Cybersecurity: OT for IT professionals
It is increasingly important for organizations to be able to demonstrate that they have taken all necessary measures against cyber threats, not only in the office environment but certainly also in the process/production environment.
Many organizations in the Netherlands (and abroad) are familiar with ISO 27001 or NEN 7510 and use this standard as a guide for their security policies. IT is therefore an important part of business operations, essential to manage administrative processes and data. Meanwhile, more and more organizations recognize that in addition to the IT infrastructure, certainly the operational primary processes are vulnerable to cyber attacks and need to be protected against them. After all, failure of the technical automation means that production comes to a standstill with all its consequences.
As an IT professional, you are increasingly faced with the Operational Technology (OT) within your organization. After all, IT and OT are becoming increasingly integrated and mutually dependent. Measures implemented on the OT side can have an effect on the IT infrastructure and vice versa.
Especially for the IT professional
The (IT) security awareness is already embedded in your organizations. So is the safeguarding of IT security using ISO 27001 or NEN 7510. But what still needs to be done to also arrange the Operational Technology (OT) in a cybersecure manner? What additional steps should be taken to close the IT-OT chain?
IEC 62443 is the international cybersecurity standard for Industrial Automation and Control Systems (IACS) that enables cybersecurity measures to be addressed in a careful and structured manner.
With this two-day training the participant gains insight into the way OT cybersecurity measures are set up and implemented within their own organization. The training starts from the basis that has already been laid from ISO 27001/NEN 7510 and connects the requirements of IEC 62443 to this.
During the training you will become familiar with the differences between IT and OT, between ISO 27001/NEN 7510 and IEC 62443 and you will gain an excellent understanding of the IEC 62443 standards series. And you will learn to apply your new knowledge and skills within the practice of your own organization. This way you will make a flying start on improving cybersecurity in your own organization. Course material is in English. Training is given in Dutch and, on request, also in English.
The overview below shows the topics that will be handled during this training.
- IEC 62443 standards series
- Differences from ISO 27001/27002/NEN 7510
- Differences between IT and OT
- Relevant (European) legislation
- Know your network & assets (including demo different OT systems)
- Definition cybersecurity OT
- Concepts and models in OT cybersecurity
- Safety and cybersecurity
- The Cyber Security Management System (CSMS) according to IEC 62443-2-1
- Setting up a cybersecurity organization
- Risk assessments in OT
- Overview of IEC 62443-3-2
- Technical security measures
- Overview of IEC 62443-3-3
- Requirements for external parties
- Overview of IEC 62443-2-4
- Practical exercises zones & conduits model, maintenance CSMS
- Practical use of the IEC 62443 series of standards
- Evaluation & conclusion
Exam & Certification
To register for the IEC 62443 exam, you must have fully completed the 2-day training course ‘Cybersecurity: OT for IT Professionals’ or 3-day training course ‘IEC 62443: Cyber security for Industrial Automation & Control Systems (IACS)’ no more than 1 year prior. Successful completion of the 2-day training course will qualify you for the ‘End-users’ variant of the exam.
If you pass the exam, you will receive an exam certificate from the NEN demonstrating that you have the knowledge to create and implement an IACS cybersecurity policy in accordance with IEC 62443 and European regulations.
This certificate has a validity period of 2 years. After the expiration of the certificate you need to pass the IEC 62443 exam again within 1 year to keep your certification. If you do not pass the exam within 1 year, you will need to retake the entire 2-day or 3-day training course to retake the exam.
To refresh your knowledge of the IEC 62443 and get yourself ready for the exam, we recommend taking the ‘Refresher Training IEC 62443 Cybersecurity Professional IACS’ training course. This will ensure you have the latest information on the IEC 62443 standard and current legislation.
If you fail on the first attempt, you can make a new attempt every quarter. The condition is that you have not completed the training course more than 1 year before or that you have obtained the ‘IEC 62443 Security Professional Industrial Automation and Control Systems’ certificate less than 3 years ago.
Exams are conducted quarterly by the NEN in Delft.
Cost: € 200,- ex. VAT
You can of course register individually for the various training courses on offer. For these open registrations, the training courses are given at the NEN in Delft or at the Hudson Cybertec Academy in The Hague. NEN and the Hudson Cybertec Academy are both easily accessible by car (A13/N470 & A4) and the locations are also easily accessible by public transportation.
Does your organization prefer in-company training or does your organization need customized training, focused on the specific needs of your employees? Then Hudson Cybertec is the right place for you. Please contact us to discuss the possibilities.
Advantages of in-company training
Many companies like to train several people at once within their own environment. Therefore, this has distinct advantages:
- The training is tailored to the company-specific situations and therefore customized
- Higher training efficiency by training multiple people at once
- Only own employees are present during the training, this way sensitive information can be discussed
- During the training company specific cybersecurity situations can be discussed
- You can follow the training together with your customers or other relations. This will strengthen the bond with your customers or other relations.