Fortiphyd Logic

This course introduces the foundational principles of Cyber-Informed Engineering (CIE), a framework that integrates cybersecurity into the engineering and design of operational technology systems. Whether you're an engineer, operator, or technical manager, you’ll learn how to reduce the consequences of cyber events by building resilience into the systems themselves. Through a combination of lecture material and hands-on lab exercises, you'll explore real-world scenarios that bring each principle to life, helping you turn “What if?” into “Even if.”

After this course, participants will be able to:

• Define the 12 principles of CIE and how they contribute to a more resilient infrastructure
• Identify opportunities to reduce cyber risk through engineering controls
• Recommend CIE strategies for specific situations

Disclaimer - This course references materials developed under contract for the U.S. Department of Energy by the Idaho National Laboratory and the National Renewable Energy Laboratory. All rights to these materials remain with their respective owners. This course is not affiliated with or endorsed by the U.S. Department of Energy or any of its contractors.

The maritime transportation system (MTS) is a critical component of the world economy, with the majority of all goods transported by sea or waterways. Ports serve as essential hubs for this trade, handling millions of containers daily, ensuring the smooth flow of raw materials, energy supplies, and consumer products. However, as ports become increasingly digitalized, the potential for cyberattacks to cause massive financial damage increases, as was the case for the NotPetya ransomware.

Writing "secure" PLC programs is hard, but static analysis can help. This is a practical short course designed to help engineers, PLC programmers, and security professionals improve the security and quality of their PLC programs. Participants will learn how to apply static analysis techniques to PLC programs, using an enhanced version of the open-source IEC-Checker tool to detect common coding flaws, such as missing input validation and poor coding patterns, in the IEC 61131-3 Structured Text language. The course covers both the fundamentals of static analysis and hands-on guidance for integrating these practices into existing workflows, helping teams build more robust and secure control logic. No prior experience with static analysis is required.

(Lab) After pivoting into the ICS network, continue your exploration of common ICS protocol and software vulnerabilities to reprogram a PLC and cause a power outage in the simulated power plant. After completing this chapter, users will be able to:

• Run advanced network scanning to enumerate ICS devices
• Run password cracking tools against remote access protocols (RDP)
• Understand the function of HMIs in ICS networks
• Perform man-in-the-middle (MITM) attacks using ARP spoofing
• Explore ICS protocols using Wireshark
• Understand how PLCs are programmed

(Lab) Using lessons learned from successfully attacking the power plant, learn how to harden the ICS network with firewalls, monitoring systems, and intrusion detection systems.. After completing this chapter, users will be able to:

• Monitor network flows
• Install and monitor an inline network intrusion detection system
• Investigate DNS exfiltration traffic
• Use Fortiphyd Logic's LogicWatch product to monitor the ICS network
• Write basic network firewall rules

(Lab) The Industrial IoT promises to make ICS more efficient than ever before, but with great technology comes great responsibility to secure it. In this course, exploit and mitigate common IIoT vulnerabilities in a simulated power plant. After completing this chapter you will be able to:

• Communicate the benefits of deploying IIoT, as well as the added responsibility for securing IIoT
• Use Shodan to perform basic reconnaissance on Internet facing ICS assets
• Understand the difference between application layer security and transport layer security
• Perform basic checks for default and hardcoded passwords in IIoT devices 

(Lab) DNP3 is one of the most popular protocols used in SCADA networks like the power grid, water utilities, and train systems. In this hands-on lab course, learn some of the biggest ways attackers can abuse DNP3 and what you can do to prevent and detect their attacks.

After completing this module, users will be able to:

• Understand the different kinds of security assessments
• Participate in deciding the type and scope of assessments for their networks
• Describe common assessment methods and when each are appropriate to use

After completing this module users will be able to:

• Program and understand basic ladder logic programs
• Describe the operating systems used in Level 0 and 1 devices
• Identify common vulnerabilities in Level 0 and 1
• Recommend common defenses for Level 0 and 1

After completing this module users will be able to:

• Differentiate the best use cases for various segmentation devices
• Recommend high level sure architecture for ICS networks
• Identify key requirements for implementing secure remote access to ICS networks
• Understand the benefits and appropriate uses for ICS network monitoring

After completing this module users will be able to

• Implement a basic ICS security program
• Leverage existing standards and frameworks to improve their ICS security
• Use the NIST CSF to compare Current Profiles with Target Profiles and prioritize steps
• Include cybersecurity in ICS procurement

(Lab) So much attention is paid to securing industrial control systems at various levels in the network, but what can controls engineers do to help secure the PLCs that are actually translating digital commands into physical actions? 

In this 4-part series learn how the "Top 20 Secure PLC Coding Practices" provides PLC programmers with the first ever industry guidelines for adding basic security to the PLC programming itself. Practice the various guidelines in simulated ICS networks including power generation, power distribution, and building automation networks.

Part 4 of the 4-part series covers:

• Practice 9: Validate Indirections
• Practice 10: Assign Designated Register Blocks by Function
• Practice 14: Restrict Third-Party Data Interfaces
• Practice 15: Define Safe Process State in Case of Restart
• Practice 18: Log Hard Stops and Trend them on the HMI

https://plc-security.com/

(Lab) So much attention is paid to securing industrial control systems at various levels in the network, but what can controls engineers do to help secure the PLCs that are actually translating digital commands into physical actions?

In this 4-part series learn how the "Top 20 Secure PLC Coding Practices" provides PLC programmers with the first ever industry guidelines for adding basic security to the PLC programming itself. Practice the various guidelines in simulated ICS networks including power generation, power distribution, and building automation networks. Part 2 of the 4-part series covers:

• Practice 13 - Disable Unused Ports and Protocols
• Practice 4 - User PLC Flags as Integrity Checks
• Practice 12 - Validate Inputs on Physical Plausibility
• Practice 7 - Validate and Alert for Paired IO
• Practice 1 - Modularize PLC Code

https://plc-security.com/