Contact Us   |   Your Cart   |   Sign In   |   Join
Cybersecurity for Building Control Systems Workshop Series

Internet-enabled building control systems provide critical services that allow a building to meet the functional and operational needs of building occupants. However, once installed, many of these systems have minimal protections to keep hackers out. The National Institute of Building Sciences sponsors workshops to help facility professionals learn how to make their buildings more secure and reduce the risks.

From residential heating and automated entry systems to commercial facility monitoring systems of all kinds, buildings in the United States have seen a rise in the use of "smart" systems to improve their functionality in the past several years. Yet, with this increasing reliance on operational technology, very few people are aware of the potential threats from hackers and others with malicious intent. In a world where companies and individuals are increasingly at risk of having their personal data and assets compromised, it is imperative that building owners also protect their properties and building occupants from cyber threats and potential harm.

All Workshops are led by Michael Chipley of The PMC Group LLC and held in the Washington, D.C. metropolitan area. For each workshop, attendees will need a laptop with administrative privileges to load software. They will receive the course content, tools and lab exercises on a CD at the beginning of the course.

Seating for each workshop is limited to 20 students per day. Click on the workshop title for the desired dates to register.

Upcoming Workshops:

Introduction to Cybersecuring Building Control Systems Workshop
This Workshop is geared to those professionals new to the world of building cybersecurity. This workshop provides a combination of classroom learning modules to teach control system basics, protocols, how to use the information assurance risk management framework and hands-on laboratory exercises using tools and methods such as the DHS Cybersecurity Evaluation Tool (CSET) to inventory, diagram, identify, attack, defend, contain, eradicate and report a cyber event.

Date: Tuesday, October 18, 2016, 8:00 AM – 5:00 PM (ET)

Location: Chinook Systems, Inc., 1235 Clark Street, Suite 500, Arlington, Virginia

Tuition: $600

Register to attend.

 

Advanced Cybersecuring Building Control Systems Workshop
This Workshop is geared towards building and information assurance professionals who have experience in IT or control systems cybersecurity but need to learn how to apply those skills to building control systems. This workshop provides a more technical, in-depth training solution geared towards developing security professionals with the ability to approach security with an attacker mentality. This includes understanding and practicing hacker and defender techniques for footprinting, scanning and enumeration, exploitation, post exploitation, containment and eradication, and reporting. Attendees will use Kali Linux and other exploit tools to gain entrance into the control system, pivot through the network, establish beacon command and control channels, modify logs to mask presence and exfiltrate data. Attendees will then contain and eradicate the exploit and prepare artifacts, event logs and develop an incident report.

Date: Wednesday, October 19, 2016, 8:00 AM – 5:00 PM (ET)

Location: Chinook Systems, Inc., 1235 Clark Street, Suite 500, Arlington, Virginia

Tuition: $600

Register to attend.

Both the introductory and advanced workshops are built around key federal guidelines that have come out in recent years, including:

  • Executive Order 13636—Improving Critical Infrastructure Cybersecurity (Issued February 19, 2013)
  • National Institute of Standards and Technology (NIST) Cybersecurity Risk Management Framework (Issued February 12, 2014)
  • NIST Special Publication (SP) 800-82 Rev. 2 Industrial Control Systems Security Guide (Issued May 2015
  • U.S. Department of Homeland Security (DHS) Interagency Security Committee "Securing Government Assets through Combined Traditional Security and Information Technology" White Paper (Issued February 2015)

 

Cybersecuring DoD Control Systems Workshop
This Workshop is designed to support the U.S. Department of Defense (DoD) facility managers and other facilities-related personnel to better prepare against cyber threats. It is geared to help architects, engineers, contractors, owners, facility managers, maintenance engineers, physical security specialists, information assurance professionals—essentially anyone involved with implementing cybersecurity in the facility life cycle—to learn the best practice techniques to better protect DoD facilities.

Date: Thursday, October 20, 2016, 8:00 AM – 5:00 PM (ET)

Location: Chinook Systems, Inc., 1235 Clark Street, Suite 500, Arlington, Virginia

Tuition: $500

Register to attend.

 

Your Building Control Systems Have Been Hacked, Now What?
Tactics, Techniques and Procedures Workshop

This Workshop is intended for building owners, facility managers, engineering, physical security, information assurance and other professionals involved with the design, deployment and operation of building control systems. It will provide a combination of classroom learning modules and hands-on laboratory exercises to learn how to detect, contain, eradicate and recover from a cyber event. It is built around the Advanced Control System Tactics, Techniques and Procedures (TTPs) developed by the U.S. Cyber Command (USCYBERCOM). Attendees will use the Cyber Security Evaluation Tool (CSET), GrassMarlin, Glasswire and Belarc tools to create a fully mission-capable (FMC) baseline, conduct footprinting and learn how to find building control systems exposed on the internet using Google Hacking, Shodan and WhiteScope discovery tools. They will build a Recovery Jump-Kit, use it to find and eradicate the malware using tools such as MalwareBytes and the Microsoft Internals suite, and learn how to perform data collection for forensics. Lastly, attendees will evaluate the cyber severity of the incident and prepare an incident report.

Date: Tuesday, October 4, 2016, 8:00 AM – 5:00 PM (ET)

Location: Chinook Systems, Inc., 1235 Clark Street, Suite 500, Arlington, Virginia

Tuition: $300

Register to attend.

 

Date: Tuesday, December 6, 2016, 8:00 AM – 5:00 PM (ET)

Location: WESCO/CSC – Communications Supply Corporation, 602 East Diamond Avenue, Gaithersburg, Maryland

Tuition: $300

Register to attend.



 

Community Search
Latest News
Calendar

12/4/2016 » 12/8/2016
BUILDINGS XIII Conference

12/14/2016
Webinar: Get in the Game: Working Together to Advance Energy and Water Performance in Sports Venues

1/9/2017 » 1/12/2017
Building Innovation 2017 Conference & Expo

4/18/2017 » 4/20/2017
ABAA Conference & Tradeshow