konnect Issue-date: 31st March 2020

ISAB ISA/IEC 62443 Cybersecurity Certification Training Course part-A (IC-32 & IC-33) 27-31 Jan 2020

Report onProfessional Certification Training - IC32 and IC33.

In the recent times ICS cybersecurity is in limelight due to surge in attacks on ICS environment whether be it oil and gas, defence industry, power utilities (generation and distribution), water and wastewater management and nuclear. Considering significant importance, interest and requirement of professionals trained with ISA 62443 cybersecurity certification, the International Society of Automation (ISA) Bangalore Section organized (1st time in Bangalore-India) a globally recognized "ISA/IEC 62443 Cyber-security Certificate Programs" training course (Courtesy: Support from ISA-D14 & ISA-Europe) with professional experienced expert trainers from ISA-Europe.This is highly discounted fees compared to listed courses fees offered by ISA online (or at ISA USA/Europe classrooms) and 1st time being offered in India.

About ISA/IEC 62443 Cybersecurity Certificate Program:
Globally recognized ISA/IEC 62443 Cybersecurity Certificate Program consists of 4 certificates.

Certificate-1: ISA/IEC 62443 Cybersecurity Fundamentals Specialist (Module-IC32)
Certificate-2: ISA/IEC 62443 Cybersecurity Risk Assessment Specialist (Module-IC33)
Certificate-3: ISA/IEC 62443 Cybersecurity Design Specialist (Module-IC34)
Certificate-4: ISA/IEC 62443 Cybersecurity Maintenance Specialist (Module-IC37)
ISA/IEC 62443 Cybersecurity Expert: Individual who achieves certificates 1, 2, 3 & 4 are designated as ISA/IEC 62443 Cybersecurity Expert.


To know more about ISA/IEC 62443 Cyber Security certificate programs, please visit -- https://www.isa.org/training-and-certifications/isa-certification/isa99iec-62443/isa99iec-62443-cybersecurity-certificate-programs/

About ISAB "ISA/IEC 62443 Cybersecurity Certificate Program" Training Course:
At present, ISA Bangalore Section plans to organize this training course in 2 parts.

Part-A: 5-days ISA/IEC 62443 Cybersecurity certificate class-room course (Part-A) covering Certificate-1 (IC32) & Certificate-2 (IC33) as described below: Part A.1: ISA/IEC 62443 Cybersecurity Fundamentals Specialist (IC32)
2-days classroom course on Using ISA/IEC 62443 Standards to Secure Industrial Control Systems.

The move to using open standards such as Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has begun to expose these systems to the same cyberattacks that have wreaked so much havoc on corporate information systems. With the introduction of the new UK HSE Operational Guidance OG-0086, the need to understand the fundamentals of control system security has never been more important. This course provides a detailed look at how the ISA/IEC62443 standards can be used to protect your critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

Part A.2: ISA/IEC 62443 Cybersecurity Risk Assessment Specialist (IC33) 3-days classroom course on ISA/IEC 62443 Standards on Assessing the Cybersecurity of Existing or New IACS i.e. Industrial Automation & Control Systems (IC-33)

The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).

Course Batch-1:

In view of the dire requirement of the industry ISA Bangalore has organized certified training courses of IC32 and IC33 during 27-31 Jan 2020.This1st batch included 19 participants from various MNCs and local organizations like Deloitte, GE, Yokogawa, Siemens, Infosys, Uthunga, VJTI etc. and also some independent professionals. This 5 dayscourse was conducted at Bangalore covering IC32 (i.e ISA 62443 Fundamental Specialist) and IC33 (i.e ISA 62443 Cybersecurity Risk Assessment Specialist). The participants are from various backgrounds such as consultancies, oil and gas, power utilities etc.


The course covered the following aspects:

IC32 - ISA 62443 Cybersecurity Fundamental Specialist
IC32 is covered with
  • ANSI/ISA-62443-1-1 (ANSI/ISA-99.00.01-2007), Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
  • ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009), Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • ANSI/ISA-62443-3-3, Security for industrial automation and control systems: System security requirements and security levels

    And enables professionals for
  • What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same.
  • Understanding the Threat Sources | The Steps to Successful Cyberattacks
  • Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
  • Business Rationale | Risk Identification, Classification, and Assessment
  • Cyber Security Management System Scope | Organizational Security | Staff Training and Security Awareness
  • Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
  • Risk Management and Implementation | System Development and Maintenance | Information and Document Management
  • Compliance and Review | Improve and Maintain the CSMS
  • What is being done? | Developing Secure Products and Systems

    IC33 - ISA 62443 Cybersecurity Risk Assessment Specialist

    The first phase in the IACS Cybersecurity Lifecycle (defined in ISA 62443-1-1) is to identify and document IACS assets and perform a cybersecurity vulnerability and risk assessment in order to identify and understand the high-risk vulnerabilities that require mitigation. Per ISA 62443-2-1 these assessments need to be performed on both new (i.e. greenfield) and existing (i.e. brownfield) applications. Part of the assessment process involves developing a zone and conduit model of the system, identifying security level targets, and documenting the cybersecurity requirements into a cybersecurity requirements specification (CRS).

    And enables professionals for
  • Identify and document the scope of the IACS under assessment
  • Specify, gather or generate the cybersecurity information required to perform the assessment
  • Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design
  • Organize and facilitate a cybersecurity risk assessment for an IACS
  • Identify and evaluate realistic threat scenarios
  • Identify gaps in existing policies, procedures and standards
  • Establish and document security zones and conduits
  • Prepare documentation of assessment results



    Conclusively, there were very expert discussion carried about ISA 62443 standard along with practical lab sessions. Candidates learnt and provided a very positive feedback. Presently, candidates are clearing the certification exam and are in progress to be ISA 62443 Cybersecurity Experts.

    PARTICIPANTS' FEEDBACK ANALYTICS