Cybersecurity for Components

TÜV Rheinland offers this training within the new TÜV Rheinland Cybersecurity Training Program.

Participants have the possibility to obtain an official verification of their expertise in Cybersecurity. By continuous participation in this 4 day training and passing a final exam successfully, they will receive a "CySec Specialist (TÜV Rheinland)" certificate.

This certificate states that specific knowledge within the field of Cybersecurity in Industrial Application for Component design and development has been achieved.

The training focuses on technical details regarding the development of system components which need to fulfill a Security Level (SL). All requirements of relevant standards to achieve a product with a defined security level, will be introduced and discussed.

Emphasis will also be put on the analysis of weak points, specific security related product development and documentation issues as well as required test or assessment processes.

Contents of this training refer to the international standard IEC 62443. Topics will be explained and discussed on the basis of concrete examples.

We recommend to attend the one-day workshop "Cybersecurity in Industrial Automation" as preparation for the training.

Target Group

Developers, testers, programmers, project managers etc. who are responsible for the development of control systems and network components for industrial automation.

Agenda

Show all Hide all

Day 1

Security in Industrial Automation and Control Systems (IACS)

Security Incidents and Lessons Learned
Status and Future of IACS
Attackers and their Motivation

Basics of Cybersecurity

Definition of Cybersecurity
Fundamental Security Principles
Comparison IT-Security / Cybersecurity
Relation between Functional Safety and Cybersecurity
Terms of Cybersecurity
Defense in Depth

Cryptography

Symmetric / Asymmetric Cryptography
Hash Function

Cryptanalysis

Brute-Force Attack
Analytical Attack

Legal Aspects

Security Directive for Network and Information Systems
IT Security Law

Security Level

Security Zones
Security Level Capability
Security Level Vector

Day 2

Management Plan

Development Process
Configuration Management
Device Categories
Process Tailoring
Product Integrity / Code Signing
Processes for externally provided components
Security Related Issue Handling

Security Risk Assessment and Threat Modelling

STRIDE Model

Secure Software Development Process

Security Requirements Speciﬁcation
- How to Specify
- What to Specify

Software Architecture Design
- Network Design
- Data Resources
- Attack Surfaces
- Interface Description

Detailed Software Design
- Design Properties / Methods
- Best Design Practices
- Input Validation

Module Implementation
- Coding Standard
- Static Analysis
- Code Review

Module Testing
- Equivalence Classes
- Boundary Value Analysis
- Structure Based Testing

Day 3

Security Verification and Validation

Functional Testing
Threat Mitigation Testing
Penetration Testing
Fuzzing

Patch- and Update Management

Security Guidelines

Technical Requirements and Application of IEC 62443-4-2

Identification and Authentication Control
Use Control
System Integrity
Data Confidentiality
Restricted Data Flow
Timely Response To Events
Resource Availability

Day 4

Exam: duration approx. 3-4 hours.

Requirements for the "CySec Specialist (TÜV Rheinland)" Certificate

Participants shall fulfil the following requirements:

A minimum of 3 years experience in the field of safety or security of industrial control systems.
technical degree (Bachelor, Master, Diplom or similar) as engineer, IT specialist or professional, computer scientist, physicist

equivalent experience and responsibilities as certified by employer.

(Persons without any experience may attend the training and exam. In case of passing the exam the CySec Specialist (TÜV Rheinland) certificate will be issued as soon as 3 years of required business experience are fulfilled.)

Price

€ 2.390 without VAT

includes exam, training proceedings, lunch, refreshments.

€ 2.090 without VAT

without exam.

Contact

Search: