Secure Australia’s Critical Infrastructure: Advanced Training Course SCADA

19aug(aug 19)9:00 am23(aug 23)1:00 pmSecure Australia’s Critical Infrastructure: Advanced Training Course SCADAA Critical Infrastructure Protection professional workshop

Event Details

Australia’s infrastructure is more interconnected than ever, facing escalating threats from cyber-attacks and terrorism. Critical Infrastructure security is paramount for our national safety and economic stability. Industries now depend on advanced systems like ICS, SCADA, PLCs, HMIs, RTUs, and DCSs, which, while enhancing efficiency, also increase the risk of severe disruptions.

Join us for an intensive four-and-a-half-day course tailored for professionals in Engineering, IT, and Technical Management. Gain cutting-edge knowledge and hands-on experience with modern IT and control systems. Dive deep into the complexities, threats, and security measures essential for safeguarding our infrastructure.

Course Highlights:

  • Comprehensive Solutions: Technical, architectural, and managerial strategies to protect critical infrastructure.
  • Tailored Streams: Hands-on labs for both control system and IT hardware/software, suitable for varied expertise levels.
  • Interactive Learning: Engaging presentations, group discussions, and extensive hands-on practical activities using real industry hardware.
  • Real-world Simulations: Participate in Red/Blue exercises with our Urban Table testbed.

Key Takeaways:

  1. Evaluate vulnerabilities in Industrial Control Systems and Critical Infrastructure.
  2. Understand the principles behind industrial hardware and software.
  3. Examine technical specifics and reliability of control systems.
  4. Develop and implement robust mitigation and risk management strategies.

Don’t miss this opportunity to enhance your skills and protect our nation’s vital infrastructure. Secure your spot today!

Facilitated by Ray Hunt and Cameron Sands

Cost: $3,500

For more information, please email elena.sitnikova@flinders.edu.au

Agenda

DayTime Stream 1 (typically IT) Stream 2 (typically Engineering)
Day 1 Morning Monday 19th 9am-12noon Combined Talks & Group Discussion:

Covering: Introduction to Industrial Control Systems (ICS), CIA Triad and its Implications, ICS Penetration Testing and Implications, ICS Hardware, Refreshed of Numbering Systems & Refreshed of IP Addressing, Subnets and Routing

Day 1 Afternoon Monday 19th 1pm to 5pm Combined Practical Workshop Session:

Kali Linux

What is Kali Linux and what can it be used for. Take a guided tour of the tools demonstrating the possibilities of it to gain privilege to several Windows operating systems, some via pivoting networks.

Day 2 Morning Tuesday 20th 9am-12noon Practical Workshop Session:

Intro into PLC systems and programming (Rockwell)

Look at real AB PLC to get an understanding of how it operates. Look at the programming and make changes on the run. Take the challenge to take out the PLC or try to recover if you did not cause it.

Practical Workshop Session:

Wireless and Mobile Security

Wireless LANs – risks and vulnerabilities. Testing wireless infrastructure using Kali tools. Demonstration of wireless vulnerabilities using a Pwnagotchi-Raspberry Pi.

Day 2 Afternoon Tuesday 20th 1pm to 5pm Practical Workshop Session:

PLC systems and programming (Siemens)

This time we expand our knowledge by looking at a digital twin of a high-end Siemens PLC. Take an additional look at the other IEC61131-3 PLC languages.

Practical Workshop Session:

Wireless Special Interest

Setting up a secure Wireless Enterprise Industrial infrastructure. Demonstration of some common wireless attacks: Mousejack attacks, USB-A/USB-C cable attacks, reverse shell attacks.

Day 3 Morning Wednesday 21st 9am-12noon Practical Workshop Session:

Intro into HMI systems and their programming

Connect the HMI to the PLC we have been programming. Interact with the HMI to get an understanding on what it does. Make some changes to the programming and test the results.

Intro into SCADA systems and programming

Connect SCADA to the PLC we have been programming. Interact with the SCADA system to get an understanding on what it does and then make changes to the programming.

Practical Workshop Session:

Firewalls

Configuration of an industrial security policy onto a firewall including the mapping of IP subnets across different areas of trust.

Virtual Private Networks

Design and setting up of VPN tunnels using either Kali’s WireGuard open-source engine or the industrial IKEv2 VPN using hardware crypto processors. This will involve VPN architecture which crosses different domains of trust in both wired and wires networks.

Day 3 Afternoon Wednesday 21st 1pm to 5pm Practical Workshop Session:

A further look into SCADA including historian and SQL systems and programming We look further into SCADA and some of the systems that can sit behind it. Form up some

queries and modify some data going to a database.

Practical Workshop Session:

Multi Factor Authentication

Setup and configuration multi-factor authentication using both hardware and software tokens, biometric cameras, and mobile phone devices. We use a commercial industrial MFA platform and demonstrate how to setup MFA on a Windows device for use with hardware and mobile phone tokens. We then add biometric facial recognition to be used separately or in conjunction with other authentication systems.

Day 4 Morning

Thursday 22nd 9am-11am

Practical Workshop Session:

Intro into Modbus

Have a byte-by-byte investigation into the Modbus RTU and Modbus TCP protocols.

Manipulator in the Middle Modbus attacks

Modify what the operators of the plant see by intercepting and modifying the data.

Practical Workshop Session:

Penetration Testing

Testing an industrial implementation for security misconfigurations and vulnerabilities. Data leakage and interception. Man-In-The-Middle vulnerabilities, Penetration Testing using Zenmap and OpenVAS. Intrusion Detection

Introduction to SNORT and a Graphical User Interface Intrusion Detection system.

Day 4 Afternoon Thursday 22nd 12noon to 5pm Combined Practical Workshop Session:

RedBlue Exercise (Split into two groups)

The Red team are attacking to bring down the essential services and make life as unhappy as they can.

Day 5 Morning Friday 23rd 9am-1pm Combined Talks & Group Discussion:

Sharing of results of the RedBlue Exercise, Industrial Control System Vulnerabilities and Defence strategies including protection of the table

Combined Practical Workshop Session:

Reconfiguration of the RedBue Exercise & Everyone Red Exercise

Time

19 August 2024 9:00 am - 23 August 2024 1:00 pm(GMT+09:30)

Location

Flinders at Tonsley, Ground Floor

Other Events