EN70: Security By Design for Control Systems Engineers and Service Providers for Energy, Oil & Gas.

Recommend or share:

The EN70 training course main objective is to explain security by design at the SuC Level. Starting from the Security by Design levels and after that getting into Security By Design at System Level. Every engineer who oversees the design of control systems should learn how to comply with security requirements as well as functional requirements. Understand and/or develop detailed cybersecurity requirement specifications.

Existing Systems. Introduce changes into zones and conduits to meet security requirements. Understand the results of the detailed risk assessment at the plant to create meaningful changes in the zones and conduits that meet the requirements.

New Systems. Design the control system to meet security requirements. Select components, assemble, install, configure hardware and software components to meet security requirements.

At the end of the EN70 course, you will be able to:

• Interpret the results of the detailed risk assessment.
• Perform a consistent conceptual design to influence the design of the plant.
• Perform a detailed design in compliance with the ISA/IEC-62443-3-3.
• Determine SL-A and SL-C of the current design of a particular system and components.
• Understand all the Security Requirements (SR) and Requirements Enhancements (RE) within the ISA/IEC-62443-3-3.
• How to choose security controls and harmonize with popular regulations.
• Create Cybersecurity Requirements Specifications (CSRS).

Course Contents EN70:

• Concepts and Definitions
  • What is Security by Design.
    • Levels of Security by Design.
  • Explain security by design for system security and the relationship with the ISA/IEC-62443-3-3 and ISA/IEC-62443-4-2.
  • ISA/IEC-62443-2-4 Requirements for Service Providers.
  • Zones and Conduits Model. Zone, Conduit, Networks, etc.
  • Security Levels. Types of Security Levels.
  • Existing vs. New Systems.
  • Engineering By Design.
  • Foundational Requirements.
    • Base Requirements.
    • Security Requirements.
    • Requirements Enhance.
  • Essential Functions.
  • Compensating Countermeasures.
  • Harmonize with Popular Regulations.
  • ISA/IEC-62443-3-3 Objectives.
  • Types of Devices (Or Components).
  • ISA/IEC-62443-4-2 Objectives.
  • Product Certification.
• Foundational Requirements.
  • FR1 = Access Control (IAC)
  • FR2 = Usage Control (UC)
  • FR3 = System Integrity (SI)
  • FR4 = Data Confidentiality (DC)
  • FR5 = Restrict Data Flow (RDF)
  • FR6 = Timely Event Response (TRE)
  • FR7 = Resource Availability (RA)
• ISA Secure. Product Certification.
• Determining the SLC of a product
• Determining the SLA of a zone or conduit
• Case Study: Boiler Control

Deliverables:

• Course Material.
• Access to Educational Campus.
• Complementary material in digital form is available on the educational campus.

Requirements:

It is recommended to have taken and passed the EN60 course.

Certificates:

A first certificate of knowledge is issued upon completion of the course

• Certificate: “Detailed Design of Security Practitioner in New and Existing Industrial Systems”
• CRE credits: 1.6
• The certification exam is taken in class at the end of the course. Available in Spanish, Portuguese, and English.

A second experience certificate is issued after practical implementation in real projects.

• Certificate: “Expert in the Design of Security in New and Existing Industrial Systems”
• CRE Credits: cumulative, depending on the duration of the activities carried out by the practitioner.

Recognitions

All participants who meet the course requirements and successfully pass the final exam with a good grade will be awarded a Digital Badge. The digital Badge certifies that the participant has attended the EN60 training course and has completed the final evaluation test with a good grade, verifying that said participant has assimilated the new knowledge.