Assessing the Cybersecurity of New or Existing IACS Systems” (IC33)

The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation.  Per ISA 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).

This course will provide students with the information and skills to assess the cybersecurity of a new or existing IACS and to develop a cybersecurity requirements specification that can be used to document the cybersecurity requirements the project.

You Will Be Able to:

  • Identify and document the scope of the IACS under assessment
  • Specify, gather or generate the cybersecurity information required to perform the assessment
  • Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
  • Organize and facilitate a cybersecurity risk assessment for an IACS
  • Identify and evaluate realistic threat scenarios
  • Identify gaps in existing policies, procedures and standards
  • Establish and document security zones and conduits
  • Prepare documentation of assessment results


Dates Auf Anfrage
Length 3 days
Venue Fraunhofer-Institut für Optronik, Systemtechnik und Bildauswertung IOSB, Karlsruhe
Organizer ISA European Office

Classroom/ Labratory Exercises:

Critiquing system architecture diagrams

Asset Inventory

Gap Assessment

Windows Vulnerability Assessment

Capturing Ethernet Traffic

Port Scanning

Using Vulnerability Scanning Tools

Perform a high-level risk assessment

Creating a zone & conduit diagram

Perform a detailed cyber risk assessment

Critiquing a cybersecurity requirements specification

Who Should Attend:

Control Systems engineers and managers

System integrators

IT engineers and managers industrial facilities

IT corporate/security professionals

Plant Safety and Risk Management

Further Information / Registration

This Cybersecurity Kurs is organized by our cooperation partner ISA European Office. For further informations and registration please click here.

27.05.2020 - 29.05.2020 in Karlsruhe