Institute Workshops to Focus on Cybersecurity of Building Control Systems

March 29, 2014 -- The nation’s buildings are increasingly relying on building control systems (otherwise known as operational technology) that are Internet-enabled. These systems provide critical services that allow a building to meet the functional and operational needs of building occupants, but they can also be easy targets for hackers and people with malicious intent. Attackers can exploit these systems to gain unauthorized access to facilities; cause physical destruction of building equipment; be used as an entry point to infect or sabotage traditional information technology (IT) systems and data; and expose an organization to significant financial obligations to contain and eradicate malware or recover from a cyber event.

Two new workshops sponsored by the National Institute of Building Sciences will help architects, engineers, contractors, owners, facility managers, maintenance engineers, physical security specialists, information assurance professionals and essentially anyone involved with implementing cybersecurity in the facility life cycle to learn best practice techniques to better protect their facilities.

The Introduction to Cybersecuring Building Control Systems Workshop and the Advanced Cybersecuring Building Control Systems Workshop are both built around Executive Order 13636—Improving Critical Infrastructure Cybersecurity, issued on February 19, 2013; the National Institute of Standards and Technology (NIST) Cybersecurity Risk Management Framework, issued on February 12, 2014; the draft NIST Special Publication (SP) 800-82 Rev. 2 Industrial Control Systems Security Guide, to be issued in April 2014; and the draft U.S. Department of Homeland Security (DHS) Interagency Security Committee “Securing Government Assets through Combined Traditional Security and Information Technology” White Paper, issued in November 2013. These new requirements will have a transformational impact on the traditional building design, construction, operation and protection of building control systems and will require facility and information assurance professionals to learn building control system cyber skills.

The Introduction to Cybersecuring Building Control Systems Workshop, to be held May 27, 2014, from 8:00 am to 5:00 pm EDT, is perfect for those professionals new to the world of building cybersecurity. This course will provide a combination of classroom learning modules to teach control system basics, protocols, how to use the information assurance risk management framework and hands-on laboratory exercises using tools and methods such as the DHS Cybersecurity Evaluation Tool (CSET) to inventory, diagram, identify, attack, defend, contain, eradicate and report a cyber event.

The Advanced Cybersecuring Building Control Systems Workshop, to be held May 28, 2014, from 8:00 am to 5:00 pm EDT, is geared towards building and information assurance professionals who have experience in IT or control systems cybersecurity but need to learn how to apply those skills to building control systems. This course will provide a more technical, in-depth training solution geared towards developing security professionals with the ability to approach security with an attacker mentality. This includes understanding and practicing techniques for footprinting, scanning and enumeration, exploitation, post exploitation, containment and eradication and reporting. Students will use Kali Linux and other exploit tools to gain entrance into the control system, pivot through the network, establish beacon command and control channels, modify logs to mask presence and exfiltrate data. Students will then contain and eradicate the exploit and prepare artifacts, event logs and develop an incident report.

Attendees of the Workshops will need a laptop with administrative privileges to load software. They will receive the course content, tools and lab exercises on a CD at the beginning of each Workshop.

The Workshops will be taught by Michael Chipley, The PMC Group LLC, and Michael Morris, root9b.

If well-received, the National Institute of Building Sciences expects to roll the Workshops out on a quarterly or even monthly basis, with a registration fee of $1,000 for the Introduction Workshop and $1,200 for the Advanced Workshop. Because The Institute is offering these Workshops for the first time, participants who attend the “trial run” of the Workshops will receive a discount of 50% off the full rate by using the code CYBER50. 

Each Workshop is limited to 20 students. Register now for the  Introductory Workshop and/or Advanced Workshop.

About the National Institute of Building Sciences

The National Institute of Building Sciences, authorized by public law 93-383 in 1974, is a nonprofit, nongovernmental organization that brings together representatives of government, the professions, industry, labor and consumer interests to identify and resolve building process and facility performance problems. The Institute serves as an authoritative source of advice for both the private and public sectors with respect to the use of building science and technology.




Review Article Be the first to review this article
SolidCAM: Program your CNCs directly inside your existing CAD system.


Featured Video
Editorial
Jeff RoweJeff's MCAD Blogging
by Jeff Rowe
Siemens Goes ECAD With Mentor Graphics Acquisition
Jobs
Mechanical Engineer for IDEX Corporation at West Jordan,, UT
Senior Structural Engineer for Design Everest at San Francisco, CA
Business Partner Manager for Cityworks - Azteca Systems, LLC at Sandy, UT
GIS Analyst II for Air Worldwide at Boston, MA
Upcoming Events
Design & Manufacturing, Feb 7 - 9, 2017 Anaheim Convention Center, Anaheim, CA at Anaheim Convention Center Anaheim CA - Feb 7 - 9, 2017
Innorobo 2017 at Docks de Paris Paris France - May 16 - 18, 2017
Display Week 2017 at Los Angeles Convention Center 1201 S Figueroa St Los Angeles CA - May 21 - 26, 2017



Internet Business Systems © 2016 Internet Business Systems, Inc.
595 Millich Dr., Suite 216, Campbell, CA 95008
+1 (408)-337-6870 — Contact Us, or visit our other sites:
AECCafe - Architectural Design and Engineering EDACafe - Electronic Design Automation GISCafe - Geographical Information Services TechJobsCafe - Technical Jobs and Resumes ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy Policy Advertise