Critical Infrastructure Cyber Security (SCADA)

Personalise
UNSW graphic yellow

Enrol

Duration

4 1/2 days

Delivery mode

Face-to-face

Location

Canberra

Standard price

$4,750.00

Defence price

$4,750.00

Accelerate your career, learn new skills, and expand your knowledge.

First in Australia for research excellence and impact.

Top 50 in the world. 2020 QS World University Rankings.

Overview

Australia’s Critical Infrastructure (CI) is diverse, complex and inter-dependant, and relies on distributed networks that run everything from electricity power plants to gas pipelines and hospitals to highways. Nowadays our infrastructure is more physically and digitally interconnected than ever before and thus faces a variety of risks to its security and ability to function. As these risks include manmade acts of terror and cyber-attacks, Critical Infrastructure security is the backbone of our national security and economic prosperity.

Infrastructure operations are increasingly reliant on automated Industrial Control Systems (ICS) which incorporate such devices as supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLC’s), human machine interfaces (HMI’s), remote telemetry units (RTU’s) and distributed control systems (DCS’s). While these systems had their beginnings without the benefits of open connectivity to other systems, the incorporation and benefits of such connectivity is increasingly utilised. With this though, comes the increased possibility of the unauthorised or unintended use or damage to the very systems we depend upon in our everyday lives.

This course covers and provides practical experience with the complexity of modern information technology equipment and the components in control systems and legacy systems, the threat environment, and attackers’ capabilities as well as techniques for securing these systems.

 

Course Details

This onsite professional development course offers technical, architectural, and managerial solutions to the problem of protecting industrial infrastructure. It is designed to accommodate the broad spectrum of backgrounds and potential abilities for a Company's Engineering, IT and Technical Management team members. To do this we will be running concurrent streams where you will be able to select between hands on labs that are either centred around the control system or IT hardware and software.

This course combines presentations, group discussions and a high proportion of guided hands-on labs. These labs will enable you to gain hands on experience through with a series of VM-based machines using both real hardware and digital twin technologies. Towards the end there will be a Red\Blue exercise using real hardware and software controlling the infrastructure on our training table. The final half day is the chance to take the gained knowledge and implement it in protecting this training table infrastructure. We will all finally test the effectiveness by the final Red Insider exercise where everyone tries to become the disgruntled employee wanting to take down the infrastructure.

If you had not had direct experience with the hardware and software of an industrial plant it is advised that you select labs designed to provide an understanding of these system. The alternative steam is intended to provide those that do not typically get involved with IT systems the opportunity to learn more about configuring them. If you typically do not get involved with either of these, we would generally advise you to select the industrial plant stream given that is the primary focus of this course.

There are many combined sections of the course in which we will be working together on the same exercise.

It is noted that the maximum number of attendees to this course is restricted by hardware and licensing constraints. Although you can select the labs that are of interest to you, numbers are limited depending on the practical and your selections will be allocated on a first in approach.

Course content

Day\Time*
Stream 1
Stream 2
(Typically IT)

(Typically Engineering)

Day 1 - Morning Session
Combined Talks & Group Discussion: Combined Talks & Group Discussion:
Introduction to Industrial Control Systems (ICS) Introduction to Industrial Control Systems (ICS)
CIA Triad and its Implications CIA Triad and its Implications
ICS Penetration Testing and Implications ICS Penetration Testing and Implications
ICS Hardware ICS Hardware
Refreshed of Numbering Systems Refreshed of Numbering Systems
Refreshed of IP Addressing, Subnets and Routing Refreshed of IP Addressing, Subnets and Routing
Day 1 - Afternoon Session
Combined Practical Workshop Session: Combined Practical Workshop Session:
Kali Linux Kali Linux
What is Kali Linux and what can it be used for. Take a guided tour of the tools within demonstrating the possibilities of this package to gain privilege to several Windows operating systems, some via pivoting between networks. What is Kali Linux and what can it be used for. Take a guided tour of the tools within demonstrating the possibilities of this package to gain privilege to several Windows operating systems, some via pivoting between networks.
Day 2 - Morning Session
Practical Workshop Session: Practical Workshop Session:
Intro into PLC systems and programming (Rockwell) Wireless and Mobile Security
Play with a real Allen Bradley PLC to get an understanding of how it operates. Look at the programming and make changes on the run. Take the challenge to take out the PLC operation or try to recover if you did not cause it.  Wireless LANs - risks and vulnerabilities. Testing wireless infrastructure using Kali tools. Demonstration of wireless vulnerabilities using a Pwnagotchi-Raspberry Pi.
Day 2 - Afternoon Session
Practical Workshop Session: Practical Workshop Session:
A further look into PLC systems and programming (Siemens) Wireless Special Interest
This time we expand our knowledge by looking at a digital twin of a high-end Siemens PLC. Take an additional look at the other standardised PLC languages in the IEC61131-3 standard. Setting up a secure Wireless Enterprise Industrial infrastructure. Demonstration of some common wireless attacks: Mousejack attacks, USB-A/USB-C cable attacks, reverse shell attacks.
Day 3 - Morning Session
Practical Workshop Session: Practical Workshop Session:
Intro into HMI systems and their programming Firewalls
Connect the HMI to the PLC we have been programming. Interact with the HMI to get an understanding on what it does. Make some changes to the programming and test the results. Configuration of an industrial security policy onto a firewall including the mapping of IP subnets across different areas of trust. 
Intro into SCADA systems and programming Virtual Private Networks
Connect SCADA to the PLC we have been programming. Interact with the SCADA system to get an understanding on what it does. Make changes to the programming and test the results. Design and setting up of VPN tunnels using either Kali’s WireGuard open-source engine or the industrial IKEv2 VPN using hardware crypto processors. This will involve VPN architecture which crosses different domains of trust in both wired and wires networks.
Day 3 - Afternoon Session
Practical Workshop Session: Practical Workshop Session:
A further look into SCADA including historian and SQL systems and programming Multi Factor Authentication
We look further into SCADA and some of the systems that can sit behind it. Form up some queries and modify some data going to a database. This workshop demonstrates the setup and configuration of multifactor authentication using both hardware and software tokens, biometric cameras, and mobile phone devices. This practical exercise will involve the use of a commercial industrial MFA platform from RSA and demonstrate how to setup MFA on a Windows device for use with hardware and mobile phone tokens. It will further involve the setting up of a biometric facial recognition MFA system which can be used separately or in conjunction with other authentication systems.
Day 4 - Morning Session
Practical Workshop Session: Practical Workshop Session:
Intro into Modbus Penetration Testing
Have a byte-by-byte investigation into the Modbus RTU and Modbus TCP protocols. Manipulator in the Middle Modbus attacks Testing an industrial implementation for security misconfigurations and vulnerabilities. Data leakage and interception. Man-In-The-Middle vulnerabilities, Penetration Testing using Zenmap and OpenVAS.
Modify what the operators of the plant see by intercepting and modifying the data. Intrusion Detection
  Introduction to SNORT and a Graphical User Interface Intrusion Detection system.
Day 4 - Afternoon Session
Combined Practical Workshop Session: Combined Practical Workshop Session:
Red\Blue Exercise Red\Blue Exercise
Split into two groups. Split into two groups.
The Red team are attacking to bring down the essential services and make life as unhappy as they can. The Red team are attacking to bring down the essential services and make life as unhappy as they can.
The Blue team has been brought in to save the day. They are to prevent the Red team from affecting the services, propose how it can be made more secure and start implementing solutions. The Blue team has been brought in to save the day. They are to prevent the Red team from affecting the services, propose how it can be made more secure and start implementing solutions.
Day 5 - Morning Session
Combined Talks & Group Discussion: Combined Talks & Group Discussion:
Sharing of results of the Red\Blue Exercise Sharing of results of the Red\Blue Exercise
Industrial Control System Vulnerabilities and Defence strategies including protection of the table Industrial Control System Vulnerabilities and Defence strategies including protection of the table
Combined Practical Workshop Session: Combined Practical Workshop Session:
Reconfiguration of the Red\Bue Exercise Reconfiguration of the Red\Bue Exercise
Red Exercise Red Exercise
* Session times:
Day 1 to 3 - Morning Session 9am-12noon & Afternoon Session: 1pm to 5pm
Day 4 - Morning Session 9am-11am & Afternoon Session: 12noon to 5pm
Day 5 - Only Morning Session 9am-1pm

Learning outcomes

At the successful conclusion of this course, attendees will, at minimum, be able to:

CLO 1.  Investigate and evaluate the vulnerabilities of Industrial Control Systems and Critical Infrastructure.

CLO 2.  Link the principles behind the industrial hardware and software of control systems that are used in the operation of Industrial Control Systems and Critical Infrastructure.

CLO 3.  Examine technical specifics about the vulnerabilities of Industrial Control Systems and Critical Infrastructure service delivery with an emphasis of those services’ dependant on control systems reliability and recoverability.

CLO 4.  Develop and implement mitigation strategies as well as administrative and technical risk management plans to protect and secure process control systems.

 

Resources for Attendees

There is no textbook that attendees need to obtain. A variety of resource material will be made available to the attendees as needed throughout the course.

Who should attend

The course is to be tailored to both IT and engineering professions with varying degrees of background knowledge. 

 

Facilitators

CAMERON SANDS is a career automation professional who has worked in industrial and commercial automation roles for more than 30 years. His extensive experience includes work in the traditional critical infrastructure of electrical generation and distribution, sewage and potable water treatment and distribution, oil and gas, banks, communications and datacentres, transportation systems, food manufacturing, hospitals, and defence. His specialist expertise includes programming industrialised systems such as programmable logic controllers (PLC’s), supervisory control and data acquisition (SCADA), human machine interfaces (HMI’s), servo drives, industrial vision systems, automated/laser guided vehicles (AGV’s/LGV’s), industrial robotics as well as transfer systems for data to, around and from the plant. He also has experience in the typically non-industrial areas of building management systems (BMS’s), security, access control and CCTV systems. A major part of his time is spent on site commissioning his projects.  He is a certified professional electrical engineer and has completed post graduate studies in cyber security and computer forensics as well as having trade qualifications in electrical, data, solar and security. He is a member of the Australian Standards Committee for Australia’s primary electrical standards and has been teaching at several universities since 2012.

RAY HUNT did a Masters degree in Electrical Engineering (Christchurch) and PhD (Adelaide) and has worked in the airline industry designing international networks. He has also taught in a variety of Universities in Australia, New Zealand, Asia, Vancouver and London. Over the last 20 years he has provided numerous training courses and consultation for industry and Governments including Defence, NZ and Police (NSW) in the areas of networks and cybersecurity. He has visited Asia over 70 times in the last 25 years. Specifically, these have included numerous workshops for British Aerospace (Australia), Reuters and AT&T (Hong Kong), Ministry of Defence and Fujitsu (Singapore), Royal Holloway College, London and Vodafone (New Zealand) as well as a variety of related workshops in Bangkok, Taiwan and Kuala Lumpur.

Current Positions:

  • Visiting Associate Professor, Royal Holloway College, University of London
  • Adjunct Associate Professor, Flinders, Adelaide, Australia
  • Adjunct Associate Professor, University of Canterbury, New Zealand

Cancellation policy

Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.