A 1-day Live Online Introduction to Cyber Security Management Systems and HSE OG86 training course for those responsible for the security of industrial automation, control and safety systems – known as “operational technology” (OT) to differentiate it from “information technology” (IT).
The course recognises that the optimum approach to Cyber Security in OT may be quite different to what might be considered good practice in an IT environment and would encourage both IT and OT Cyber Security professionals to attend.
The presentation material will describe the constituent parts of the CSMS, how they are assembled and finish with important external interfaces:
- The origins of HSE guidance to inspectors for cyber security, OG86 Edition 2, and the direction of travel of HSE thinking – OG86 Edition 3 is anticipated
- OG86 quotes the UK NCSC’s CAF, US NIST Framework, international IEC-62443
- Why vendors generally talk about IEC-62443 but regulators speak a different language
- Threats, vulnerabilities and risk, including whether to consider likelihood
- Assembling the parts, establishing and operating the cyber security management system
- Important relationships including with IT, with safety, personnel and physical security.
- Addressing the challenges of supply chain security.
There will also be an opportunity for discussion with participants about the key artefacts that an HSE inspector will want to see for OT cyber security, including exploring the following using a simplified case study:
Simple Network Diagram for OT, preferably using the Purdue / ISA-95 architecture model
- Assessment of criticality functions and adverse outcomes (including safety top events)
- CMDB / asset register for OT systems including specific fields about software configuration
- Policy document setting out governance, OT risk ownership
- Evidence of threat and vulnerability management for OT
- Evidence of activities to deliver staff awareness, skills, competencies
- Evidence of a gap analysis against the NCSC’s CAF and a resourced mitigation plan.
Who should attend
Engineers and professionals who are responsible for the management of OT cyber security within their workplace and those who are in a supporting role, including consultants and contractors.
We would also encourage company OT and IT delegates to attend this course together.
Although not essential we would recommend that you obtain a copy of OG86 - Cyber Security for Industrial Automation and Control Systems (IACS) (PDF) that can be downloaded from the HSE website here https://www.hse.gov.uk/eci/cyber-security.htm
After this training course you will be able to
To describe in practical terms the activities, artefacts and relationships that make a cyber security management system, as expected by HSE according to its OG86 guidance and as described in the leading international standards.
What you will get
All delegates receive:
- The course material in printed or electronic format.
- A Certificate of Attendance for each delegate that attends the full course.
- The course can be delivered on-line or at a venue across the UK, according to the balance of demand.
- The course is also available to be delivered at a client's premises in a closed session in which part 2 can explore specific circumstances of that client.
- For those wanting more detail than is offered on the one-day course, there is a 2-day cyber course here.
If you have any further questions, please contact us and if you wish to proceed, check your diary and reserve a place.