The aim of the module is to enable students to understand the differences between IT and OT security risks, the impacts of users behaviour and how to establish a Cyber Security Management System (CSMS). This module was developed under the CyberSkills HCI Pillar 3 Project. Please refer to the consortium agreement for ownership.

• Cyber Threats, vulnerabilities and attack vectors o Importance of securing ICS. Threat landscape - Malware, exploits, APTs, insider threats, hacktivism, cybercrime, cyber terrorism, cyber war. Threat actors. Threat Intelligence and sharing. CIA triad. Vulnerabilities in ICS. Vulnerability assessment. Penetration testing. Vulnerability database. Common Vulnerability Scoring System (CVSS). Risk ranking - DREAD Model. • The OT concept of Asset/vulnerability management o Lots of legacy equipment, fear of IT intrusion etc. • ICS Security Architecture o Defence in Depth. Physical, Network, Computer, Application & Device Security. Security architecture for ICS. Security Architecture Patterns - access controls, network security, log management and remote access. Security Principles - Zones & Network Segmentation. establishing zones and conduits. Relationship of zones/conduits and Purdue Reference model. Zones and security device configuration. • Security Principles - Firewalls and Zoning o Network Segmentation. Zoning. Firewalls. Firewalls. Firewall configuration with zones. Access Control lists. VLANs. Host based Firewalls . Application based Firewalls • Security Principles - Intrusion Detection & Prevention o Network Intrusion Detection and Protection Systems. IDS/IPS recommendations for ICS. • Introduction to Security Monitoring o Security information and event management (SIEM). SIEM tools. SIEM data collection - firewalls, IDS/IPS, router and switch, OS and application logs. Achieving network visibility. Behavioural anomaly detection. Whitelist configuration. Event correlation.

On successful completion of this module, students will be able to: LO1: Assess, manage and evaluate Operational Technology (OT) Security. LO2: Present mitigation strategies for OT security. LO3: Identify the differences between Information Technology (IT) and OT security. LO4: Develop a Cyber Security Management Strategy.

On successful completion of this module, students will be able to: LO5: Value and accept the importance of security awareness for Operational Technology (OT).

On successful completion of this module, students will be able to:

This module will be delivered online in a blended fashion to industry-based learners and will be scheduled in the evening time by Cyberskills. The lecturing staff will be provided by the HEA HCI Pillar 3 initiative - Cyberskills. By following recent developments with OT/ICS and its devices we aim to ensure that students of this module are knowledgeable, proactive, creative and articulate in relation to Applying and Managing (Secure) networking services and devices for the OT Domain. The content of the module has been determined by aligning the module syllabus with the KSAs (Knowledge, Skills and Abilities) specified in the NIST/NICE framework for the Network Services work Role - Network Operations Specialist (OM-NET-001). The module content was discussed and designed with industry panel input from Dell and ADI.