Three-Day Course Overview

Cybersecurity training for engineers developing components and products for industrial applications based on ISA/IEC 62443-4-1 and 4-2

The use of commercial off-the-shelf (COTS) technologies and the increase in the networking of industrial automation and control systems (IACSs) have exposed IACSs to similar vulnerabilities as information systems. The product supplier has a key role to play in the supply chain and the security of an IACS.

This three-day training course focuses on the ISA/ IEC-62443 standard. The ISA/IEC 62443 series of standards was developed to secure IACSs throughout their life cycle. It currently includes several standards, technical reports (TRs) and technical specifications (TSs). Completing this interactive training for component and product manufacturers will help empower you to make educated choices about the implementation of security based on the ISA/IEC 62443 family of standards, considering security issues related to control and automation systems. This certification training has a core focus on Part 4 of ISA/IEC 62443, which provides detailed requirements for IACS products:

• 4-1 – Secure product development life cycle requirements
• 4-2 – Technical security requirements for IACS components

The course will also provide an overview of all the sub-standards and how they apply to your process and product cybersecurity assessment and certification needs as well as your required investment.

ISA/IEC 62443 Training Topics

    • Introduction to ISA/IEC 62443
    • Industry 4.0 trends and challenges
    • Cyberattacks in IACS — vulnerabilities and consequences
    • IACS concept, principal roles and architecture
    • Security levels and maturity levels
    • Secure life cycle view
    • Defense in depth
    • Zero trust
    • Security for IIoT devices
    • Security supply chain
    • Risk assessment and management from a product perspective
    • Threat modeling
    • Vulnerabilities and countermeasures
    • Challenges during IACS patch and update management
    • Recommended requirements for IACS product suppliers
    • Security design embracing ISA/IEC 62443 architecture
    • Security management
    • Specification of security requirements
    • Secure by design
    • Secure implementation
    • Security verification and validation testing
    • Management of security-related issues
    • Security guidelines


Optional UL Certified CCSP Professional Exam

Participants who complete all three days of training are eligible to take an online certification exam. Those who pass the exam are individually certified as a UL Certified Cybersecurity Professional (UL-CCSP), product manufacturer, ISA/IEC 62443-4-1, -4-2.

Training can be completed in person or remotely. If completed remotely, the three days of training can be arranged in time slots convenient to you.

Upon successfully completing the UL-CCSP exam, participants will receive a certificate and badge that they can use to demonstrate their competence in the ISA/IEC 62443 4-1 and 4-2 IACS products. The certification is good for three years, after which point individuals may recertify.