Equipping Students and Educators with Industrial Cybersecurity Knowledge

Cybersecurity events such as Volt Typhoon and a wave of ransomware attacks have drawn unprecedented attention to the need for cybersecurity in industrial control system environments. At a fundamental level, the solution depends on developing qualified and prepared professionals capable of operating seamlessly in cybersecurity and engineering, IT and OT.

To establish a foundation for meeting this need, the ISA Global Cybersecurity Alliance (ISAGCA), together with Idaho State University, the Idaho National Laboratory and the U.S. Department of Energy Office of Cybersecurity, Energy Security and Emergency Response, has released the Curricular Guidance: Industrial Cybersecurity Knowledge document.

The document is the result of a years-long research effort to formally address the question: What knowledge does an industrial cybersecurity professional need to have that is not included in traditional cybersecurity programs of study?

In Spring 2022, the ISACGA administered a survey to professionals with interest or experience in industrial cybersecurity. The survey included up to 363 input items, and received inputs from 170 unique respondents.

The survey questions, responses, analysis and decisions are all available for public review, examination and additional analysis on the ISAGCA website. While this is an impressive level of transparency for a curricular guidance effort, the most exciting part is the guidance itself.

The 125-page document is an essential reference for students, instructors, administrators and industrial cybersecurity practitioners. It is organized around the analogy of a building with three components:

1) An environment
2) A foundation
3) A superstructure

• The Industrial Operations Environment describes the contexts (business, geopolitical, professional and industry) within which industrial control systems and industrial cybersecurity exist.
• The Industrial Control Systems Foundation describes the elements (instrumentation & control, process equipment, industrial networking & communication and process safety & reliability) that compose an industrial control system.
• The Industrial Cybersecurity Superstructure describes the elements (guidance & regulation, common weaknesses, events & incidents and defensive techniques) that most immediately and intuitively pertain to assuring an industrial control system.

Each component is organized into categories, topics and subtopics to reach a level of reasonable granularity—up to six levels deep. While some topic names are identical to those found in traditional cybersecurity contexts, the study describes the unique or special considerations of those topics for industrial and OT environments.

Curricular Guidance: Industrial Cybersecurity Knowledge is available on isagca.org. ISAGCA also hosted a webinar in April 2024 about the study for those seeking more detailed information. A recording of the webinar is available (registration required).