It’s a great time to be alive in cybersecurity. It seems we have accelerated to a pace nobody expected just a few years ago, and for good reasons. Cybersecurity is likely the most significant non-balance-sheet threat faced by the leadership in the C-Office, the Board of Directors, and the entire downstream supply chains we rely on. Cybersecurity is National Security, and the environment is changing quickly. As a result, supply Chain Risk Management (SCRM) is no longer an elective activity. We must manage our risk.
With the advent of the Internet of Things (IoT), IP enablement, smart technology on legacy infrastructure, and quickly accelerating hacker ingenuity, Operational Technology and Industrial Control Systems (OT/ICS) are high-value targets due to their systemic impact. The Cybersecurity & Infrastructure Security Agency (CISA) presents 16 critical infrastructure sectors, all OT/ICS heavy in use. With the right attack on our Communications, Dams, Defense, Emergency Services Sector, Energy, Financial, or other OT/ICS systems, the United States can be severely compromised. The National Institute for Standards and Technology (NIST) has focused on OT/ICS, as evidenced by their 800-82r3 publication.
We are thrilled to be launching OT/ICS Training with Siker in 2023, right at the forefront of the OT/ICS training demand. As more focus is aimed at the workforce, the programs are fully aligned to the National Initiative for Cyber Security Education (NICE) cybersecurity workforce competency framework. Not only will training educate, allow students to apply new skills in a CYBER RANGES enviroment, but we will also build competencies to impove our Natinoal Security through a competency based approach to achieving OT/ICS workforce compliance, as required in the National Defense Authoirzation Act (NDAA) of 2023 (see section 6736, Industrial controls systems cybersecurity training).– Brian D. McCarthy, 327 Solutions President
2023 National Defense Authorization Act
Guide to Operational Technology (OT) Security
Strengthening the Cyber Resilience of America’s Water Systems
National Cybersecurity Strategy (ONCD)
Together, 327 Solutions and Siker will deliver world-class OT/ICS training and APMG-Accredited Certification in OT/ICS/SCADA through our hybrid delivery model (attend physically in Stafford, VA, or virtually on Zoom globally). With training, testing, and coaching under one roof, every student will access the newly launched curriculum and certifications just as OT/ICS Training gets the attention is needs. In addition, our programs go far beyond just training, utilizing physical systems in class, and virtualized CYBER RANGES, ensuring the most efficacious outcomes to support Director requirements for learning strategy, delivery, and certification.
We want each student to read and understand new skills and apply those skills in a safe environment through a scenario and application-based activities. Training with immersive exercises solidifies new skills in real-life activities. This is where training really comes to life.– Brian D. McCarthy, 327 Solutions President
Siker Cyber courses delivered exclusively by 327 Solutions are Accredited or Approved by the National Cyber Security Centre, Chartered Institute of Information Security, Society of Petroleum Engineers, APMG-International, and more.
To learn more, please feel free to contact us below.
Footer Contact Form
#OperationalTechnology #IndustrialControlSystems #OT/ICS #OT #ICS #SD1580/82-2022-01 #RailwayCyber #CybersecurityCareers #cyberbytesfoundation #nist800181 #riskmanagement #InternationalSocietyofAutomation
NDAA EXCERPT FOR OT/ICS:
SEC. 6736. INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY TRAINING.
(a) IN GENERAL.—Subtitle A of title XXII of the Homeland Security Act of 2002 (6 U.S.C. 651 et seq.) is amended by adding at the end the following new section:
‘‘SEC. 2220E. INDUSTRIAL CONTROL SYSTEMS CYBERSECURITY TRAINING INITIATIVE.
‘‘(1) IN GENERAL.—The Industrial Control Systems Cybersecurity Training Initiative (in this section referred to as the ‘Initiative’) is established within the Agency.
‘‘(2) PURPOSE.—The purpose of the Initiative is to develop and strengthen the skills of the cyber10 security workforce related to securing industrial control systems.
‘‘(b) REQUIREMENTS.—In carrying out the Initiative, the Director shall—
‘‘(1) ensure the Initiative includes—
‘‘(A) virtual and in-person trainings and courses provided at no cost to participants;
‘‘(B) trainings and courses available at different skill levels, including introductory level
‘‘(C) trainings and courses that cover cyber defense strategies for industrial control systems, including an understanding of the unique cyber threats facing industrial control systems and the mitigation of security vulnerabilities in industrial control systems technology; and
‘‘(D) appropriate consideration regarding
the availability of trainings and courses in different regions of the United States; and
‘‘(2) engage in—
‘‘(A) collaboration with the National Laboratories of the Department of Energy in accordance with section 309;
‘‘(B) consultation with Sector Risk Management Agencies; and
‘‘(C) as appropriate, consultation with private sector entities with relevant expertise, such
as vendors of industrial control systems technologies.
‘‘(1) IN GENERAL.—Not later than one year after the date of the enactment of this section and annually thereafter, the Director shall submit to the Committee on Homeland Security of the House of
Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a
report on the Initiative.
‘‘(2) CONTENTS.—Each report under para23 graph (1) shall include the following:
‘‘(A) A description of the courses provided under the Initiative.
‘‘(B) A description of outreach efforts to raise awareness of the availability of such
‘‘(C) Information on the number and demographics of participants in such courses, including by gender, race, and place of residence.
‘‘(D) Information on the participation in
such courses of workers from each critical infrastructure sector.
‘‘(E) Plans for expanding access to indus11 trial control systems education and training, including expanding access to women and under13 represented populations and expanding access
to different regions of the United States.
‘‘(F) Recommendations on how to
strengthen the state of industrial control systems cybersecurity education and training.’’.
(b) CLERICAL AMENDMENT.—The table of contents in section 1(b) of the Homeland Security Act of 2002 is amended by inserting after the item relating to section 2220D the following new item:
‘‘Sec. 2220E. Industrial Control Systems Cybersecurity Training Initiative.’’.