Assessing the Cybersecurity of New or Existing IACS Systems (IC33) provides the information and skills needed to assess the cybersecurity of a new or existing industrial automation and control system (IACS) and develop a cybersecurity requirements specification (CRS) that can be used to document the project's cybersecurity requirements.
IC33 focuses on the first phase of the IACS cybersecurity lifecycle, as defined in ISA/IEC 62443-1-1 standard. Learn to identify and document IACS assets and perform cybersecurity vulnerability and risk assessments to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA/IEC 62443-2-1, these assessments need to be performed on both new (i.e., greenfield) and existing (i.e., brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets and documenting the cybersecurity requirements in a CRS.
Certificate Program: IC33 is the second course in the ISA/IEC 62443 Cybersecurity Certificate Program. Pass the exam to earn the ISA/IEC 62443 Cybersecurity Risk Assessment Specialist certificate. Course registration includes one exam fee.
Required Prerequisites
Successful completion of Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) and passing the ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate exam are mandatory prerequisites for this course.
Who Should Take IC33?
Control systems engineers and managers
System integrators
IT engineers and managers in industrial facilities
Plant managers
Plant safety and risk management personnel
Learning Objectives
Identify and document the scope of the IACS under assessment
Specify, gather, or generate the cybersecurity information required to perform the assessment
Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
Interpret the results of a Process Hazard Analysis (PHA)
Organize and facilitate a cybersecurity risk assessment for an IACS
Identify and evaluate realistic threat scenarios
Identify and assess the effectiveness of existing countermeasures
Identify gaps in existing policies, procedures, and standards
Evaluate the cost, complexity, and effectiveness of new countermeasures to make meaningful recommendations
Establish and document security zones and conduits
Develop a Cybersecurity Requirements Specification (CRS)