This training course covers the fundamentals of cybersecurity applied to power utilities. The cyberspace and all it entail including the Energy Sector is no longer the same due to the threats of cybersecurity breaches. These cybersecurity violations have demonstrated that no system, no matter how carefully designed, is secure. The scale, significance, and damage of such incident are vast.
By attending this training course, you will get a deep understanding of the threats and vulnerabilities that exist in the power utilities and analyze the role of cybersecurity frameworks to build a strong protection and defense system. The major cybersecurity incidents and breaches clearly indicate that the security of critical infrastructures in the power utility sector are more vulnerable than ever. Protecting Cyber-physical systems in the Power Sector requires proper cybersecurity governance and management best practices.
By the end of this training course, the participants will be able to:
- Understand the Utility Sector environment and explain its architecture
- List and explain how cybersecurity is applied to utilities
- List and describe the various cybersecurity management frameworks
- Apply NERC CIP to your organization
- Implement cybersecurity at your organization
Participants to this course will receive a thorough training using several techniques that include coverage of material, discussions, breakout exercises, videos, and tests. The hands-on breakout exercises will be performed in groups and will enable participant to apply the material to real world scenarios with active discussions with other members of the group.
The organization will benefit from understanding the principles of cybersecurity of the Energy Sector with emphasis on the governance and management aspects and how these can be applied. The organization will benefit from this training course through:
- Enhancing analytical and problem-solving skills
- Understanding current cybersecurity threats facing electric utilities
- Learning how to analyze the cybersecurity of Power Utilities infrastructures
- Being able to apply the NERC CIP and NIST cybersecurity frameworks
- Developing cybersecurity plans including those for monitoring, event management, and incident response
- Becoming adaptive and improve their cybersecurity while at the same time serve stakeholders and the public at the highest level
The participants will gain or enhance their understanding and application of cybersecurity governance and management.
The training course will be of personal benefit to delegates by enabling them to:
- Understand how attacks happen in the Utility Sector environment
- Understand cybersecurity management frameworks and designing cybersecurity countermeasures
- Understand and apply the NERC CIP and NIST frameworks
- Develop various cybersecurity plans including information monitoring and incident response
- Apply best practices of cybersecurity Incident Reporting and Response Planning
- Apply methods to implement cybersecurity management controls
- Recognize the need and benefits of cybersecurity management frameworks
- Understand and apply the NER CIP standards
This training course is intended for people involved in operations, software, services, Energy and Power infrastructure, IT experts, as well as researchers and consultants involved in cybersecurity, management, big data, communications, project management and energy and power plants.
This training course is suitable for a wide range of professionals but will greatly benefit:
- IT, OT, and Cybersecurity Professionals
- Operators and Professionals in the Utility Sector
- Process control facilities
- Enterprises involved in the design of Power plants
- Project Managers
- Technology Engineers, Chief Technology Officers (CTOs) and Chief Information Officers (CIOs)
- Strategic Development Personnel
- Operators, Engineers, Managers, and Researchers
- Energy, Power, and Cybersecurity Industry Consultants
DAY ONE: CYBERSECURITY AND THE POWER UTILITY SECTOR
- Power generation, transmission, and distribution
- The Smart Grid infrastructure
- Industrial Cybersecurity vs IT Cybersecurity
- Cyber-physical systems and OT cybersecurity
- Safety critical and Security critical infrastructures
- Cybersecurity risk assessment and countermeasures
- Cybersecurity threat impacts to control systems
- Current and future cybersecurity challenges for utilities
DAY TWO: THREATS IN UTILITIES, CYBERSECURITY MANAGEMENT SYSTEMS, AND FRAMEWORKS
- Introduction to cybersecurity attacks and defenses
- Current cyber security threats facing electric utilities
- Common vulnerabilities and consequences
- Cybersecurity management systems (CSMS)
- Industry cybersecurity frameworks
- The NERC CIP framework
- The NIST Cybersecurity framework
DAY THREE: THREATS AND VULNERABILITIES TO COMMUNICATION NETWORKS AND NIST STANDARDS
- Defining, assessing, and managing security risks affecting smart grid
- Compliance and distribution systems
- Cybersecurity threats and vulnerabilities to communication networks
- Field maintenance and test equipment
- Wide Area Network communications
- Field communication with Internal IT assets
- NIST standards
- Existing standards and those in development
- Practical impacts to utility cyber security practices
DAY FOUR: THE NERC CRITICAL INFRASTRUCTURE PROTECTION (CIP) STANDARDS FOR UTILITIES
- Overview of the current version of NERC CIP
- Introduction and description of major NERC CIP standards
- Cybersecurity BES Cyber System Categorization
- Cybersecurity Management Controls
- Cybersecurity Incident Reporting and Response Planning
- Cybersecurity Configuration Change Management and Vulnerability Assessments
DAY FIVE: IMPLEMENTING CYBERSECURITY IN UTILITIES
- Internal cyber security strategy
- Steps to improve the cybersecurity of utilities
- Cyber Security integration across the utility
- Cross-functional teams
- Roles and responsibilities
- End-to-end cyber security from back office to core business