IEC 62443 Training “Cyber Security for OT”
Cyber Security for Industrial Automation & Control Systems (IACS)
“Take control over your security risks with the IEC 62443”
Therefore, Hudson Cybertec created a complete cyber security training course based upon the IEC 62443 standard for Industrial Automation and Control Systems (IACS). It was developed for everyone involved in manufacturing and process installations, building-related installations such as building management systems, HVAC, access control, CCTV and intruder alarm systems. This training is also of interest to anyone interested or involved in the development of smart industry, Industry 4.0, Smart Cities, IoT or IIoT (Industrial Internet of Things).
During the three-day program you will become familiar with relevant cyber security terminology, you get an excellent understanding of the IEC 62443 Standard and you will learn to apply your new knowledge and skills within the practice of your own organization.
Training locations in the Netherlands are being expanded with locations in Apeldoorn and Woerden, and outside the Netherlands we currently have training facilities in Germany, Sweden, Finland and Norway.
Target Audience
This low-threshold training is designed for employees in all companies with Industrial Automation & Control Systems (IACS). Whether your people have an IT background, are an engineer or operator, are responsible for security, or otherwise are involved with Industrial Automation & Control Systems within your organization, this training course is intended for them. The training course has a general session for all attendees, a session targeted towards end users and a session targeted towards system integrators.
Exam
The training course is designed with the current EU guidelines and upcoming legislation in mind. The upcoming legislation concerns the ability of the organization to demonstrate possession of cyber security knowledge for the technical domain (IACS). Each participant will receive a certificate of participation after the full training is completed. You can take an IEC 62443 cyber security exam. If you pass the exam, you will receive the certificate ‘IEC 62443 Security Professional Industrial Automation and Control Systems’. This certificate demonstrates that the participant has sufficient knowledge of cyber security in an IACS environment and can set up and implement policies in accordance with IEC 62443 and European regulations (NIS). Just like the training, the exam also has two variants, one for end users and one for system integrators.
Benefits
The benefits of the IEC 62443 training are:
- Highly accessible training, regardless of the level of knowledge, especially regarding security of your primary processes
- Effective knowledge enrichment for several people at once
- You will receive practical information you can use immediately in your organization
- The training provides a solid foundation for managing cyber security within your organization
Program
The below overview shows the subjects that will be handled during the training. The last day of the training, end-users and System Integrators will split up.
Day 1
- Discussion of the IEC 62443 standards
- Definition of cyber security
- Differences between IT and OT
- How do cyber-attacks work?
- Applications used for hacking
- Relevant (European) legislation
- General design of a Cyber Security Management System (CSMS)
- Practical Exercises CSMS
Day 2
- Risk analysis
- Assessing, improving and maintaining the CSMS
- Establish a cyber security organization
- IEC 62443-3-2 Standardization Overview
- IEC 62443-3-3 Standardization Overview
- IACS zones and conduits
- Practical exercises risk analysis, zones & conduits model, maintenance CSMS
- Security levels
- System requirements
Day 3
End-users
- Risk analysis in depth
- Setup of a cyber security organization in depth
- CSMS in depth
- Practical use of IEC 62443 standards
- Interactive discussion
- Closing
System Integrators
- IEC 62443-3-3 standard in depth
- IEC 62443-2-4 standard in depth
- IEC 62443-4.x standard
- Practical use of IEC 62443 standards
- Interactive discussion
- Closing
Exam & Certification
To be able to enroll for the IEC 62443 exam, you must have completed the training course ‘IEC 62443: Cyber security for Industrial Automation & Control Systems (IACS)’, less than one year ago.
If you pass the exam, you will receive an exam certificate that demonstrates that you have sufficient knowledge of cyber security in an IACS environment to be able to set up and implement a policy in accordance with IEC 62443 and European regulations. This certificate is valid for a period of 2 years after receipt.
If you fail your exam, you can take a new exam within one year after completion of the training. Exams are held every three months. If you completed your training more than one year before the date of the exam, you will have to follow the full training again to be able to take the exam.
Examinations are conducted by IBEX (part of Kiwa). In 2022, Kiwa was designated by the IECEE to perform certifications as part of the IEC 62443 series of standards. The certificate is internationally recognised.
Exams
Like the training, the exam comes in two forms:
- End Users
- System Integrators
Cost: €215,- Excl. VAT per person.
Incompany Training
Following training in a way that suits you
All training courses can be followed in-company. Our trainers will visit you and provide the training at your own organization. The Elementaries and IEC 62443 training can also be followed via open registration at the Hudson Cybertec Academy in The Hague.
Open enrolment or incompany
You can register individually for various training offers. These open registration training courses are given at the Hudson Cybertec Academy in The Hague. The location is optimally located on arterial roads and easily accessible, also by public transport.
Does your company prefer incompany training or does your organization have a need for tailor-made training? Hudson Cybertec is the right training partner for you. Contact us for the possibilities.
Advantages incompany training
Many companies find comfort in training multiple staff members at the same time. Doing so has clear advantages:
- The training will focus on company-specific situations and is therefore tailor-made
- High training efficiency by training multiple people at the same time
- Only own company staff is present, this allows to discuss sensitive information
- During the training business specific cyber security situations can be discussed
- You can take this training together with your customers or other relations. This will strengthen the bond with your relations