Attacks against industrial control systems (ICS) are on the rise. In its 2020 X-Force Threat Intelligence Report, for instance, IBM found that digital attacks targeting organizations’ ICS had increased by more than 2,000% between 2019 and 2018. Most of those attacks involved the exploitation of vulnerabilities affecting supervisory control and data acquisition (SCADA) and other ICS hardware components as well as brute-force login attacks. IBM X-Force also documented the release of 200 ICS-related vulnerabilities in 2019, leading the research team to forecast that digital threats confronting organizations’ ICS would continue to increase in 2020.

Acknowledging these threats, organizations are looking to protect their ICS using a nuanced approach. Many are specifically encouraging their ICS security professionals to hone their skills and training using respected technical resource providers in the field. These providers can also help IT cybersecurity personnel learn about industrial environments and how best to implement cyber controls relative to uptime and safety of their organizations’ industrial process.

FinConDX 2021

Towards that end, here are eight providers that ICS professionals can use to train and continuously educate their teams to defend their organizations’ ICS.

1. Global Information Assurance Certification (GIAC)

Founded: 1999

Website: https://www.giac.org/

Global Information Assurance Certification (GIAC)

Among the State of Security’s 11 respected providers of IT security training, the Global Information Assurance Certification (GIAC) offers more than 30 certifications to aspiring security professionals. Personnel working in industrial security should consider achieving three certifications in particular. The first certification, Global Industrial Cyber Security Professional (GICSP), is a vendor-neutral program that teaches enrollees how to balance IT, engineering and digital security to protect industrial control systems. The second accreditation, Response and Industrial Defense (GRID), teaches participants how to take an Active Defense approach towards securing an ICS network. Finally, ICS professionals can aspire to achieve Critical Infrastructure Protection certification to bolster (Read more...)