From residential heating and automated entry systems to commercial facility monitoring systems of all kinds, buildings in the United States have seen a rise in the use of "smart" systems to improve their functionality in the past several years. Yet, with this increasing reliance on operational technology, very few people are aware of the potential threats from hackers and others with malicious intent. In a world where companies and individuals are increasingly at risk of having their personal data and assets compromised, it is imperative that building owners also protect their properties and building occupants from cyber threats and potential harm.
The Introduction to Cybersecuring Building Control Systems Workshop, the Advanced Cybersecuring Building Control Systems Workshop and the Cybersecuring DoD Control Systems Workshop are geared to help architects, engineers, contractors, owners, facility managers, maintenance engineers, physical security specialists, information assurance professionals—essentially anyone involved with implementing cybersecurity in the facility life cycle—to learn the best practice techniques to better protect their facilities.
Both the introductory and advanced workshops are built around key federal guidelines that have come out in recent years, including:
- Executive Order 13636—Improving Critical Infrastructure Cybersecurity (Issued February 19, 2013)
- National Institute of Standards and Technology (NIST) Cybersecurity Risk Management Framework (Issued February 12, 2014)
- NIST Special Publication (SP) 800-82 Rev. 2 Industrial Control Systems Security Guide (Issued May 2015
- U.S. Department of Homeland Security (DHS) Interagency Security Committee "Securing Government Assets through Combined Traditional Security and Information Technology" White Paper (Issued February 2015)
The Introduction to Cybersecuring Building Control Systems Workshop is geared to those professionals new to the world of building cybersecurity. This workshop provides a combination of classroom learning modules to teach control system basics, protocols, how to use the information assurance risk management framework and hands-on laboratory exercises using tools and methods such as the DHS Cybersecurity Evaluation Tool (CSET) to inventory, diagram, identify, attack, defend, contain, eradicate and report a cyber event.
The Advanced Cybersecuring Building Control Systems Workshop is geared towards building and information assurance professionals who have experience in IT or control systems cybersecurity but need to learn how to apply those skills to building control systems. This workshop provides a more technical, in-depth training solution geared towards developing security professionals with the ability to approach security with an attacker mentality. This includes understanding and practicing hacker and defender techniques for footprinting, scanning and enumeration, exploitation, post exploitation, containment and eradication, and reporting. Attendees will use Kali Linux and other exploit tools to gain entrance into the control system, pivot through the network, establish beacon command and control channels, modify logs to mask presence and exfiltrate data. Attendees will then contain and eradicate the exploit and prepare artifacts, event logs and develop an incident report.
The Cybersecuring DoD Control Systems Workshop is designed to support the U.S. Department of Defense (DoD) facility managers and other facilities-related personnel to better prepare against cyber threats. It is geared to help architects, engineers, contractors, owners, facility managers, maintenance engineers, physical security specialists, information assurance professionals—essentially anyone involved with implementing cybersecurity in the facility life cycle—to learn the best practice techniques to better protect DoD facilities.
Presenter: Michael Chipley, The PMC Group LLC
(All workshops are held from 8:00 am until 5:00 pm)
For each workshop, attendees will need a laptop with administrative privileges to load software. They will receive the course content, tools and lab exercises on a CD at the beginning of the course.
Seating for each workshop is limited to 20 students per day. Click on the workshop title for the desired dates to register.
For an expanded description, including an agenda for each workshop, select the specific date for which you would like to register.