Lecture and Codelab planning
| Week | Day | Lecture | Codelabs and Project Deliveries |
|---|---|---|---|
| P1 | Feb 16 | Course Introduction Understanding the stakes, the risks and the opportunities in OT as well as the key differences compared to IT |
Exercices, group definitions and collecting information for project activities |
| P2 | Feb 23 | Securing OT-relevant aspects of SCADA, DCS & ICS - part 1 Introduction to SCADA (Supervisory Control and Data Acquisition), DCS (Distributed Control Systems) and ICS (Industrial Control Systems) systems and related challenges. Introducing the Purdue Model (and mention of alternatives) as well as specific domain specificities. |
Exercices related to securing OT systems |
| P3 | Mar 02 | Securing OT-relevant aspects of SCADA, DCS & ICS - part 2 Introduction to SCADA (Supervisory Control and Data Acquisition), DCS (Distributed Control Systems) and ICS (Industrial Control Systems) systems and related challenges. Note: legal implications are briefly touched upon as well |
Exercices and project activities related to securing OT systems |
| P4 | Mar 09 | Communication technology relevant to OT environment - Part 1 Summary of general L2/L3 characteristics, their interworking options as well as the implications of air-gapped and connected systems. Overview of wired and wireless communication technologies deployed in OT. Separation of domain concerns and solutions to achieve these - with help of the Purdue Model. |
Exercices related to OT Communication technology Choice of an environment that will be used as project throughout the course |
| P5 | Mar 16 | Communication technology relevant to OT environment - Part 2 Summary of general L2/L3 characteristics, their interworking options as well as the implications of air-gapped and connected systems. Overview of wired and wireless communication technologies deployed in OT. Separation of domain concerns and solutions to achieve these - with help of the Purdue Model. |
Exercices related to OT Communication technology |
| P6 | Mar 23 | Visit to production plant | Deadline for delivering project Phase A |
| P7 | Mar 30 | Public Key Infrastructure in OT environments Overview of PKI (Public Key Infrastructure), role of PKI in securing OT, challenges and best practices of implementing PKI in OT |
Exercices related to PKI and application of PKI to the project |
| Apr 06 | EASTER Break | ||
| P8 | Apr 13 | Product lifecycle (PL) Introduction and stages of PL, Operation & Maintenance, End of Life (EOL) and decomissioning handling. Best practices and case studies of OT examples. We will, in particular, also look at issues related to key generation and key management |
Exercices related to Product Lifecycle Presentation of the threat model results on group environments |
| P9 | Apr 20 | Threat models in OT systems - part 1 Overview of threat models in OT systems, types of threats and vulnerabilities in OT systems, threat actors, vectors, impact and risk assessment. Study of a concrete case (e.g. Triton) |
Exercices related to OT Threat Modeling |
| P10 | Apr 27 | Threat models in OT systems - part 2 Overview of threat models in OT systems, types of threats and vulnerabilities in OT systems, threat actors, vectors, impact and risk assessment. Study of a concrete case (e.g. Triton) |
Exercices related to OT Threat Modeling |
| May 03 | Deadline for delivering project Phase B (03.05) | ||
| P11 | May 04 | Incident Response in an OT context - Part 1 Incident response in OT, key challenges, stages of IR, tools and study case |
Exercices related to OT Incident Response |
| P12 | May 11 | Incident Response in an OT context - Part 2 Incident response in OT, key challenges, stages of IR, tools and study case |
Exercices related to OT Incident Response Application of theory onto the concrete group environment |
| P13 | May 18 | Introduction to Standard IEC 62443 Overview of IEC 62443, key principles and concepts, application of IEC 62443 in different industries, benefits and challenges of implementing IEC 62443 |
Exercices related to Standard IEC 62443 |
| P14 | May 25 | Bank holiday | |
| P15 | June 01 | The application of Standard IEC 62443 Application of IEC 62443 in different industries combined with benefits and challenges of implementing IEC 62443, study of an exemplary, simplified, use case. Focus on weakness analysis, post-incidence analysis and auditing |
Exercices related to Standard IEC 62443 and Putting it all together: applying the course theory to the project |
| P16 | June 08 | Revision and time for questions (online session) | Deadline for delivering project Phase C |
| June 22 (TBC) | Exam |
Note
There may adaptations to the above planning depending on logistical aspects as well as new activities (e.g. visit of a real site).