Cybersecurity Industrial Control System Engineer with Cyber Exercise | SGInnovate




Cybersecurity Industrial Control System Engineer with Cyber Exercise

Presented by SGInnovate, Tegasus International & ST Engineering

Our workshop is currently full, we apologise for any inconvenience caused. Please register your interest for the next session below.

Are you and your organisation ready to manage and respond to cyber attacks?

Specially curated with Tegasus International and ST Engineering Cybersecurity Academy, SGInnovate presents a full spectrum of Cybersecurity Workshops in Operational Technology (OT) designed to get you and your organisation ready for impending security threats and vulnerabilities.

These OT courses are structured to align with the key pillars of the Singapore Cybersecurity Strategy. They will be tailored to the needs of those working in the 11 Critical Information Infrastructure (CII) sectors in Singapore.

Through this four-day workshop, you will:

  • Gain a deeper understanding of the OT Cybersecurity ecosystem 
  • Learn about concepts like embedded systems, protocols fundamentals, known vulnerabilities discovery, forensic investigation and process exploitation
  • Learn how to manage risks and threats to Industrial Control Systems (ICS), as well as the different types and stages of a cyber attack

With the cyber exercise, participants will also learn:

  • To describe Cyber Physical System (CPS) defence techniques through mocked cyber exercises
  • To understand actual versus perceived capabilities of people and defence mechanisms
  • Where to invest budgets in potential gaps and pitfalls
  • To strengthen and foster security teams to smoothen processes and responses against actual attacks in a cyber range
  • Improve morale and team building
  • Build up capabilities towards meeting regulatory and organisational requirements

There will be emphasis on real-world use cases as we utilise hands-on exercises that are incorporated with realistic scenarios built around operational cyber physical testbeds.

By the end of the course, you will be able to recognise the symptoms of an attack and identify which tools and techniques to investigate possible breaches into ICS. You should be able to demonstrate a multitude of cybersecurity techniques including vulnerability assessments, sensor disruption and defence-in-depth.

Workshop Overview:

  • Basic Cyber Physical Systems (CPS)
  • Cyber risks and security vulnerabilities in CPS
  • Process Control Exploitation
  • Basic networking concepts necessary for active and passive network discovery
  • Network attacks and exploits: different stages of an attack
  • Network defence and incident response
  • Cyber exercise 

Recommended Prerequisites:

  • Basic understanding of ICS, CPS or OT
  • Recommended for individuals in the Cybersecurity space for at least 2 years; or those who possess a strong interest in Operational Technology (OT) Cybersecurity 

Pre-Workshop Instructions:

  • Laptops will be provided for this workshop

Day 1 

8:45am – 9:00am: Online Registration
9:00am – 10:45am: An Overview of the Cybersecurity Ecosystem

  • Our digital ecosystem
  • Motivational factors for attacking – attacker goals, skillset and profiles
  • Cyber Risk analysis and management 
  • Practice session (risk analysis exercise)
  • Pros and cons of Cybersecurity solutions
  • Concepts of confidentiality, integrity and availability

10:45am – 11:00am: Break
11:00am – 12:00pm: Identity and Access Management

  • Fundamentals of Cybersecurity
  • Introduction to identity and access management
  • Demonstration session (type 1 vulnerability exposures)

12:00pm – 1:00pm: Lunch Break
1:00pm – 3:00pm: Identity and Access Management

  • Cyber threats facing authentication
  • Access control models (DAC, MAC, RAC and RuAC)
  • Access control administration

3:00pm – 3:15pm: Break
3:15pm – 4:45pm: Security Engineering and Design 

  • Principles of secure design
  • Security models (state machine, Bell-LaPadula, Biba and commercial models)
  • Security evaluation criteria

4:45pm – 5:00pm: Closing Remarks 
5:00pm – 5:30pm: Q&A

Day 2

8:45am – 9:00am: Online Registration  
9:00am – 9:30am: Revision of Day 1
9:30am – 10:30am: Security Engineering and Design 

  • Introduction to Cryptography
  • Cryptography in history

10:30am – 10:45am: Break
10:45am – 12:00pm: Security Engineering and Design 

  • Types and elements of Cryptography
  • Symmetric Key Cryptography

12:00pm – 1:00pm: Lunch Break
1:00pm – 3:00pm: Security Engineering and Design 

  • Asymmetric Key Cryptography
  • Hybrid Cryptography

3:00pm – 3:15pm: Break
3:15pm – 4:45pm: Security Engineering and Design 

  • Hybrid Cryptography
  • Cryptography Exercise
  • Public Key Infrastructures (PKI)
  • Cryptography – Data at Rest & Data in Motion

4:45pm – 5:00pm: Closing Remarks 
5:00pm – 5:30pm: Q&A

Day 3

8:45am – 9:00am: Online Registration
9:00am – 9:30am: Revision of Day 2
9:30am – 10:30am: Solution Security and Principles Part 1

  • Guiding principles for secure solution

10:30am – 10:45am: Break
10:45am – 12:00pm: Solution Security and Principles Part 2

  • Guiding principles for secure solution

12:00pm – 1:00pm: Lunch Break
1:00pm – 3:00pm: 
Discussion of Real-World Use Cases 
Understanding Cyber Kill Chain

  • Stages of attacks & defence

3:00pm – 3:15pm: Break
3:15pm – 4:30pm: Explanation of Assessment Requirements (to be submitted individually)
4:30pm – 5:00pm: Closing Remarks 
5:00pm – 5:30pm: Q&A 

Day 4 (1 April 2021)

9.00am – 9:30am: Online Registration
9:30am – 9:45am: Cyber Exercise Briefing
9:45am – 10:00am: Familiarisation of Monitoring Tools and Various Networks
10:00am – 10:45am: Break
10:45am – 12:30pm: Hands-On Cyber Exercise
12:30pm – 1:30pm: Lunch Break
1:30pm – 4:00pm: Hands-On Cyber Exercise
4:00pm – 4:15pm: Break
4:15pm – 5:00pm: Hands-On Exercise
5:00pm – 5:45pm: Debrief / Round-Table Discussion

S$3,638 / pax (after GST)

For enquiries, please send an email to [email protected]

This workshop was successfully endorsed for April 2019 – March 2021 and is in the process of CITREP+ funding application. Please register your interest and we will contact you when registration opens.

Ivan Lee, Co-founder, Tegasus International

Ivan works with various global strategic partners such as the NATO Cooperative Cyber Defence Centre of Excellence, US Department of Homeland Security ICS-CERT Idaho National Laboratory and local government agencies on critical initiatives and training programmes.

He started his career with Accenture, a top global top IT consulting MNC company and has assumed various tech management roles in the telecommunication, cGMP and Operational Technology sectors regionally. He is the Deputy Director of Cyber Security Technologies at iTrust, a Centre for Research in Cybersecurity that was established by the Ministry of Defence and Singapore University of Technology and Design (SUTD).

He is also an SUTD Academy Fellow and a member of the Coordinating Committee for Cybersecurity (CCCY), Subcommittee for Critical Information Infrastructure (CII).

He has attended various professional training courses and acquired certifications as listed below:

  • Certified Information Systems Security Professional (CISSP)
  • US Department of Homeland Security ICS-CERT Industrial Control Systems (ICS) Cybersecurity (301)
  • Advanced Penetration Testing, Exploit Writing, Ethical Hacking (SANS)
  • Advanced Course on Darknet and Cryptocurrencies
  • Hands-on Hardware Hacking and Reverse Engineering (Blackhat 2015)
  • Cybersecurity: Technology, Application and Policy (MIT Digital Program)
  • FORENSICS: Reverse-Engineering Malware (SANS)
  • Managing Successful Programmes (MSP) Practitioner, 2014
  • Introduction to Business Process Re-engineering Workshop
  • Live Hacking & Information Security Masterclass
  • Self-Discovery Leadership
  • EC-Council Certified Security Analyst (ECSA), 2013
  • Certified Ethical Hacker (CEH), 2013
  • Project Management Professional (PMP)

Topics: Cybersecurity