12-Week Online Training for Power Grid Cyber Security Leaders and Specialists

Date: 7th March to 13th June 2023

Time: 16:00 - 17:30 CET every Tuesday

Format: Virtual

Venue: LearnWorlds Online Platform

Group Booking Discount - 10% discount for 3+ delegates, 30% discount for 5+ delegates and 50% discount for 10+ delegates booked from the same organisation at the same time!

Module 1
16:30 to 17:30 CET
Tuesday 7th March 2023

Core Components of the Standard - Gaining an overview of the 62443 family of standards to provide a foundation for a risk-based approach to securing IACS in the smart grid environment
• Understanding the basic concepts and terminology laid out in IEC 62443-1-1 
• Learning the foundational requirements of IEC 62443 to understand methods for securing IACS encompassing People, Processes and Technology
• Applying IEC 62443 concepts and models to real-life grid scenarios
• Gaining insight into the activities of Working Group TC65 and the roadmap for the ongoing development of IEC 62443

Gabriel Faifman

Co-Convenor

TC65 WG10 

Module 2
16:30 to 17:30 CET
Tuesday 14th March 2023

Understanding IT and OT Requirements - Achieving visibility of OT assets and interdependencies with IT systems to understand how IEC 62443 can provide the basis for OT cybersecurity governance
• Understanding the demands of converged IT and OT architecture and IoT connectivity to apply cybersecurity principles across the grid environment
• Determining key cybersecurity objectives and setting policies in line with business and safety drivers and the evolving priorities of availability, confidentiality, and integrity 
• Applying IEC 62443 to help overcome the nuances of secure data exchange in OT environments with legacy assets and their connectivity with IT systems
• Preparing your asset register in readiness for IEC 62443 Risk Assessment

Michael Knuchel

Head of SAS Engineering

Swissgrid

Module 3
16:30 to 17:30 CET
Tuesday 28th March 2023

Key Resilience Concepts - Understanding concepts of defence in depth, zones, and conduits as a basis for grid systems security
• Practically applying the principle of security zones and conduits to grid architecture based on criticality and securing communication between zones 
• Achieving layered protection based on the military concept of defence in depth by applying cybersecurity countermeasures to people, processes, and technologies
• Gaining insight into information exchange requirements to determine appropriate solutions for securing systems, zones, and conduits
• Applying operable security by developing a coherent architecture based on IEC 62443 principles
• Overcoming common vulnerabilities of IACS operating on a flat network, without segregation to mitigate external threats and avoid communication degradation 

Rishikesh Sahay

Senior OT Security Engineer

Ørsted

Module 4
16:30 to 17:30 CET
Tuesday 4th April 2023

Applying 62443 with other Standards - Mapping IEC 62443 to ISO 27000, NIST, NERC CIP and IEC 62351 to understand the role that various standards play in the development of a cybersecurity management system
• Gaining an appreciation of the combination of the key standards needed to manage the complexity and diversity of interconnected smart grid systems
• Understanding the overlap between IEC 62443 and ISO 27000 series standards, where they can be applied to complement one another, and the organisational challenges that arise in their joint application
• Appreciating the role that each standard plays on a high general level, high energy-specific level, and detailed technical level
• Finding the appropriate balance of standards for your organisational priorities based on common requirements in the NIST cybersecurity framework 
• Developing a CSMS based on an optimal combination of IEC 62443 with other standards to ensure compliance to national and transnational cybersecurity regulations

Maarten Hoeve

Researcher

ENCS

Module 5
16:30 to 17:30 CET
Tuesday 11th April 2023

Conducting 62443 risk Assessment - Applying IEC 62443 3-2 to conduct a risk assessment in support of organisational goals and regulatory compliance
• Understanding criticality and taking a balanced approach to risk, likelihood, and consequence 
• Defining boundaries of systems under consideration and integrating operational, and safety considerations when assessing IACS risk
• Conducting high level risk assessment to support the business case and rationale
• Performing detailed risk assessment in alignment with IEC 62443 3-2 
• Demonstrating compliance against organisational and regulatory requirements

Tahir Saleem

Senior Specialist, OT Security

DEWA

Module 6
16:30 to 17:30 CET
Tuesday 18th April 2023

Technical Requirements for Products or Components - Gaining an appreciation of IEC 62443 4-2 vendor requirements to establish a common language with your partner ecosystem
• Learning the seven foundational requirements for each component type detailed in IEC 62443 4-2
• Evaluating security by design principles against real software applications, embedded devices, host devices, and network devices 
• Leveraging the NIST secure software development framework requirements mapped to IEC 62443 controls
• Developing a collaborative approach with vendors to set achievable technical specifications for the security level of components and simplify product selection 
• Creating security documentation for all components in your system to tangible, measurable, demonstrable compliance 

Dale Geach

Head of Digitalisation, IoT and Cybersecurity

Siemens

Module 7
16:30 to 17:30 CET
Tuesday 25th April 2023

Requirements for Integrators - Leveraging IEC 62443 2-4, Technical requirements for systems to support the secure design and implementation of grid systems
• Classifying security, confidentiality, availability, integrity and safety from the beginning of a partnership with an integrator to gain oversight of systems and avoid the need to retrofit controls
• Contextualising overall system security with the likelihood and impact of threat and vulnerabilities across IT, OT, IoT and Cloud architecture
• Utilizing zones and conduits to implement security
• Effectively quantifying, communicating, and managing risk for the purposes of system design
• Providing confidence in each phase of the implementation journey with the systematic use of IEC 62443 to ensure lifecycle operability and security

Andrew West

Regional Technical Director

SUBNET

Module 8
16:30 to 17:30 CET
Tuesday 2nd May 2023

Security Lifecycle Development - Lifecycle development framework to manage patching and lifecycle demands of industrial control systems
• Using the NIST secure lifecycle development framework - Identify, detect, protect, respond, and recover as a basis for applying IEC 62443 across your systems’ lifecycle
• Leveraging IEC 62443 2-1 CSMS requirements to develop a cost-effective and secure approach to patch management and maintenance of PLCs and IACS devices and legacy operating systems
• Overcoming challenges of continuously improving from a relatively low level of maturity after IEC 62443 certification 
• Developing a continuous system monitoring capability to conduct effective forensic analysis and enhance visibility
• Using IEC 62443 4-1 secure system development to engrain security by design 
• Hardening your incident response and recovery capabilities 

Hariharan Ramachandran

Principal Security Assurance

Ofgem

Module 9
16:30 to 17:30 CET
Tuesday 9th May 2023

Defining Security Levels - Using IEC 62443 to define security levels based on the criticality of assets mapped with threat and adversarial capability
• Assessing criticality and applying security levels to zones, conduits, and products
• Grouping assets and systems into security zones within your architecture and defining countermeasures to meet the required security level
• Mapping foundational requirements to security level requirements to inform your defence-in-depth strategy
• Aligning asset vulnerabilities to real threat and adversarial levels 
• Practically applying security levels in line with organisational risk acceptance and budgetary constraint

Deniz Tugcu

Lead OT Security Specialist

Vattenfall

Module 10
16:30 to 17:30 CET
Tuesday 23rd May 2023

Setting Security Controls in Specific Grid Environments - Using IEC 62443 3-3 technical requirements and suggestions for countermeasures to apply specific security measures in key grid domains
• Evaluating existing countermeasures and selecting additional countermeasures based on criticality, cost, complexity, and effectiveness
• Conducting IEC 62443 3-3 gap analysis 
• Developing a plan to address unacceptable risk, considering the foundational requirements of use control, system integrity, data confidentiality, restricted data flow, timely response to events, and resource availability
• Learning how to apply controls in specific DSO and TSO environments within real operational, budgetary and system constraints

Siv Houmb

Senior Adviser

Statnett

Module 11
16:30 to 17:30 CET
Module 11: Tuesday 30th May 2023

Maturity Level - Including IEC 62443 specifications in procurement documentation to ensure the maturity level of component providers and capability of integrators
• Learning the requirements throughout product development and integration to assess IEC 62443 maturity levels 
• Understanding the documentation required to demonstrate security throughout the product lifecycle, support, quality control, performance validation, and vulnerability response requirements under IEC 62443
• Combining Security Levels and Maturity Levels to define security protection ratings and effectively communicate specifications to partners in tendering documents
• Providing clarity on internal security requirements, and effectively communicating with partners to drive efficiency, support regulatory compliance, and enable security by design

Module 12
16:30 to 17:30 CET
Tuesday 6th June 2023

Certification and Testing - Using IEC 62443 certification to provide demonstrable security for regulators and the board 
• Defining a methodology for validating the authenticity of testing and certification institutions to guarantee trust in component certification
• Overcoming supply chain visibility challenges on a sub-component level and defining mitigation where there is any uncertainty
• Collaborating with integrators to ensure demonstrable testing and certification of components and systems and developing adequate tools to document the processes
• Simplifying and accelerating the process of providing evidence of methods used to continuously ensure IACS security to regulators

Christopher Robinson

Principal Consultant

Applied Risk