Critical Infrastructure and Industrial Control Systems Security Workshop
June 7, 1:30 - 5:00 pm
National Cyber Summit, Von Braun Center, Huntsville, AL
Workshop Information: Faculty from institutions designated as NSA-DHS National Centers of Academic Excellence (CAE) in the Southeast US (AL, FL, GA, SC, TN and PR) are invited to participate in a workshop that will provide guidance and resources on integrating critical infrastructure security and industrial control systems security into their courses.
Limited Travel Funding: Limited funds are available to support faculty travel from CAE institutions in the Southeast region defined above to the workshop. In order to receive a stipend you must register and be approved by the organizers. In order to be eligible for reimbursement or a travel stipend, attendees must participate in the full workshop, not be receiving travel support from any other source, and complete all required travel reimbursement/stipend forms. If you are approved for a travel stipend, you will be notified.
1:30 – 2:00 PM: Sign-in and Introductions
2:00 – 3:00 PM: Critical Infrastructure Security
Margaret Leary, Ph.D., CISSP, CRISC, CEH, CIPP/G
Director, NSA CAE National Resource Center
Northern Virginia Community College
Prof. Stephen Miller
Professor and Director of Information Systems/Cyber Security of Excellence
Eastern New Mexico University – Ruidoso
Introduces the new Critical Infrastructure Cybersecurity course sponsored, published, and made available to instructors for their free use by CyberWatch West. College instructors will learn from presenters Stephen Miller (Eastern New Mexico University - Ruidoso), and Margaret Leary (Northern Virginia Community College), how to adapt the eleven-lesson course for their institutions. The course was created in collaboration with George Mason University’s Center for Infrastructure Protection and Homeland Security, leveraging its graduate-level coursework to produce a beginning course suitable for undergraduate students with a basic understanding of network and computer security. Course materials can be accessed and downloaded from http://librarywp.whatcom.edu/press/cic/
3:00 – 4:00 PM: Introduction to Industrial Control System Security
Guillermo Francia III, Ph.D.
Distinguished Professor and Director, Center for Information Security and Assurance
Jacksonville State University
Industrial Control Systems (ICS) have been widely utilize to manage and automate critical infrastructures in various sectors such as those supplying and/or controlling essential energy, water, transport, chemicals, and various manufacturing processes. ICS typically consist of a combination of software, hardware, and human operators. The most common components found in ICS are Systems Control and Data Acquisition (SCADA), Distributed Control Systems (DCS) and Programmable Logic Controllers (PLC). A malfunctioning ICS due to inadvertent or malicious action can cause serious consequences to life, property, and economic well-being. Due to the increasing interconnectedness of these systems to enterprise Information Technology (IT) infrastructure, an exposure to cyber-attacks is enabled. It is imperative for the next generation of cyber warriors to gain an adequate knowledge and skill in protecting these systems.
In this segment of the workshop, participants will be provided with an overview of ICS security, ICS-related security standards, the ICS kill-chain and its application, and the value of ICS threat intelligence to security monitoring.
4:00 – 5:00 PM: Lectures and Lab Exercises to Teach SCADA Cybersecurity
University of Alabama Huntsville Computer Engineering Ph.D. Students:
Thiago Alves, Rishabh Das, Aaron Werth and SueAnne Griffith
UAH is currently developing a set of lectures and lab exercises to teach industrial control systems cybersecurity. Topics include introduction to SCADA control systems, networking in SCADA control systems, SCADA control system risk assessment, applying cybersecurity principals to SCADA, threats and vulnerabilities for SCADA control systems, and defending SCADA control systems. At project completion (projected August 2017) the lab and lecture materials will be available to other NSA-DHS Centers of Academic Excellence. The lab exercises use 3 virtual SCADA test beds developed at UAH. This section of the workshop will introduce the lecture materials, lab exercises, and virtual SCADA test beds.
Optional: SCADA Lab Tour, University of Alabama, Huntsville
Friday, June 9, 9:00 – 11:00 am
Tommy Morris, Ph.D.
Director, Center for Cybersecurity Research and Education
Associate Professor, Electrical and Computer Engineering
The University of Alabama in Huntsville
The UAH SCADA Security Laboratory includes 3 fully functional SCADA control systems; a gas pipeline, water storage tank, and water treatment plant. Each system is controlled by. Siemens Programmable Logic Controller (PLC) and the PLCs are connected to a Human Machine Interface by a local area network. Additionally, the SCADA Security Laboratory includes a Opal-RT real time digital simulator and SEL-421 distance protection relay configure for bulk electric transmission hardware in the loop simulation. This tour will provide an overview of the lab capacities, discuss research conducted in the lab, and provide demos of cyber-attacks against the lab control systems. Additionally, the OpenPLC will be introduced as a fully functional fully open PLC education and research.
|Dr. Eman El-Sheikh|
|Director, Center for Cybersecurity|
|University of West Florida|
This workshop is being coordinated and funded by the NSA CAE Regional Resource Center (CRRC) at the University of West Florida.