Kaspersky Lab and the International Society of Automation (ISA) have announced the launch of a joint education initiative aimed at raising the awareness of industrial automation equipment operators about cyber threats.
The International Society of Automation (www.isa.org) is a nonprofit professional association that sets the standard for those who apply engineering and technology to improve the management, safety, and cybersecurity of modern automation and control systems used across industry and critical infrastructure.
As part of the initiative, the Kaspersky Industrial Protection Simulation will be included in selected ISA training programs.
The importance of cybersecurity of critical infrastructures cannot be underestimated in today’s highly automated world, where security incidents such as the spread of BlackEnergy2 malware in complex environments (in particular, governed by SCADA software) happen regularly. The vulnerability and scale of consequences of a cyber attack against an automated production line is vividly demonstrated by a recent malware incident that led to physical damage to a steel furnace in Europe, Kaspersky Lab said.
According to statistics from Kaspersky Security Network (KSN), by the end of 2014 there were detected about 13,000 monthly incidents when malicious code attempted to infect computers running automatic process control systems supplied by Siemens, Rockwell, Wonderware, General Electric, Emerson and other companies.
By joining their efforts, Kaspersky Lab and ISA expect to promote the development of mixed sets of knowledge – in the both domains of information security and engineering, among owners and operators of critical infrastructure facilities.
“The training developed by Kaspersky Lab sets the audience in a unique atmosphere which enables the delivery of hands-on experience of securing critical infrastructure facilities against cyberattacks taking into account all the subtle nuances. Furthermore, it is equally well-customized to satisfy the needs of IT specialists, as well as engineers and top managers, who oftentimes do not see the necessity to take special measures on securing the production which has already been certified to the fullest possible extent. We look forward to the real-world experience and value this hands-on simulation will add to our future training offerings”, says Dalton Wilson, Director – ISA Education & Certification.
The simulation is a turn-based strategy game in which the participants are put in charge of a virtual critical infrastructure facility and asked to ensure that it operates without disruption. The ultimate goal of the exercise is to ensure the sustained and profitable operation of the facility under the increasing pressure of cyber attacks. The simulation uses real-world examples and shows that without a unified view on cyber security by IT and engineering specialists such facility’s resilience is far from optimal.
“The owners of critical infrastructure are practical people that are not used to taking things for granted. This is why we developed ‘Kaspersky Industrial Protection Simulation’; through it, we vividly demonstrate how ensuring the cybersecurity of a technological process is important not only for the peace of mind for IT security staff, but also for the financial stability of the entire company. ISA’s value in the field of automation is difficult to overestimate; this organization influences millions of engineers across the globe both in the field of standards and in the possessing the knowledge and skills in all aspects of automation, including the new area of cybersecurity. For this reason, we are especially happy to have ISA as our partner”, said Vyacheslav Borilin, business development manager at Kaspersky Lab.
Kaspersky Industrial Protection Simulation will be a hands-on component of the educational process for trainees attending ISA training courses, such as TS122 and TS203.