In 2017 I worked at an electrical distribution company as a security guy and eventually got to focus on ICS again. During this time I was very fortunate to be working for the right people in the right company to take and get the SANS GISCP, GRID and GCIP courses and certifications. I was physically at the 2019 SANS ICS Summit in Florida to take the GCIP, where I got to meet more than a few ICS legends. Not just the ones teaching, but this applied to most of the students and alot of the Summit attendees I met.

I love taking remote classes; but nothing beats a live class. Traveling  post plague has lost a lot of the interest for me and I just do not enjoy it any more. I just renewed these ICS certifications earlier this year; thanks to SANS for making an updated copy available for a modest renewal fee.  Now I just wish we could buy the new ICS kit offered at the live courses, apparently supply chain problems are making that impossible for SANS. Some courses have been cancelled, due to lack of training kit. Ugh.

Alot of the ICS training material, like most things Cyber, comes from the USA. There are many excellent well known sources, with my person favorite being the ICS Security Cyber Training ran by the DHS. This is live training by invitation only and not to be confused with the online introductory materials which are useful, free and just a bit hard to find every time they re do their website.

We participated with a number of other companies from Denmark; spent a number of days reviewing some course material and at the end, we were split up in Red/Blue teams on an partially described production installation to attack and defend it. The last day was "lessons learned" from the handlers who monitored the proceedings.  DHS has provided this training for many years and generously allow others working in critical infrastructure from other countries to participate. Many thanks and much respect for this.

I could not help but wonder why this is not done here in Denmark, as we have the need, and all of the other necessary ingredients. The recently established EnergiCERT  https://energicert.dk/ offers a number of courses and a great training lab; I can only hope it eventually scales to something similar from the DHS. Ting tar tid; even with the vision!

Which is an excellent segue into the best European ICS Summit I have attended.... CS3STHLM  https://www.cs3sthlm.se/ in Stockholm Sweden. I have attended only two years but they were the best ran; most professional and fun events I have ever attended. Mostly due to the wonderful people who run the show and make up the steering committee. Oh, and the agenda, the site, the food and the speakers of course. And an ICS lab in the basement and a CTF. In 2019, the keynote speaker was Andy Greenberg; the audience got a free copy of his book "SANDWORM, Lessons From the Ukrainian Cyberwar and Beyond" and I was fortunate enough to get my copy signed. Whats not to like ?

Unfortunately, CS3STHLM was remote only in 2020; cancelled in 2021 and appears not to be happening for 2022; I can only hope that it returns again soon. You are missed.

During 2020, we were in deep lock down, so remote courses were the only options. 

During the spring I took the ISA/IEC 662443 CyberSecurity Fundamentals course; this was well done, I found it a bit dry. There are four courses to take, leading to the ISA/IEC 62443 Cybersecurity Expert designation. Reasonable priced; lots of detail on IEC 62443  https://www.isa.org/certification/certificate-programs/cybersecurity

In the fall, Black Hat Europe offered Justin Searle's (teacher of SANS ICS410 GISCP) Assessing and Exploiting Control Systems & IIoT class https://www.controlthings.io/training 

Highly recommended; took me out of my comfort zones and I learned a lot.

On my to do list is https://icscsi.org/training.html from Joel Langill (https://www.scadahacker.com/training.html)

SCADA / ICS blog of the month is from Sarah Fluchs, the CTO of admeritia in Germany; highly recommended: https://fluchsfriction.medium.com/automation-security-by-design-decisions-5619b97126c0


Comments

Post a Comment

Popular posts from this blog

Laid off and Looking for the next interesting job...

 After a short but interesting time at a consulting company, where I focused on IR and dabbled in OT IR, they ran into pipeline issues and I was sent home on "garden leave".  I will miss them, I had great colleagues who amazed and impressed me with their skills. I got to focus on IR and the implications for OT and enjoyed being able to concentrate; make internal presentations, external presentation as well. Then my body told me I was too old for IR and the middle of the night calls, so I asked if it was possible to be moved into detection, where I was supposed to help with that. Maybe see how we could log OT devices etc. This was approved and after a few weeks, I got the call. Something changed I guess.  The last time I was laid off was 1990, so last century. Damn. But math is king and as inexorable as gravity. Neither is personal, shift happens. I reminded the team about the Innuit cultures habit of leaving the old out on the iceflow for the bears ;) The first time it happen
Read more
 Update for 2022 Merry Christmas and a Happy New Year to everyone. Special shout out to those safeguarding civilization in all the many forms this takes. Being on call is not for everyone, is it ?  My last update was a while back and I am clearly overdue for an update we go into 2023. So lets cover some of my observations and personal highlights of 2022: The continued success and growth of EnergiCERT ( https://energicert.dk/ ) is certainly strengthening and benefiting the cyber security of  Danish critical infrastructure. Wonderful team of people, well managed and motivated. Yeah, I am biased ;) Engarde Security continues to grow and be noticed; now has expanded and with an ics range ( https://www.engardesecurity.com/icsrange )  Highly skilled people and the ics range is very well done. Enjoyed an excellent ICS Security conference in Copenhagen in November:  (https://insightevents.dk/isc-cph/ ) But I still miss CS3 (https://cs3sthlm.se/ ) for many non technical reasons. New Job - afte
Read more
Welcome to 2023 During 2022, I was fortunate enough to be able to take a lot of high quality training; some due to work; the rest was online remote training that anyone with a credit card could sign up for. As I like to (try and) keep up with (some) new topics and try to understand them, I signed up for a subscription to Packt Press.The Black Friday sale was irresistible and their library of books and videos is substantial. Another activity I like to do is solving technical challenges. I know there is lot of free events out there, but I am a fan of Blue Team Labs ( https://blueteamlabs.online/ ) as they offer a great set of "Active Investigations" that are DFIR related. Plus there was yet another irresistible offer on Black Friday that was a great price performance. And since we typically work in a Microsoft-concentric world, please do not forget all the resources there. I'm doing this one .. https://learn.microsoft.com/en-us/training/paths/beginner-python/  From  Kevin V
Read more