Three-Day Course Overview

Industrial automation and control systems (IACS) face the same risks as information systems due to the use of commercial off-the-shelf (COTS) technologies, increased networking, the move to using ethernet and transmission control protocol/internet protocol (TCP/IP), as well as the increased use of web technologies.

This three-day training course focuses on the ISA/IEC 62443 standard. The ISA/IEC 62443 standards are for securing industrial automation and control systems (IACS) throughout their lifecycle. The series includes several standards, technical reports and technical specifications. During the interactive training for system integrators, we will prepare you to make informed choices about the implementation of security based on the ISA/IEC 62443 family of standards, considering security issues related to control and automation systems. This training focuses on the three IEC 62443 sub-standards most relevant to IACS system integrators:

• 2-4 – Security program requirements for IACS service providers.
• 3-2 – Security risk assessment for system design.
• 3-3 – System security requirements and security levels.

The course will also provide an overview of all the other sub-standards and how they apply to system integrators for defining their road map for processes and system integration — design, assessment and certification needs and required investment.

ISA/IEC 62443 Training Topics

    • Introduction to ISA/IEC 62443
    • Understanding the framework of ISA/IEC 62443
    • Overview of the automation cybersecurity lifecycle
    •  Industry 4.0 trends and challenges
    • Cyberattacks in IACS – vulnerabilities and consequences
    • IACS concept, principal roles and architecture
    • Recommended requirements for IACS solution, service and system integrators
    • Security levels and maturity levels
    • Defense in depth
    • Zero Trust
    • Security for Industrial Internet of Things (IIoT) devices
    • Security supply chain
    • Cybersecurity risk assessment
    • Developing zones and conduits
    • Cybersecurity requirement specification (CSRS)
    • Designing secure systems
    • Security level determination and verification
    • Detailed design considerations and operations requirements
    • Vulnerabilities and countermeasures
    • Challenges during IACS patch and update management
    • Security design embracing
    • ISA/IEC 62443 architecture
    • Specification of security requirements
    • Secure by design
    • Secure implementation
    • Security verification and validation testing
    • Management of security-related issues
    • Security guidelines


Optional UL Certified CCSP Professional Exam

Participants who complete all three training days are eligible to take a two-hour certification exam. Those who pass the exam are individually certified as a UL Certified Cyber Security Professional (UL-CCSP), System Integrator, ISA/IEC 62443-3-3, -2-4. The training can be completed both in-person or remotely. Regarding remote training, we can schedule time slots convenient for you.

Upon successfully completing the UL-CCSP exam, participants will receive a certificate and badge that they can use to demonstrate their competence in ISA/IEC 62443-3-3 and -2-4. The certification is good for three years, after which individuals may recertify.