Organizations are increasingly preoccupied with strengthening the digital security of their industrial control systems (ICS). They no doubt heard FireEye reveal that it had detected a second intrusion by the same actor behind Triton malware at a second critical infrastructure organization. More recently, they likely heard confirmation of a digital attack that struck the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, India back in September.

In response to these as well as many other cyber incidents, organizations are looking to protect their operational technology (OT) environments using a nuanced approach. Doing nothing is no longer an option.  One way that organizations can better protect their ICS is by encouraging their industrial cybersecurity professionals to hone their skills and training using respected technical resource providers in the field.  These providers can also help IT cybersecurity personnel learn about industrial environments and how best to implement cyber controls relative to uptime and safety of the industrial process.

Towards that end, here are eight providers that ICS professionals should use to train and continuously educate their teams to defend their organizations’ ICS.

1. Global Information Assurance Certification (GIAC)

Founded: 1999

Website: https://www.giac.org/

Among the State of Security’s 11 respected providers of IT security training, the Global Information Assurance Certification (GIAC) offers more than 30 certifications to aspiring security professionals. Personnel working in industrial security should consider achieving three certifications in particular. The first certification, Global Industrial Cyber Security Professional (GICSP), is a vendor-neutral program that teaches enrollees how to balance IT, engineering and digital security to protect industrial control systems. The second accreditation, Response and Industrial Defense (GRID), teaches participants how to take an Active Defense approach towards securing an ICS network. Finally, ICS professionals can aspire to achieve Critical Infrastructure Protection certification to bolster their understanding (Read more...)