Contact Us   |   Your Cart   |   Sign In   |   Join
Advanced Cybersecuring Building Control Systems Workshop (May)
Tell a Friend About This EventTell a Friend
 

The Advanced Cybersecuring Building Control Systems Workshop is geared towards building and information assurance professionals who have experience in IT or control systems cybersecurity but need to learn how to apply those skills to building control systems. This Workshop will provide a technical, in-depth training solution geared towards developing security professionals with the ability to approach security with an attacker mentality.

5/29/2015
When: Friday, May 29, 2015
8:00 AM - 5:00 PM
Where: Parsons Centreville Office
5875 Trinity Pkwy.
Suite 300
Centreville, Virginia  20120
United States
Presenter: Michael Chipley, PhD, GICSP, PMP, LEED AP
Contact: Ryan Colker
202-289-7800


Online registration is closed.
« Go to Upcoming Event List  

The nation’s buildings are increasingly relying on building control systems (otherwise known as operational technology) that are Internet-enabled. These systems provide critical services that allow a building to meet the functional and operational needs of building occupants, but they can also be easy targets for hackers and people with malicious intent. Attackers can exploit these systems to gain unauthorized access to facilities; cause physical destruction of building equipment; be used as an entry point to the traditional informational technology (IT) systems and data; and expose an organization to significant financial obligations to contain and eradicate malware or recover from a cyber event.

The Advanced Cybersecuring Building Control Systems Workshop is geared towards building and information assurance professionals who have experience in IT or control systems cybersecurity but need to learn how to apply those skills to building control systems. This Workshop will provide a technical, in-depth training solution geared towards developing security professionals with the ability to approach security with an attacker mentality. This includes understanding and practicing techniques for footprinting, scanning and enumeration, exploitation, post exploitation, containment and eradication and reporting. Students will use Kali Linux and other exploit tools to gain entrance into the control system, pivot through the network, establish beacon command and control channels, modify logs to mask presence and exfiltrate data. Students will then contain and eradicate the exploit and prepare artifacts, event logs and develop an incident report.

The Workshop is built around key federal guidelines, including:  

  • Executive Order 13636—Improving Critical Infrastructure Cybersecurity (Issued February 19, 2013)
  • National Institute of Standards and Technology (NIST) Cybersecurity Risk Management Framework (Issued February 12, 2014)
  • NIST Special Publication (SP) 800-82 Rev. 2 Industrial Control Systems Security Guide Final Public Comment draft (Issued February 2015)

These new requirements will have a transformational impact on the traditional building design, construction, operation and protection of building control systems and will require facility and information assurance professionals to learn building control system cyber skills. (For more information, see the Whole Building Design Guide Cybersecurity Reference page [link].)

Workshop Overview

Classroom: Hacker Methodology

Lab: Footprinting using Google Hacking, Shodan, Kali Linux and SamuraiSTFU

Classroom/Lab: Scanning and Enumeration using NMAP, WireShark, Sophia, SCAP and STIGS

Classroom: Advanced Meter Infrastructure Attack Methodology, AMI Penetration Testing

Lab: Using SamuraiSTFU ModbusPal Emulator, Packet Capture for Control System Analysis

Lab: Exploitation using Metasploit, SamuraiSTFU

Lab: Privilege Escalation

Classroom: Post Exploitation and Wrap Up

NOTE

Students will need to bring a laptop with administrative privileges to load software. Course content, tools and lab exercises will be provided on a CD at the beginning of the Workshop.

Community Search
Latest News
Calendar

12/4/2016 » 12/8/2016
BUILDINGS XIII Conference

12/6/2016
Workshop: Your Building Control Systems Have Been Hacked, Now What?

1/9/2017 » 1/12/2017
Building Innovation 2017 Conference & Expo

4/18/2017 » 4/20/2017
ABAA Conference & Tradeshow