Contact Us   |   Your Cart   |   Sign In   |   Join
Workshop: Your Building Control Systems Have Been Hacked, Now What?
Tell a Friend About This EventTell a Friend
 

This is BETA 2 of the Institute-sponsored workshop that answers the question of what to do when building control systems have been hacked or taken over by ransomware. It is intended for building owners, facility managers, engineering, physical security, information assurance and other professionals involved with the design, deployment and operation of building control systems.

 Export to Your Calendar 12/6/2016
When: Tuesday, December 6, 2016
8:00 am - 5:00 pm ET
Where: WESCO/CSC - Communications Supply Corporation
602 East Diamond Avenue
Gaithersburg, Maryland  20877
United States
Presenter: Michael Chipley, Daryl Haegley and Eric Nickel
Contact: Ryan Colker
202-289-7800


Online registration is closed.
« Go to Upcoming Event List  

Your Building Control Systems Have Been Hacked, Now What?
Tactics, Techniques and Procedures Workshop

This workshop, sponsored by the National Institute of Building Sciences, is intended for building owners, facility managers, engineering, physical security, information assurance and other professionals involved with the design, deployment and operation of building control systems. It will provide a combination of classroom learning modules and hands-on laboratory exercises to learn how to detect, contain, eradicate and recover from a cyber event.

The workshop, taught by Michael Chipley, PhD, GICSP, PMP, LEED AP; Daryl Haegley, OCP, CCO; and Eric Nickel RCDD, CEH, CEP, is built around the Advanced Control System Tactics, Techniques and Procedures (TTPs) developed by the U.S. Cyber Command (USCYBERCOM), which provide detailed step-by-step guidance to respond to a cyber attack.

During the one-day workshop, attendees will use the Cyber Security Evaluation Tool (CSET), GrassMarlin, Glasswire and Belarc tools to create a fully mission-capable (FMC) baseline, which consists of documentation that characterizes the control system, such as the topology diagram, enclave entry points, user accounts, server/workstation documentation and network documentation.

Next, attendees will conduct footprinting and learn how to find building control systems exposed on the internet using Google Hacking, Shodan and WhiteScope discovery tools. Attendees will then build a Recovery Jump-Kit that contains the tools the control systems team and information technology (IT) team will need to restore a system to its last FMC state during mitigation and recovery. Using the Recovery Jump-Kit, attendees will then find and eradicate the malware using tools such as MalwareBytes and the Microsoft Internals suite, and learn how to perform data collection for forensics, which involves the acquisition of volatile and non-volatile data from a host, a network device and control system field controllers. Lastly, attendees will evaluate the cyber severity of the incident and prepare an incident report.

Attendees will need a laptop with administrative privileges to load software. Course content, tools and lab exercises will be provided on a CD at the beginning of the workshop.

For more information, see the Whole Building Design Guide Cybersecurity Reference page.

Students will need a laptop with administrative privileges to load software. Course content, tools and lab exercises will be provided on a CD at the beginning of the Workshop.

Because the Institute is offering this course for the first time, participants who attend the “trial run” of the workshop will receive a discounted rate of $300. That's 50% off the full registration price.

The Workshop is limited to 20 students.

Workshop Overview

Classroom: Advanced Cyber Tactics, Techniques, Procedures Concepts (Chapters 2 through 4)

Lab: Using the CSET and GrassMarlin tools to create Enclave, Network Architecture/Topology, and Component inventory

Classroom/Lab: Enclosure E and Appendix A: Create a Fully-Mission Capable (FMC) Baseline

Classroom/Lab: Enclosure F: Create a Jump-Kit

Break

Lab: Introduction to Google Hacking, Shodan, VMWare, Kali Linux, SamuraiSTFU tools

Lunch

Classroom: Enclosures A, B, and C: Detection, Mitigation, Recovery procedures

Classroom/Lab: Enclosure G: Data Collection For Forensics, Using the GlassWire, MalwareBytes, MS EMET and Sysinternals, and OSForensics tools

Break

Classroom: Enclosure F: Cyber Severity Levels, Incident Reporting

Classroom: Wrap-up

Registration Cancellation Policy

Cancellations must be made in writing two weeks prior to the Workshop date for a 50% refund. You may elect to transfer your registration to a Workshop held at a later date without penalty. Substitutions of attendees must be made in writing within three days of the Workshop date. No refunds will be issued on cancellations received after the two week cutoff. No refunds will be issued for Conference no-shows. Qualified refunds will be issued following the event. Requests should be sent in writing via fax to 202-289-1092 or via email to ptowns@nibs.org.


Community Search
Latest News
Calendar

12/4/2016 » 12/8/2016
BUILDINGS XIII Conference

12/6/2016
Workshop: Your Building Control Systems Have Been Hacked, Now What?

1/9/2017 » 1/12/2017
Building Innovation 2017 Conference & Expo

4/18/2017 » 4/20/2017
ABAA Conference & Tradeshow