Contact Us   |   Your Cart   |   Sign In   |   Join
Cybersecuring DoD Control Systems Workshop (April 2016)
Tell a Friend About This EventTell a Friend
 

The Cybersecuring DoD Control Systems Workshop is geared to help anyone involved with implementing cybersecurity in the facility life cycle—to learn the best practice techniques to better protect DoD facilities.

4/14/2016
When: Thursday, April 14, 2016
8:00 AM - 5:00 PM (EDT)
Where: National Institute of Building Sciences
1090 Vermont Avenue, NW
Suite 700
Washington, District of Columbia  20005-4950
United States
Contact: Ryan Colker
202-289-7800


Online registration is closed.
« Go to Upcoming Event List  

The Cybersecuring DoD Control Systems Workshop is geared to help architects, engineers, contractors, owners, facility managers, maintenance engineers, physical security specialists, information assurance professionals—essentially anyone involved with implementing cybersecurity in the facility life cycle—to learn the best practice techniques to better protect DoD facilities.

Department of Defense Instruction (DoDI) 8500.01 and DoDI 8510.01 incorporate Platform Information Technology (PIT) and PIT systems into the Risk Management Framework (RMF) process. PIT may consist of both hardware and software that is physically part of, dedicated to or essential in real time to the mission performance of special-purpose systems (i.e., platforms). PIT differs from individual or stand-alone IT products in that it is integral to a specific platform type, as opposed to being used independently or to support a range of capabilities (e.g., major applications, enclaves or PIT systems). A Control System (CS) is a specific type of PIT that consists of combinations of control components (e.g., electrical, mechanical, hydraulic, pneumatic) that act together to achieve an objective (e.g., transport matter or energy, or maintain a secure and comfortable work environment). 

The Cybersecuring DoD Control Systems Workshop will include hands-on classroom exercises and labs to footprint a CS as a hacker would do; use the Cyber Security Evaluation Tool (CSET) to establish a risk baseline and create a System Security Plan; and use the enterprise Mission Assurance Support System (eMASS) to load projects using the new DoDI 8510.01 RMF process. Attendees will gain in-depth experience on using the Committee on National Security Systems Instruction (CNSSI) 1253; National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 R4; NIST SP 800-82 R2; the Joint Staff Mission Assurance Vulnerability Benchmarks 2015, the J-BASICS Advanced Cybersecurity Instructions Tactics, techniques and Procedures 2016, and other key publications and tools to load and manage a project through the six steps of the RMF.

Workshop Overview

0800-0900   Unit 1 Overview of DoDI 8500/8510 RMF and PIT ICS, NIST Standards & Drivers, CS Protocols

0900-1000   Unit 2 Footprinting using Whois, Google Hacking, Google Earth, BING, Shodan, Kali Linux, SamuraiSTFU, NMAP, Sophia, Wireshark, Software
Content Automation Program

1000-1015   Break

1015-1200  Unit 3 Using CSET: SAL, Network Arch Diagram, Inventory, Templates, Security Controls Evaluation, Reports, Data Aggrega-tion & Trending, System Security Plan

1200-1300   Lunch

1300-1330   Unit 4 Hacker Methodology, Attacking and Defending, Response and Recovery, Incident Reporting

1330-1430   Unit 5 J-BASICS TTPs, JMA Vulnerability Benchmarks

1430-1445   Break

1445-1530   Unit 5 RMF KS Control Systems Webpage, eMASS; demonstration, Using the Interim Excel files for uploading into eMASS

1530-1615   Create Organization Platform Enclaves and Other PIT IT Registries Examples, Wrap Up Q&A

Bonus Section 1 - SamuraiSTFU Modbus Pal, Wireshark Packet Captures
Bonus Section 2 - Kali Linux Metasploit Gaining Access and Privilege Escalation

Presenter: Michael Chipley, The PMC Group LLC

Community Search
Latest News
Calendar

9/28/2016
BSSC Webinar: Response Spectrum Analysis/Linear Response History Analysis

10/4/2016
Workshop: Your Building Control Systems Have Been Hacked, Now What?

10/12/2016
Workshop: Zeroing in on Schools: Transforming New and Existing K-12 Buildings to Zero Energy

10/18/2016
Introduction to Cybersecuring Building Control Systems Workshop (October 2016)