You are here
Cybersecurity in the Energy Sector: a thorough understanding
Cybersecurity in the Energy Sector: a thorough understanding
Increase your awareness of current industrial cybersecurity incidents and identify the main types of ICS OT vulnerabilities. Understand how the evolution of the internet of things can impact ICS security.
Be one of the first 25 to enrol and receive a free copy of Blackout: Tomorrow Will Be Too Late by Marc Elsberg.
The shift to decentralisation, digitisation and the unstoppable integration of the Internet of Things have increased the risk of cyberattacks exponentially in the energy sector. Preserving your organisation’s operations and protecting your data means building deep understanding of the issues, regulations and frameworks that matter. Constructing a common language. And forging company-wide alignment.
Cybersecurity in the Energy Sector is delivered by InnoEnergy, one of Europe’s leading experts in energy and innovation, and our expert partners Fraunhofer Academy, AFKC, and Kaspersky. The course draws on the combined expertise of top academics, industry experts, investment advisors and innovation start-ups. Through online learning, expert lead sessions and the interactive KIPS simulation game - based on a real time cyberattack - you are empowered with the critical knowledge and skills to:
- Evaluate IT and OT risks and vulnerabilities in your system
- Understand the legal frameworks in the context of the energy sector
- Get to grips with privacy concerns and needs of your customers
- Explore the full spectrum of cybersecurity counter-measures including anonymisation of data
- Build pan-organisational buy-in and alignment
- Design and execute a defence strategy that protects your infrastructure from cyberattacks.
What will you learn?
This course has been specifically designed to give you an understanding and the tools to build effective, proactive and reactive strategies at both organisational and technical levels. Throughout the course, you will cover a variety of topics.
- As well as generic threats, industrial security must contend with ICS-specific malware and targeted attacks: Stuxnet, Havex, BlackEnergy, Industroyer, and infamous Triton that targets Safety Instrumented Systems – the list is growing rapidly. As the Stuxnet and BlackEnergy attacks have shown, one infected USB drive or single spear-phishing email is all it takes for well-prepared attackers to bridge the air gap and penetrate an isolated network.
- Another rising threat to ICS is ransomware. The emergence of ransomware is highly significant for the industrial sector – such infections cause high-impact, wide-ranging damage to critical systems, making ICS a particularly attractive target – as proven by numerous incidents of ransomware attacks (especially WannaCry and exPetr infections) hitting ICS/SCADA systems during 2017. In the near future ransomware designed to attack industrial systems may have its own specific agenda – instead of encrypting data, the malware may set out to disrupt operations or to block access to a key asset.
- In addition to malware and targeted attacks, industrial organisations face other threats and risks targeting people, processes and technology – and underestimating these risks can have serious consequences.
Upon completion of the course, you gain a better understanding of the ICS threat landscape, the impact of a real cyberattack on energy companies, and the remediation actions to take.
How will you learn?
Cybersecurity in the Energy Sector is a blended learning course. The course starts with flexible, self-paced online learning modules that can be taken over a period of 4 weeks and totalling approximately 8 study hours (2 hours per week). Your online learning focus on Cyber Attack Vectors, Human Factor, Regulatory Frameworks and Standards, Privacy, and Anonymisation. After your online learning, you will meet peers and experts for an immersive day in Brussels on 28 November.
The on-site session is a full day during which you will join a simulation game based on an Energy Plant scenario related to a Ukraine BlackEnergy attack (the simulation scenario is based on Oil and Gas, Water plant, Corporation, Transportation, Local Government and Finance). Work in teams to balance engineering, business, and security priorities against the cost of a real-time cyberattack. Analyse data and make strategic decisions based on uncertain information and limited resources.
The simulation game allows you to experience a real-world critical infrastructure cyber attack. It will increase your awareness of relevant industrial cybersecurity issues, the growing exposure to risks coming from converging IT/OT environments, as well as fostering the skills needed to address and resolve them.
Who will teach you?
The InnoEnergy consortium is a recognised leader in sustainable energy education, drawing on the combined expertise of many of Europe’s foremost technical universities, business schools, industry experts and innovation start-ups. Faculty include:
- Fabrizio Mancini – Co-founder and CEO of AFKC and industry expert in cybersecurity
- Davide Garufi – Owner of Moscarda Consulting and expert in energy innovation
- Jörg Lässig – Professor Enterprise Application Development at Hochschule Zittau and Group Manager Fraunhofer IOSB Cybersecurity Lab KRITIS
- Sebastian Mann – Expert in privacy enhancement technologies, cryptographic methods for media security and sensitive data with research group, Media Distribution and Security
- Kirill Naboyshchikov - Kaspersky Industrial Cyber Security Business Development Manager
Is it right for you?
Join a cohort of engineers, strategists, product managers and directors of operations who share your curiosity about emerging risks and understand that cybersecurity is not simply a cost but a proactive mechanism that reduces revenue losses. Our participants come from all over Europe and are typically:
• IT managers
• Software engineers
• Information security analysts
• Energy engineers
• Digital strategists
• Product managers
• R&D engineers
What do others think?
At CERN we have a huge number of IT and engineering systems, with thousands of people working on them. So from a cybersecurity perspective, increasing awareness and engaging people to take care about cybersecurity is as crucial as the technical controls. This course proved to be engaging, bright and efficient.
Director of Operations
Who are the collaborators?