Kaspersky Lab and Fraunhofer IOSB Raise Awareness of ICS Cybersecurity with Specialized Training

Today, Kaspersky Lab Industrial Control Systems, Cyber Emergency Response Team (ICS CERT) and the Fraunhofer Institute of Optronics, Systems Technologies and Image Exploitation (IOSB), are introducing a new training program designed to raise ICS cybersecurity awareness and skills. The program, Advanced Industrial Cybersecurity in Practice, consists of courses aimed both at IT security specialists responsible for industrial cyber protection and ICS engineers who need to consider cybersecurity in their work.

Connectivity has become an integral part of industrial processes but it can also leave organizations more exposed to cyberthreats that can have wide-ranging physical impact. In an industrial organization, ICS cybersecurity may not always get the same level of attention as protection for the corporate infrastructure, but improvements must be made with more than 40 percent of ICS computers attacked in the first half of 2018 alone.

In addition, operational technology (OT) is at risk of advanced threat actors targeting industrial infrastructures. Threats like Triton, Industroyer/Crashoverride, the Energetic Bear/Crouching Yeti APT, Shamoon, BlackEnergy and others, are constantly evolving in order to penetrate ICS-equipped facilities for the purpose of cyberespionage, sabotage and intellectual property theft. The new training from Kaspersky Lab ICS CERT and Fraunhofer IOSB will deliver expert advice on how to combat these types of threats to industrial organizations. 

Tailored cybersecurity measures can protect organizations from both ICS-specific and generic attacks. Through a series of interactive modules, hands-on exercises, attack examples and simulations, participants will learn the difference between IT and OT and the protection needed, how an attack can be launched and what defensive measures can be implemented, as well as which standards apply to ICS cybersecurity.

“IT security specialists may not have sufficient knowledge of the OT in industrial organizations, while OT engineers may lack expertise in protecting critical infrastructure from emerging threats,” says Evgeny Goncharov, head of the ICS CERT at Kaspersky Lab. “That’s why we are sharing our knowledge with OT engineers, IT specialists and IT security staff, giving them a comprehensive picture of the state of industrial cybersecurity and helping them to develop a skillset and awareness for dealing with ICS cybersecurity challenges.”

“Industrial control systems are at the heart of manufacturing processes, energy providers, utility companies, and more,” said Christian Haas, head of Fraunhofer IOSB's Cybersecurity Training Lab. “If something goes wrong with any of these systems, there can be harsh consequences for businesses, but also for the people that rely on industry everyday – for example for their gas, electricity, or water supplies. That’s why it’s vital that these systems are secure from threats and with ICS being increasingly connected to wider networks and the online world, that security needs to provide protection against cyberthreats. We hope that through this partnership, our training sessions will help organizations to mitigate the risk factors.”

The new Kaspersky Lab ICS CERT and Fraunhofer IOSB training courses launch today with the first two-day session taking place in Ingolstadt, Germany. This session provides participants with:

• An overview of the current threat landscape, security issues, human factors and ICS attacks
• An understanding of cybersecurity in IT and ICS environments, as well as explains the differences between IT and OT and how to bridge the gaps between them
• An understanding of how to apply prevention, detection and mitigation techniques to an ICS environment
• An understanding of network topologies and the workings of network security technologies
• An overview of cybersecurity roles, team structures, as well as common security mistakes made by people in particular roles

The training is likely to be of particular interest to IT specialists, cybersecurity practitioners and OT engineers. It can also be tailored and conducted for individual organizations according to their requirements. 

The next training session will also take place in Ingolstadt, Germany, December 4-5, 2018. To learn more about upcoming training sessions and to reserve a spot, please contact [email protected].