Are you seeing all security vulnerabilities and incidents in your OT systems? Only a few years ago, many grid operators were completely blind. They would only notice an incident if it would disrupt normal operations.
Since then, a lot has improved in gathering security data. Network-based sensors are being deployed in OT, and SIEM systems are used to gather logs. The risk now is rather data overload. One badly configured sensor can give thousands of false alarms today, burying the rare relevant events.
The solution needs to come from smarter analysts. You need people that can tune sensors to monitor for the biggest risks. Who can spot the one event that could come from an advanced threat, and can analyze this event to find out what happened.
In 2017, ENCS ran a highly valued member project on OT security monitoring. Security experts at ENCS and its member together defined use cases to cover the biggest security risks. New security sensors for OT were evaluated in a lab. And best practices were shared and written down in whitepapers.
ENCS has now made all this information available in a two days training, so that anyone can quickly get the latest knowledge on OT security monitoring for use in their daily work
Who Should Attend This Training?
The training is designed for staff responsible for finding vulnerabilities and detecting incidents in operational technology (OT) systems. This includes engineers and system administrators of OT systems who are specializing in security, as well as analysts of IT security operations centers and CSIRTs who are moving into OT.
Participants learn how to:
- choose monitoring use cases to counter the biggest security risks
- choose the right sensors and data sensors to cover the whole OT domain
- identify vulnerabilities and mitigations
- analyze alerts and possible incidents
- configure and use the new security sensors developed for OT
Participants are expected to have knowledge about TCP/IP networking and Wireshark. Some Linux knowledge, and knowledge about the IEC 104 and IEC 61850 protocols is useful, but not mandatory.
The training consists of the following modules:
1. Risk-based detection strategy
2. Vulnerability management
3. Misuse detection
4. Access monitoring
5. Reviewing action logs
6. Bringing it all together
The training emphasizes hands-on practice. Participants practice how to analyze incidents in exercises with realistic traffic captures or log files.
The training will be held on 8 and 9 November 2022 and lasts two days. On the evening of Day 1 there is a dinner to allow for networking between the training participants. The dinner is included in the training price.
Costs of training
For full ENCS members, the costs are 1,500 euros per participant. For information and knowledge sharing members and non-members, the costs are 2,000 euros per participant. The dinner on day 1 is included in the training price.
Want to participate?
If you would like to participate, contact us through the form below or send us an email to firstname.lastname@example.org.