

ENCS

Module 5
16:30 to 17:30 CET

Tuesday 3rd October 2023

Conducting 62443 risk Assessment - Applying IEC 62443 3-2 to conduct a risk assessment in support of organisational goals and regulatory compliance
• Understanding criticality and taking a balanced approach to risk, likelihood, and consequence 
• Defining boundaries of systems under consideration and integrating operational, and safety considerations when assessing IACS risk
• Conducting high level risk assessment to support the business case and rationale
• Performing detailed risk assessment in alignment with IEC 62443 3-2 
• Demonstrating compliance against organisational and regulatory requirements

Tahir Saleem-1

Tahir Saleem

Senior Specialist, OT Security

DEWA

Module 6
16:30 to 17:30 CET

Tuesday 10th October 2023

Technical Requirements for Products or Components - Gaining an appreciation of IEC 62443 4-2 vendor requirements to establish a common language with your partner ecosystem
• Learning the seven foundational requirements for each component type detailed in IEC 62443 4-2
• Evaluating security by design principles against real software applications, embedded devices, host devices, and network devices 
• Leveraging the NIST secure software development framework requirements mapped to IEC 62443 controls
• Developing a collaborative approach with vendors to set achievable technical specifications for the security level of components and simplify product selection 
• Creating security documentation for all components in your system to tangible, measurable, demonstrable compliance 

Dale Geach

Dale Geach

Head of Digitalisation, IoT and Cybersecurity

Siemens

Module 7
16:30 to 17:30 CET

Tuesday 24th October 2023

Requirements for Integrators - Leveraging IEC 62443 2-4, Technical requirements for systems to support the secure design and implementation of grid systems
• Classifying security, confidentiality, availability, integrity and safety from the beginning of a partnership with an integrator to gain oversight of systems and avoid the need to retrofit controls
• Contextualising overall system security with the likelihood and impact of threat and vulnerabilities across IT, OT, IoT and Cloud architecture
• Utilizing zones and conduits to implement security
• Effectively quantifying, communicating, and managing risk for the purposes of system design
• Providing confidence in each phase of the implementation journey with the systematic use of IEC 62443 to ensure lifecycle operability and security

Kelly stich

Kelly Stich

Chief Cyber Security Architect

SUBNET Solutions Inc.

Module 8
16:30 to 17:30 CET

Tuesday 31st October 2023

Security Lifecycle Development - Lifecycle development framework to manage patching and lifecycle demands of industrial control systems
• Using the NIST secure lifecycle development framework - Identify, detect, protect, respond, and recover as a basis for applying IEC 62443 across your systems’ lifecycle
• Leveraging IEC 62443 2-1 CSMS requirements to develop a cost-effective and secure approach to patch management and maintenance of PLCs and IACS devices and legacy operating systems
• Overcoming challenges of continuously improving from a relatively low level of maturity after IEC 62443 certification 
• Developing a continuous system monitoring capability to conduct effective forensic analysis and enhance visibility
• Using IEC 62443 4-1 secure system development to engrain security by design 
• Hardening your incident response and recovery capabilities 

Hariharan Ramachandran (NEW)

Hariharan Ramachandran

Principal Security Assurance

Ofgem

Module 9
16:30 to 17:30 CET

Tuesday 7th November 2023

Defining Security Levels - Using IEC 62443 to define security levels based on the criticality of assets mapped with threat and adversarial capability
• Assessing criticality and applying security levels to zones, conduits, and products
• Grouping assets and systems into security zones within your architecture and defining countermeasures to meet the required security level
• Mapping foundational requirements to security level requirements to inform your defence-in-depth strategy
• Aligning asset vulnerabilities to real threat and adversarial levels 
• Practically applying security levels in line with organisational risk acceptance and budgetary constraint

Deniz Tugcu-3

Deniz Tugcu

Lead OT Security Specialist

Vattenfall

Module 10
16:30 to 17:30 CET

Tuesday 14th November 2023

Setting Security Controls in Specific Grid Environments - Using IEC 62443 3-3 technical requirements and suggestions for countermeasures to apply specific security measures in key grid domains
• Evaluating existing countermeasures and selecting additional countermeasures based on criticality, cost, complexity, and effectiveness
• Conducting IEC 62443 3-3 gap analysis 
• Developing a plan to address unacceptable risk, considering the foundational requirements of use control, system integrity, data confidentiality, restricted data flow, timely response to events, and resource availability
• Learning how to apply controls in specific DSO and TSO environments within real operational, budgetary and system constraints

Siv Hilde Houmb-4

Siv Houmb

Senior Adviser

Statnett

Module 11
16:30 to 17:30 CET

Tuesday 21st November 2023

Maturity Level - Including IEC 62443 specifications in procurement documentation to ensure the maturity level of component providers and capability of integrators
• Learning the requirements throughout product development and integration to assess IEC 62443 maturity levels 
• Understanding the documentation required to demonstrate security throughout the product lifecycle, support, quality control, performance validation, and vulnerability response requirements under IEC 62443
• Combining Security Levels and Maturity Levels to define security protection ratings and effectively communicate specifications to partners in tendering documents
• Providing clarity on internal security requirements, and effectively communicating with partners to drive efficiency, support regulatory compliance, and enable security by design

Gabriel Faifman-Feb-15-2023-11-04-09-3487-AM

Gabriel Faifman

Co-Convenor

TC65 WG10

Module 12
16:30 to 17:30 CET

Tuesday 28th November 2023

Certification and Testing - Using IEC 62443 certification to provide demonstrable security for regulators and the board 
• Defining a methodology for validating the authenticity of testing and certification institutions to guarantee trust in component certification
• Overcoming supply chain visibility challenges on a sub-component level and defining mitigation where there is any uncertainty
• Collaborating with integrators to ensure demonstrable testing and certification of components and systems and developing adequate tools to document the processes
• Simplifying and accelerating the process of providing evidence of methods used to continuously ensure IACS security to regulators

Photo Christopher Robinson

Christopher Robinson

Principal Consultant

Applied Risk