Free Cyber Security Training
DOE NSTB is offering free “Advanced Training” for SCADA and Control system security at the INL in Idaho Falls, ID. Participants can participate as either “attackers” or “defenders” in this red team/blue team event. The exercise will occur on a small mocked up SCADA environment and is aimed at providing attendees with skills that are immediately applicable to their real environments.
More information can be seen at https://secure.inl.gov/nstb0709/default.aspx . These trainings are well done and represent a good opportunity for researchers and asset owners to gain working knowledge of both the attack and defense strategies.
And the best part….. it is free for attendees.
Author: Kevin Lackey
Posted: July 13th, 2009 under Conferences, National Labs.
Comments: 6
Comments
Comment from ben
Time: July 13, 2009, 8:18 pm
The worst part? They had 60ish people register and only accepted 30ish for July’s engagement. The rest are on the waiting list for next quarter’s exercise.
Comment from Ralph Langner
Time: July 14, 2009, 4:36 am
“The exercise … is aimed at providing attendees with skills that are immediately applicable to their real environments.”
Well, we all know that the fellows from INL do a good job, but I have hard time figuring out the rationale behind the red/blue team setup, playing with “a small control system environment”. Do we have information on how the insight gained with this small test bed can be translated to real-world installations with hundreds or thousands of networked peripherals?
Comment from Dale Peterson
Time: July 14, 2009, 9:00 am
Ralph – - I have talked with a number of asset owners and vendors immediately after they completed this training. They all raved about it and particularly how practical and applicable it is. I rarely here such a universal, strongly positive reaction, and I’m trying to do a podcast just on this training course.
As I’ve said in previous podcasts, this course seems to be a success story and it is just a shame that they can’t schedule a lot more courses to meet the demand.
Comment from Sanji
Time: July 14, 2009, 10:37 am
Interesting that I know knowledgeable security persons who attended and were not impressed. The others attending came away with what they thought was a lot of useful information, but was really just a drop in the bucket. A case of, “A little Learning is a dang’rous Thing.”
Comment from bryan owen
Time: July 15, 2009, 9:43 am
Not to dismiss technical aspects but real world challenges of really knowing your system and organizing incident response provide significant learning opportunities.
The test bed is of sufficient size and scale to offer insight and recognition of many potential issues applicable in securing a plant site.
Comment from Ron Southworth
Time: July 24, 2009, 11:37 am
Hi Dale,
Apologies for being so quiet lately the level of chaos at the salt mine have kept even someone like me that rarely sleeps very busy.
I for one have a tremendous honor & privilege of saying that I have attended a training course as a non-US Citizen @INL. I can say most assuredly that it is indeed a very unique opportunity and realistic learning environment.
I think only someone very foolish would not take and gain the most of the possible learned outcomes. Ultimately like most activities we undertake in life you only get out what you put into it.
Write a comment