The Introduction to Cybersecuring Building Control Systems Workshop is geared to those professionals new to the world of building cybersecurity. This course provides a combination of classroom learning modules to teach control system basics, protocols, how to use the information assurance risk management framework and hands-on laboratory exercises using tools and methods such as the DHS Cybersecurity Evaluation Tool (CSET) to inventory, diagram, identify, attack, defend, contain, eradicate and report a cyber event.
The Introduction to Cybersecuring Building Control Systems Workshop is geared to those professionals new to the world of building cybersecurity. This course provides a combination of classroom learning modules to teach control system basics, protocols, how to use the information assurance risk management framework and hands-on laboratory exercises using tools and methods such as the DHS Cybersecurity Evaluation Tool (CSET) to inventory, diagram, identify, attack, defend, contain, eradicate and report a cyber event.
The nation's buildings are increasingly relying on building control systems with embedded communications technology and many enabled via the Internet. These systems provide critical services that allow a building to meet the functional and operational needs of building occupants, but they can also be easy targets for hackers and people with malicious intent. Attackers can exploit these systems to gain unauthorized access to facilities; be used as an entry point to the traditional informational technology (IT) systems and data; cause physical destruction of building equipment; and expose an organization to significant financial obligations to contain and eradicate malware or recover from a cyber-event.
As Federal facilities include thousands of office buildings, laboratories, and warehouses, many are part of the nation's critical infrastructure. These facilities contain building and access control systems such as heating, ventilation, and air conditioning; electronic card readers; and closed-circuit camera systems that are increasingly being automated and connected to other information systems or networks and the Internet. As these systems are becoming more connected, so is their vulnerability to potential cyber-attacks.
Learning Objectives
- Learn basic Building Control System (BCS) Design;
- Learn BCS communication protocols;
- Understand how to attack and exploit BCS;
- Complete the 6 steps of the Risk Management Framework;
- Use the DHS ICS-CERT CSET tool to create BCS network architecture diagrams and System Security Plan;
- Create Plan Of Action & Milestones, Event/Incident Response Plans, Security Audit Plan.