January Workshops to Address Security Issues of Increasing Concern to Organizations
Monday, November 10, 2014
Institute Cybersecurity Workshops Return January 21-22, 2015
(Note: dates changed from December 3-4, 2014)
Cybersecurity is a key issue for a growing number of organizations as the nation’s buildings are increasingly relying on building control systems (otherwise known as operational technology) that are Internet-enabled. These systems provide critical services that allow a building to meet the functional and operational needs of occupants, but they can also be easy targets for hackers and people with malicious intent. Attackers can exploit these systems to gain unauthorized access to facilities; cause physical destruction of building equipment; be used as an entry point to infect or sabotage traditional information technology (IT) systems and data; and expose an organization to significant financial obligations to contain and eradicate malware or recover from a cyber event.
The National Institute of Building Sciences sponsors a series of workshops on cybersecurity to provide essential training and information on protecting building control systems. The Institute will repeat these educational workshops taught by Michael Chipley, The PMC Group LLC, and Eric Bodkin, root9b on December 3-4, 2014. The Introduction to Cybersecuring Building Control Systems Workshop and the Advanced Cybersecuring Building Control Systems Workshop address critical information on protecting the Internet-enabled building control systems relied on by an increasing number of the nation’s buildings.
The Introductory Workshop, to be held Wednesday, January 21, is intended for those professionals new to the world of cybersecurity, including facility, engineering, physical security, information assurance and other professionals involved with the design, deployment and operation and cybersecuring of building control systems. It will provide a combination of classroom learning modules to teach control system basics, protocols, how to use the information assurance risk management framework and hands-on laboratory exercises using tools and methods to inventory, diagram, identify, attack, exploit, contain and eradicate a cyber event.
The Advanced Workshop, to be held Thursday, January 22, is geared towards building and information assurance professionals who have experience in IT or control systems cybersecurity but need to learn how to apply those skills to building control systems. This Workshop will provide a more technical, in-depth training solution geared towards developing security professionals with the ability to approach security with an attacker mentality. This includes understanding and practicing techniques for footprinting, scanning and enumeration, exploitation, post exploitation, containment and eradication and reporting. Students will use Kali Linux and other exploit tools to learn how to gain entrance into the control system, pivot through the network, establish beacon command and control channels, modify logs to mask presence and exfiltrate data. Students will then learn Hunt skills to identify malware in a system, how to contain and eradicate the exploit, prepare artifacts, event logs and develop an incident report.
Attendees of the Workshops will need a laptop with administrative privileges to load software. They will receive the course content, tools and lab exercises on a CD at the beginning of each Workshop.
The registration fee is $1,000 for the Introduction Workshop and $1,200 for the Advanced Workshop. However, the National Institute of Building Sciences is offering these workshops at a discount of 50% off the full rate with the code CYBER50.
Register now for the Introductory Workshop and Advanced Workshop.