In-depth training IEC 62443 (10/24)

Oslo
22.10.24 - 23.10.24

In-depth training IEC 62443: The protection of operating facilities against cyberthreats requires the cooperation of all involved actors: asset owners and operators, service providers for integration or maintenance, and product suppliers.

You experience how the concepts and contents of ISA/IEC 62443 can be used for the protection of operating facilities. The instructor will help you step by step through the elements of holistic Security Protection Schemes. You will learn about the contributions of product suppliers, service providers and asset owners in each phase of the life cycle of an operating facility.

Target audience:
Asset owners: Manager of operating facilities, Responsible for IT networks of operating facilities, CISO / ISO / Responsible for cybersecurity of operating facilities, Responsible for policies and procedures
Service providers: System architects, Project leaders, CISO / ISO / Responsible for cybersecurity in projects, Responsible for policies and procedures
Product suppliers: CISO / ISO / Responsible for cybersecurity in development

Learning targets:
Asset owners get to know which support they can request from service providers and product suppliers. Also how to protect their operating facilities, and which is their own contribution.
Service providers experience which capabilities regarding processes and technologies are necessary for developing risk-based protection concepts. They also learn about their activities and the scope of their responsibilities in the development of a Security Protection Scheme. The contributions of product suppliers to support the development and operation of Security Protection Schemes will be described.

The instructor of In-depth training IEC 62443, is Dr. Pierre Kobes. He is author of the book “Guideline Industrial Security – IEC 62443 is easy!”.

Other NFEA events can be found HERE!

Program (the program is subject to change)

  • 08:45

    Registration / Coffee

  • 09:00

    Introduction

    • Overview of ISA-99 and IEC 62443
    • Exercise on a hacking demo
  • 10:00

    Basic concepts of IEC 62443

    • What constitutes an IACS
    • Roles and responsibilities
    • Defense-in-depth
    • Elements of a security program
    • IACS lifecycles and product lifecycles
    • Risk-based approach
    • Security Levels and Maturity Levels
    • Security Protection Ratings (SPR)
  • 11:30-12:15

    Lunch

  • 12:15

    Basic concepts of IEC 62443 (continued)

  • 13:45

    Break

  • 14:00

    Basic concepts of IEC 62443 (continued)

  • 14:30

    IEC 62443-2-1

    • Duties of asset owners
    • Security Program (SP) and Security Protection Schemes (SPS)
    • Security Program Elements
  • 15:30

    Break

  • 15:45

    Combining ISO/ IEC 27001 and IEC 62443

    • Combining IT and OT security requirements for the protection of operating facilities
    • Grouping of security requirements
  • 16:30

    IEC 62443-4-1

    • Secure product development lifecycle requirements
    • Duties of products suppliers for the protection of operating facilities
  • 17:15

    Final discussion

  • 17:30

    End day 1

  • 08:30

    Wrap-up

    • Summary of day 1
    • Analysis of a threat scenario
  • 09:15

    IEC 62443-3-3, IEC 62443-4-2

    • System security requirements to products and automation solutions and IACS
    • Technical security requirements to IACS components
  • 10:15

    Break

  • 10:30

    Deep dive in IEC 62443-3-2

    • Risk-based approach for system partitioning in zones and conduits
  • 11:30

    Lunch

  • 12:15

    IEC 62443-2-4

    • Duties of system integrators and maintenance service providers
  • 13:00

    Activities in the lifecycle of Security Protection Schemes

    • Cybersecurity Requirement Specification
    • Design and implementation of technical security measures
    • Use of SPR during design and implementation
    • Initial validation of technical and organizational security measures
    • Operation of a Security Protection Scheme
    • Periodic revalidation of a Security Protection Scheme
    • Update and maintenance of a Security Protection Scheme
    • Use of SPR during operation and maintenance
  • 13:45

    Break

  • 14:00

    Activities in the lifecycle of Security Protection Schemes (continued)

  • 15:00

    Simplified use of Security Protection Ratings

    • Use of views in specification phase
    • Use of views in integration / commissioning phase
    • Use of views in operation / maintenance phase
  • 15:20

    Final discussion

  • 15:30

    The end

Registration

Presenters

Dr. Pierre Kobes

Dr. Pierre Kobes has a longstanding experience in the automation division of Siemens. He was responsible during the last ten years of its career for cybersecurity  standards, regulations and certifications. He influenced significantly the development of the standard series ISA/IEC 62443 and is author of the book “Guideline Industrial Security – IEC 62443 is easy!”.

He is active in German and international standardization committees and propagates a holistic approach for the protection of operating facilities as well as the integration of security in development and production of automation products.

Practical information

Date

22.10.24 - 23.10.24

Location

Scandic St Olavs plass
Sankt Olavs Plass 1
0165 Oslo

Venue: Inspektøren

Participation fee

  • Member kr. 8000,-
  • Non member kr. 10 500,-

Accommodation

Each participant must book their own accomodation.

For Scandic St. Olav, CLICK HERE!

Other information

HERE you will find NFEAs Terms for cancellation and refund


From evaluation of the course that took place in September 2023:

  • I was new to the topic, but the course instructor presented the content in a clear and very confident manner. Highly recommended!
  • Good overall. Great arena for discussions. Very informative for just 2 days.
  • Well performed and well structured presentation by skilled and enthusiastic instructor. Good interaction with participants.
  • It was great!

Average rating: