Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

All Posts

LOGIIC Endorses ISA Industrial Control Systems Cybersecurity Training

ICS Cybersecurity Training for Remote Staff

In late 2019, LOGIIC (Linking the Oil and Gas Industry to Improve Cybersecurity) conducted a study to identify alternatives for cybersecurity industrial control systems (ICS) training and certificate programs that could be delivered to staff located in remote locations throughout the world. LOGIIC selected ISA to provide online ICS cybersecurity training courses as part of a pilot. We received very positive feedback about the ISA training course content and portal used by the students. 

This blog describes how LOGIIC selected ISA, the results of the LOGIIC training pilot with ISA, and some key findings from the pilot. 

Defining the Training Requirements 

LOGIIC defined our business requirements for ICS cybersecurity training, including the desired training topics and ICS roles that needed to be trained. We identified our training topics of interest as: ICS Configure Management, ICS Risk/Vulnerability Management, ICS, and separately Network Security and General ICS Knowledge. 

Oil & Gas companies have numerous staff who are in remote locations with limited infrastructure, like staff on offshore rigs. The staff have limited opportunities to attend traditional, in-person training due to the time and costs associated with traveling away from work. Many of these remote locations are only accessible by helicopter or are significant distances away from major cities. 

On the other hand, staff have internet access that enables them to take online training. LOGIIC was seeking to find online training for ICS cybersecurity courses that allowed students to obtain certificates. Oil & Gas operations are demanding, which limits the amount of time that a student has each day to complete training. LOGIIC was seeking self-paced, modular training that could be taken by students in increments of one hour or less at a time. 

Selecting a Training Provider 

LOGIIC engaged eight ICS cybersecurity training providers to understand their alternatives for delivering virtual training. Several companies were planning to provide training courses in an online format. ISA was the only company we met with who had training available in an online format. 

ISA had four ICS cybersecurity online courses available that addressed the topics and ICS roles that LOGIIC identified when we defined requirements. These courses were designed to be taken in modules that were one hour or less, which met another one of our requirements. These courses were based on ISA/IEC 62443, which was very desirable for our members since these standards are widely used by many companies. ISA has a portal for managing student activities, including obtaining progress reports on course completion, which we found to be very useful. 

LOGIIC ICS Cybersecurity Training Pilot with ISA 

Due to the pandemic, LOGIIC experienced some delays before starting the ICS cybersecurity training pilot. Once LOGIIC started the pilot, most participants were able to complete their ICS cybersecurity training within four months. The tools provided by ISA allowed us to easily manage student activities and create progress reports. During the LOGIIC training pilot, ISA included a Red Team/Blue Team interactive exercise/game to help solidify learning about ISA/IEC 62443. 

LOGIIC Conclusions from the Training Pilot 

LOGIIC surveyed the participants in the ICS cybersecurity training pilot to understand their experiences with the ISA courses. Student feedback was very positive. Participants reported that the content was valuable, and the courses were easy to take and complete. 

Students suggested improvements to specific elements of some courses, to which ISA quickly responded to address our feedback. For example, ISA developed a training manual and video to help students more easily participate in the Red Team/Blue Team game. The game allowed players to take actions based on what they learned in the training and each action was related to a specific ISA/IEC 62443 standard. 

About LOGIIC 

The Linking the Oil and Gas (O&G) Industry to Improve Cybersecurity (LOGIIC) consortium was established in partnership with the U.S. Department of Homeland Security (DHS) Science and Technology (S&T) Directorate to review and study cybersecurity issues in industrial control systems (ICS) that impact safety and business performance as they pertain to the O&G sector.

LOGIIC

Brian Peterson
Brian Peterson
Brian Peterson is an Information Risk Consultant who works for LOGIIC and other companies as a program and project manager. Mr. Peterson has been the project manager for LOGIIC for over 15 years. Mr. Peterson has 30 years of cybersecurity experience of IT systems, applications, and SCADA/DCS systems, such as those used in the oil and gas, and manufacturing sectors. In the last 20 years, he has concentrated on performing research of security technologies and to develop programs and implementation tools for Information Security, ICS Security, and other risk programs.

Related Posts

ICS4ICS Launches First Ever Exercise at S4

The first exercise of Incident Command System for Industrial Control Systems (ICS4ICS) capabilities was c...
Brian Peterson Jun 21, 2022 5:30:00 AM

Electrical Panel Connectivity

Terminal blocks, connectors/cordsets, and interface modules connect electrical and control panels to the ...
Matt Hou Jun 14, 2022 5:30:00 AM