Online Certificate Course on Understanding OT Cyber security & IEC 62443

Operation Technology are computer based systems that control physical objects and parameters in the real world. Although these systems do process data, their main function is to monitor and control physical objects and parameters. Some examples of OT systems include:

· Industrial Automation and Control Systems (including DCS/PLC/SCADA/SIS)

· Building Automation Systems

· Heating, Ventilation & Air Conditioning (HVAC) Control Systems

· Ship Steering & Control Systems

· Marine Port cranes

· Automated Warehouse Stacking Systems

There are more such systems and they are in many different industrial sectors.

Why is OT Cybersecurity different from IT cybersecurity?

Both OT systems and IT systems are computer based systems that may be vulnerable to cyberattacks. A cyber attack on an IT system may result in loss of data, information and perhaps money, however an attack on an OT system may result in not only loss or theft of data, but may also lead to physical consequences such as fires, explosions, loss of containment, equipment damage, harm to people and harm to the environment.

Many OT systems that exist today are insecure from the design stage itself, since it was never envisaged that they would be the target of cyber attacks.

Additionally, the priorities of defending OT systems and IT systems are different, so the strategies and techniques are also different. For IT systems confidentiality of data is a priority whereas for OT systems, availability is a priority. Furthermore OT systems may be a few generations older than IT systems and the tools used to protect IT systems may not be suitable for protecting OT systems.

Additionally, the standards that govern OT systems (such as IEC 62443) are different from IT cyber security standards.

Contents :

1. Introduction to Operational Technology (OT) systems.

2. Differences between OT security and IT security.

3. Basic Concepts of OT security- Threats, Vulnerabilities & Attacks

4. Case Study of an OT attack

5. Introduction to CSMS

6. Introduction to IEC 62443

7. Overview of individual parts of IEC 62443

IEC 62443-1-1

IEC 62443-2-1

IEC 62443-2-3

IEC 62443-2-4

IEC 62443-3-1

IEC 62443-3-2

IEC 62443-3-3

IEC 62443-4-1

IEC 62443-4-2

8. Carrying out OT Security Risk Assessment

9. Q & A

Speaker

Sudhendu is an experienced DIFIR and ICS Security Researcher. With a remarkable breadth of technical prowess, his expertise spans across diverse domains such as Networks, Operating Systems, Industrial Control Systems, embedded devices, etc.

His remarkable journey in the field of technology has led him to become a stalwart in areas ranging from Digital Forensics and Incident Response (DFIR) to Cyber Threat Intelligence (CTI), Malware Analysis, Threat Analysis, and Risk Assessments. His extensive experience in industry standards and frameworks including NIST, ISA/IEC 62443, NERC-CIP, ISO 21434, J3061, ISO27K, speaks volumes about his commitment to cyber security excellence.

With a background in Industrial Control Systems (ICS) and both manual and automated robotics, Sudhendu brings a wealth of practical knowledge to the table. He is a member of GIAC advisory board. A dynamic and proactive participant in various cyber security communities, such as the Null open security community and OWASP Mumbai Chapter, Car hacking village, he actively contributes to the discourse on cyber security and technology. He has delivered talks for various platforms, colleges, and universities like National Forensic Sciences University (NFSU), Mumbai University, etc.

His interests traverse the spectrum from OT/ICS security to the exciting realms of Malware analysis, Robotics, Automotive, and IoT security.

Who Should Attend?

Contact Details :

Revati Khare || Assistant Director – Information & Communication Technology Committee
Email : revati.khare@bombaychamber.com
Tel. (D) + 91 22 6120 0231; (M) + 91 9892029473