Owner of the document requires that the content be not remodified or redistributed.
Share |



Advanced SCADA Security Red/Blue Team (5 days) - National SCADA Test Bed Program
Author:
Idaho National Laboratory NSTB program
Year:
2009
Abstract:

This is one of the three SCADA Security courses available through Idaho National Laboratory NSTB program. All the courses are designed to increase Cyber Security Awareness and Defensive Capabilities for IT/Control System managers, IT/Control System security personnel, network and control system support engineers, and control system designers and developers who are involved in or responsible for control system cyber security. The courses are geared toward systems in the energy sector, but are relevant to most control system environments. The 4 and 8 hour courses are certified for NERC continuing education credits.

Date: TBD - See Contact below.
Location: Control Systems Analysis Center, 765 Lindsay Boulevard, Idaho Falls, Idaho

The United States Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) is pleased to announce a National SCADA Test Bed (NSTB) Advanced Training. This event will be held at the Control Systems Analysis Center located near the Idaho National Laboratory in Idaho Falls, Idaho.

Background
The Control Systems Analysis Center was established and equipped by the Department of Homeland Security Control System Security Program (CSSP) in 2008. CSSP developed and presented the first Advanced Control Systems Cyber Security Training in May 2007 and has regularly funded this training since. DOE-OE helped support this activity and is able to utilize the Control Systems Analysis Center and fund training for Energy Sector personnel. This is an excellent example of inter-agency collaboration in support of the Cyber Security challenges that face our nation.

Overview
This event will provide intensive hands-on training for the protection and securing of control systems from cyber attacks including an opportunity to share information and collaborate with others who are involved in control system security. Participants will be able to practice their skills and put their knowledge to the test through a Red Team / Blue Team exercise conducted within an actual control systems environment. In addition to the Red/Blue teams, there is an opportunity for managers to participate on the corporate team. Members of this small (4-5) team will perform the functions of management personnel responsible for approving change control requests. Attendees can request to be part of this team, to gain an overall perspective of the simplicities and complexities of the exercise, along with the struggles of the defenders to detect, isolate and repel the aggressors while maintaining critical operations.

Who Should Attend
Cyber security developers, IT/Control System cyber security personnel, network /control system engineers and analysts and managers who operate or are responsible for critical infrastructure.

Registration Information
Registration is on a first come basis, with a maximum of 2–3 individuals per company. Priority will be given to Energy Sector Asset Owner Personnel. The event is limited to approximately 35 people.

Structure and Agenda
This event includes 5 days of intensive control systems security training, presentations and exercises.

Day 1 — Welcome and hands-on classroom training on current cyber security techniques and practices
Day 2 — Continue hands-on classroom training on current cyber security techniques and practices. Red team / Blue team overview and assignments. First breakout sessions (cyber tool exercises) begin
Day 3 — Continue breakout sessions (cyber tool exercises) and separate Red / Blue team strategy session
Day 4 — Red Team / Blue Team exercise (12 hour exercise) where participants will be tasked with either attacking (Red Team) or defending (Blue Team) a small control system environment
Day 5 — Red / Blue Team exercise debrief, roundtable discussion, and special topic presentation
Note: There will be a daily Special Topics lunch presentation

About the Hands-on Training:
This hands-on course is structured to help students understand how attacks against control systems could be launched, why they work and to provide mitigation strategies to increase the cyber security posture of their control system networks.

This training is packed with information such as:

General Security Observations and Pitfalls
Control System Network Communications Overview
Potential Control System Network Entry Points AND Defenses
Control System Network Scanning and Vulnerability Identification
Network Monitoring and Simple Intrusion Detection
Dissecting Control System Protocols
Common Programming Pitfalls
Modern Hardware and OS Mitigation Strategies
Incident Response Essentials for the Control System Community
The course uses a small scale Industrial Control System Network to demonstrate several exploits used to obtain unauthorized control of the system. This network will be used during the class for the many hands-on exercises that will help the attendee develop skills that can be applied immediately.

This is an advanced course and is targeted towards developers, IT/Control System security personnel, and network engineers. It will be assumed that each attendee has some practical knowledge with respect to networks, software, and control system components. All students in the class should have basic coding skills and a fairly deep understanding of network details, from UDP to TCP, and from MAC to IP.

Equipment Required per Student
Every student attending this course MUST bring a laptop computer (with a CD or DVD drive), which they have root or administrator privileges, to the class. All students will be given a bootable BackTrack DVD with cyber tools to use during the workshop.

About the Red Team / Blue Team Exercise
This portion of the workshop, developed as an ‘attacker – defender’ scenario, provides players the venue to practice their technical capabilities and compete in a forum that will allow for their talents to be showcased in a real operational environment. Attendees are assigned to either the red team or the blue team. This exercise provides friendly competition as the red team tries to attack the control system and the blue team works to defend against the cyber attacks.

The activities of the red and blue teams are monitored and their activities scored by a group of cyber security experts in a “white’ cell. A debriefing will follow where lessons learned will be highlighted from the red team, the blue team, and an overall perspective will be provided by the white cell.

Special Topics
Each day, there will be working lunch presentations on special topics (threat awareness, forensics, common vulnerabilities and wireless security) that previous participants have identified as most relevant to them in the area of control systems security.

Handicap Access
This training will require attendees to climb a flight of stairs to reach the second floor of the Control Systems Analysis Center where the classroom training and portions of the Red Team / Blue Team exercise are provided. The facility does not have an elevator or escalator.

Tuition, Transportation and Accommodations
This event will be funded by the DOE-OE NSTB program. This will cover training, materials, documentation, working lunches and refreshments. Transportation and accommodations are the responsibility of each participant.

Document Type:
Short course
Source:
DOE - INL