Workshops Help Professionals Understand Cybersecurity for Building Control Systems
Monday, July 21, 2014
Institute to Hold Second Workshops August 27-28
Those building professionals who weren’t able to make it to the May Workshops on Cybersecurity of Building Control Systems have another chance: the National Institute of Building Sciences will sponsor a second round of the Cybersecurity Workshop series August 27-28 in Washington, D.C.
The Introduction to Cybersecuring Building Control Systems Workshop and the Advanced Cybersecuring Building Control Systems Workshop, taught by Michael Chipley, The PMC Group LLC, and Michael Morris, root9b, address an issue of increasing concern to organizations.
"The course was a great way for security industry manufacturers and manufacturers of critical infrastructure components to gain a better understanding of both the certification landscape, as well as the common threats facing their systems/devices today,” said Peter Boriskin, director of product management – electronic access control at ASSA ABLOY Americas. "We plan to utilize the information gained at the workshop to raise awareness internally of common threats and exploits, as well as leverage some of the tools to recommend more effective, robust network designs as 'good practice' for our integrators.”
The two workshops are geared to help architects, engineers, contractors, owners, facility managers, maintenance engineers, physical security specialists, information assurance professionals and essentially anyone involved with implementing cybersecurity in the facility life cycle to learn best practice techniques to better protect their facilities.
"I personally found the workshop and information presented on tools and services available from Homeland Security and other agencies to be of high value,” said Bob Mealey, chief business development officer at Lynxspring Inc. "It covered a great amount of information in one day, providing an excellent overview of issues related to cybersecurity in buildings. I also found the internet-based pen test tools that can be used against buildings a bit frightening, but valuable to know about. I strongly recommend that anyone with an interest in cybersecurity for buildings attend.”
The workshops are both built around Executive Order 13636—Improving Critical Infrastructure Cybersecurity, issued on February 19, 2013; the National Institute of Standards and Technology (NIST) Cybersecurity Risk Management Framework, issued on February 12, 2014; the draft NIST Special Publication (SP) 800-82 Rev. 2 Industrial Control Systems Security Guide, issued in May 2014; and the draft U.S. Department of Homeland Security (DHS) Interagency Security Committee "Securing Government Assets through Combined Traditional Security and Information Technology” White Paper, issued in November 2013. These new requirements will require facility and information assurance professionals to learn building control system cyber skills.
The Introduction to Cybersecuring Building Control Systems Workshop, to be held Wednesday, August 27, 2014, from 8:00 am to 5:00 pm EDT, is geared to those professionals new to the world of building cybersecurity. This course provides a combination of classroom learning modules to teach control system basics, protocols, how to use the information assurance risk management framework and hands-on laboratory exercises using tools and methods such as the DHS Cybersecurity Evaluation Tool (CSET) to inventory, diagram, identify, attack, defend, contain, eradicate and report a cyber event.
The Advanced Cybersecuring Building Control Systems Workshop, to be held Thursday, August 28, 2014, from 8:00 am to 5:00 pm EDT, is geared towards building and information assurance professionals who have experience in IT or control systems cybersecurity but need to learn how to apply those skills to building control systems. This course provides a more technical, in-depth training solution geared towards developing security professionals with the ability to approach security with an attacker mentality. This includes understanding and practicing techniques for footprinting, scanning and enumeration, exploitation, post exploitation, containment and eradication and reporting. Students will use Kali Linux and other exploit tools to gain entrance into the control system, pivot through the network, establish beacon command and control channels, modify logs to mask presence and exfiltrate data. Students will then contain and eradicate the exploit and prepare artifacts, event logs and develop an incident report.
Attendees of the Workshops will need a laptop with administrative privileges to load software. They will receive the course content, tools and lab exercises on a CD at the beginning of each Workshop.
The registration fee is $1,000 for the Introduction Workshop and $1,200 for the Advanced Workshop. However, since this is only the second time the National Institute of Building Sciences is offering these workshops, participants who attend the "beta trial run” of the Workshops can receive a discount of 50% off the full rate by using the code CYBER50.
Each Workshop is limited to 20 students. Register now for the Introductory Workshop and Advanced Workshop.
Can’t make the August dates? The Workshop series will also be held September 17 and September 18.