Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

Read More

LOGIIC Endorses ISA Industrial Control Systems Cybersecurity Training

Read More

Categories Arrow

All Posts

LOGIIC Endorses ISA Industrial Control Systems Cybersecurity Training

ICS Cybersecurity Training for Remote Staff

In late 2019, LOGIIC (Linking the Oil and Gas Industry to Improve Cybersecurity) conducted a study to identify alternatives for cybersecurity industrial control systems (ICS) training and certificate programs that could be delivered to staff located in remote locations throughout the world. LOGIIC selected ISA to provide online ICS cybersecurity training courses as part of a pilot. We received very positive feedback about the ISA training course content and portal used by the students. 

This blog describes how LOGIIC selected ISA, the results of the LOGIIC training pilot with ISA, and some key findings from the pilot. 

Defining the Training Requirements 

LOGIIC defined our business requirements for ICS cybersecurity training, including the desired training topics and ICS roles that needed to be trained. We identified our training topics of interest as: ICS Configure Management, ICS Risk/Vulnerability Management, ICS, and separately Network Security and General ICS Knowledge. 

Oil & Gas companies have numerous staff who are in remote locations with limited infrastructure, like staff on offshore rigs. The staff have limited opportunities to attend traditional, in-person training due to the time and costs associated with traveling away from work. Many of these remote locations are only accessible by helicopter or are significant distances away from major cities. 

On the other hand, staff have internet access that enables them to take online training. LOGIIC was seeking to find online training for ICS cybersecurity courses that allowed students to obtain certificates. Oil & Gas operations are demanding, which limits the amount of time that a student has each day to complete training. LOGIIC was seeking self-paced, modular training that could be taken by students in increments of one hour or less at a time. 

Selecting a Training Provider 

LOGIIC engaged eight ICS cybersecurity training providers to understand their alternatives for delivering virtual training. Several companies were planning to provide training courses in an online format. ISA was the only company we met with who had training available in an online format. 

ISA had four ICS cybersecurity online courses available that addressed the topics and ICS roles that LOGIIC identified when we defined requirements. These courses were designed to be taken in modules that were one hour or less, which met another one of our requirements. These courses were based on ISA/IEC 62443, which was very desirable for our members since these standards are widely used by many companies. ISA has a portal for managing student activities, including obtaining progress reports on course completion, which we found to be very useful. 

LOGIIC ICS Cybersecurity Training Pilot with ISA 

Due to the pandemic, LOGIIC experienced some delays before starting the ICS cybersecurity training pilot. Once LOGIIC started the pilot, most participants were able to complete their ICS cybersecurity training within four months. The tools provided by ISA allowed us to easily manage student activities and create progress reports. During the LOGIIC training pilot, ISA included a Red Team/Blue Team interactive exercise/game to help solidify learning about ISA/IEC 62443. 

LOGIIC Conclusions from the Training Pilot 

LOGIIC surveyed the participants in the ICS cybersecurity training pilot to understand their experiences with the ISA courses. Student feedback was very positive. Participants reported that the content was valuable, and the courses were easy to take and complete. 

Students suggested improvements to specific elements of some courses, to which ISA quickly responded to address our feedback. For example, ISA developed a training manual and video to help students more easily participate in the Red Team/Blue Team game. The game allowed players to take actions based on what they learned in the training and each action was related to a specific ISA/IEC 62443 standard. 

About LOGIIC 

The Linking the Oil and Gas (O&G) Industry to Improve Cybersecurity (LOGIIC) consortium was established in partnership with the U.S. Department of Homeland Security (DHS) Science and Technology (S&T) Directorate to review and study cybersecurity issues in industrial control systems (ICS) that impact safety and business performance as they pertain to the O&G sector.

LOGIIC
Brian Peterson
Brian Peterson
Brian Peterson is an Information Risk Consultant who works for LOGIIC and other companies as a program and project manager. Mr. Peterson has been the project manager for LOGIIC for over 15 years. Mr. Peterson has 30 years of cybersecurity experience of IT systems, applications, and SCADA/DCS systems, such as those used in the oil and gas, and manufacturing sectors. In the last 20 years, he has concentrated on performing research of security technologies and to develop programs and implementation tools for Information Security, ICS Security, and other risk programs.

    Recent Posts

    Astronaut on a rocket

    Related Posts

    How to Secure Machine Learning Data

    Data security is paramount in machine learning, where knowledge drives innovation and decision-making. Th...
    Zac Amos Mar 12, 2024 11:10:47 AM

    Fortifying Your Security Arsenal: A Strategic Approach to Safeguarding OT Security Assets from Adversarial Threats

    Introduction Despite investing significant budgets and resources in security products and services. The c...
    Mohannad AlRasan Mar 5, 2024 9:17:57 AM

    Why Collaboration Is Essential for Cybersecurity Teams

    Today’s cybersecurity workforce faces seemingly insurmountable workloads and increasing pressure to manag...
    Zac Amos Feb 27, 2024 10:40:13 AM

    The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA advances technical competence by connecting the automation community to achieve operational excellence and is the trusted provider of standards-based foundational technical resources, driving the advancement of individual careers and the overall profession. ISA develops widely used global standards; certifies professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world.


    The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

    We're on social media. Keep in touch!

    © 2024 International Society of Automation. All rights reserved.