EIOC Control Systems Training
Training Essential for Protecting the Nation's Critical Infrastructure
The control system environment has unique challenges to applying traditional cyber security protection methods to its systems and networks. At the same time, control systems are at the heart of our critical infrastructures, which must be rigorously protected. The Pacific Northwest National Laboratory has developed two novel and engaging web-based e-Learning applications to help control system employees address the security challenges they face and to help raise employee awareness.
Both courses are accessed by hundreds of people around the globe each month, including people from the United Kingdom, France, and Germany, from numerous companies, including Areva, British Energy, Dairyland Power, and Exxon, to name a few. Government (including nuclear, homeland security, and military), water treatment, transportation, public health, and agriculture are just a few of the industries represented by people who have taken the training.
Both courses were developed using PNNL's Pachelbel© training technology for the Control Systems Security Program established by the U.S. Department of Homeland Security National Cyber Security Division.
Cyber Security for Control Systems Operators & Engineers
Debuted at SANS SCADA Security Summit, Las Vegas, Nevada, September 2006.
This innovative, self-paced course enables control systems employees to immediately reduce the risk of cyber attacks against systems. It recognizes the control system environment's challenges in applying traditional cyber security techniques and provides realistic solutions and suggestions. Course lessons include Threats & Risks to Control Systems, The Cyber Attack Process, and Risk Mitigation. Knowledge gained is reinforced through interactive exercises, real-life examples, and lesson summaries.
The course takes 45-60 minutes for students to complete. It can be customized to meet individual organizations' particular needs and can provide unique, secure access and tracking of an organization's staff members. We are currently creating a customized course for a large global private company.
This course has been approved for North American Electric Reliabilty Corporation (NERC) continuing education credits.
OPSEC for Control Systems
Debuted at the SANS SCADA Security Summit, New Orleans, LA, January 2008.
The most important component of operations security is people. Up-to-date virus definitions and state-of-the-art firewalls are virtually worthless if employees are providing information they shouldn't to those without a need to know or are not using due diligence in protecting assets. This course introduces control systems employees to the basic concepts of operations security (OPSEC) and applies these concepts to the control system environment.
Course lessons let learners check (and deepen) their understanding of the concepts with interactive exercises in which they explore different environments to discover problems. They even have the opportunity to play the “bad guy” and try to disrupt a competitor’s manufacturing process. Lessons are also reinforced with animations that illustrate key concepts and lesson summaries to refresh learners' memory.
The course takes 45-60 minutes for students to complete. Like the Cyber Security course, OPSEC for Control Systems can be customized to meet individual organizations' particular needs and can provide unique, secure access and tracking of staff memebers. It has been approved for NERC continuing education credits.
OPSEC for Control Systems won the 2007 Interagency OPSEC Support Staff (IOSS) National Award for Multimedia Achievement.
Publications
Morgan MP and LR O'Neil. 2007. Presentation to the Control Systems Security Outreach Coordination Meeting, Arlington, VA, July 24, 2007. PNNL-SA-56299.
Greitzer, F.L. 2005. "Ingredients of effective and engaging online learning (or, Musings of a cognitive/e-Learning evangelist)." (pdf) Keynote address, InterLab 2005. Richland, WA. December 13-16, 2005.
More Information
CSSP Training - Provides links to both courses. You will need to create an account.
OPSEC Security Interactive Exercise
Cyber Security for Control Systems Movie
Instructor-led training developed by PNNL and INL
Cognitive Informatics - PNNL's Cognitive Informatics Thrust Area includes two broad areas of research and development: Human-System Integration and Human Learning and Skill Development.
