Are you seeing all security vulnerabilities and incidents in your OT systems? Only a few years ago, many grid operators were completely blind. They would only notice an incident if it would disrupt normal operations.
Since then, a lot has improved in gathering security data. Network-based sensors are being deployed in OT, and SIEM systems are used to gather logs. The risk now is rather data overload. One badly configured sensor can give thousands of false alarms today, burying the rare relevant events.
The solution needs to come from smarter analysts. You need people that can tune sensors to monitor for the biggest risks. Who can spot the one event that could come from an advanced threat, and can analyze this event to find out what happened.
In 2017, ENCS ran a highly valued member project on OT security monitoring. Security experts at ENCS and its member together defined use cases to cover the biggest security risks. New security sensors for OT were evaluated in a lab. And best practices were shared and written down in whitepapers.
ENCS has now made all this information available in a two days security operations training, so that anyone can quickly get the latest knowledge on OT security monitoring for use in their daily work
Who Should Attend the Operations Training?
The operations training is designed for staff responsible for finding vulnerabilities and detecting incidents in operational technology (OT) systems. This includes engineers and system administrators of OT systems who are specializing in security, as well as analysts of IT security operations centers and CSIRTs who are moving into OT.
Operations Training Objectives
Participants learn how to:
- choose monitoring use cases to counter the biggest security risks
- choose the right sensors and data sensors to cover the whole OT domain
- identify vulnerabilities and mitigations
- analyze alerts and possible incidents
- configure and use the new security sensors developed for OT
The operations training consists of the following modules:
1. Risk-based detection strategy
2. Vulnerability management
3. Misuse detection
4. Access monitoring
5. Reviewing action logs
6. Bringing it all together
The operations training emphasizes hands-on practice. Participants practice how to analyze incidents in exercises with realistic traffic captures or log files.
Training schedule: the training consists of two days:
- Day 1: 10:00 – 17:00
- Day 2: 9:00 – 15:00
Dinner: on the evening of Day 1 there is a dinner to allow for networking between the training participants. The dinner is included in the training price.
Prerequisites: participants are expected to have knowledge about:
- TCP/IP networking
Some Linux knowledge, and knowledge about the IEC 104 and IEC 61850 protocols is useful, but not mandatory.
Laptop required: participants are expected to bring their own laptop with Wireshark installed.
For more information contact us through the form below.
Costs of training
For full ENCS members, the costs are 1,500 euros per participant. For information and knowledge sharing members and non-members, the costs are 2,000 euros per participant. The dinner on day 1 is included in the training price.