The ENCS architecture training teaches how to select technical security measures for Operational Technology (OT) systems. You learn how to assess the security risks to OT systems, and then choose measures to mitigate them.

Th architecture training teaches a reusable approach to designing security architectures for OT systems. The approach is based on the ISO 27005 and IEC 62443 standards. ENCS has developed the approach in the member projects on distribution automation, electric vehicles charging, and substation automation. ENCS has used it with individual members to design new systems, or redesign existing systems.

Who should attend the security architecture training?

The training for anyone responsible for choosing technical security measures for OT systems. This includes:

  • IT, network, and solution architects doing work on OT systems
  • System and network administrators designing OT systems
  • Security officers with a technical focus on OT

What will I learn in the training?

The training teaches to select technical security measures for OT systems based on security risks. To do this, you will learn:

  • how to divide an OT system into security zones
  • how to assess the security risks of a design or existing system
  • how to select the security measures that
    • sufficiently reduce the security risks
    • are feasible to implement on OT systems
  • how to evaluate the effectiveness of the implementation of measures

What is the training program?

In the training, you will work through practical cases. The cases cover the systems typically seen at grid operators. In each case, participant go through four steps:

  1. Zoning
  2. Risk assessment
  3. Selecting security measures
  4. Evaluating the implementation

The course consists of four cases:

1) Distribution automation RTUs, in which you learn:

  • How to define users and interfaces for a zone
  • How to assess the security risks for a zone by:
  • How to find measures that mitigate a threat
  • How to create a security test assignment for acceptance testing

2) The Wide-Area Network, in which you learn:

  • How to define conduits
  • How to create BowTie diagrams
  • How to assess the effectiveness of security measures using security levels
  • How to select security measures for the following IEC 62443 foundational requirements:
    • FR 3: System integrity
    • FR 4: Data confidentiality
  • How to evaluate the effectiveness of the implementation of cryptographic security measures

3) High-Voltage Substations, in which you learn:

  • How to identify which components in a zone implement security functionality
  • How to estimate the likelihood of threats given the security measures
  • How to assess the security risks for substation automation and protection systems
  • How to select security measures for the following IEC 62443 foundational requirements:
    • FR 1: Identification and authentication control
    • FR 2: Use control
  • How to choose between different authentication options (password or keys, centralized or not)
  • How to select security measures that are feasible for legacy and modern hosts
  • How to assess the feasibility of authentication for GOOSE

4) Central Systems, in which you learn:

  • How to divide a larger OT system into security zones
  • How to apply design patterns typical for the IT/OT interface, such as:
    • Demilitarized zones (DMZ) for data exchange
    • Jump servers for remote maintenance
  • How to select security measures for the following IEC 62443 foundational requirements:
    • FR 5: Restricted data flow
    • FR 7: Resource availability
  • How to evaluate the effectiveness of the implementation on operational server systems
Training location

Schiphol Airport – Amsterdam.

To allow for easy access and travelling we chose this location. 

Training duration

The training consists of two days.

Day 1: 10:00 – 17:00
Day 2: 09:00 – 15:00

On the evening of day 1 there is a dinner to allow for networking.

Knowledge before training

Before starting this training, you are expected to have a basic knowledge of OT systems, such as SCADA systems, and the security risks to such systems.

Costs of training

For ENCS members, the costs are 1,500 euros per participant. For non-members, the costs are 2,000 euros per participant.  The dinner on Day 1 is included in the training price.

More info? or Register?
click here