The Knowledge of Industrial Security Staff

The implication that is being carried out within cybersecurity industries has made the demand for experts in industrial security to grow to such a point that is difficult to cover all of the needs. The knowledge that is required of an industrial security expert is different to that of an expert in corporate security, especially in the way in which the security is applied, however both share common fundamentals.

To Go to University or Not?

The wide range of university programmes in Spain do not include a specific cybersecurity degree programme, although there are various master's programmes which focus on this. However, are there options to gain undergraduate or postgraduate qualifications from private universities or institutions.

This is due, in part, to the fact that industrial security requires a mixture of different skills, where there are three basic pillars to be able to become a true expert:

• IT skills: undoubtedly. Providing all the information about communication, protocols and how software works; not forgetting the concepts of programming.
• Industrial skills: Allowing for knowledge to be gained on how the industry works, its parts, components, different processes, etc. The basic concepts of automation and control are learnt here.
• Electronics skills: Providing knowledge about the internal workings of the devices. This will allow for the most important components of the main boards of the devices to be identified, as well as recognising means of communication and being able to interpret digital and analogue signals.

These three skills which are necessary to be an investigator in industrial security do not have to be learnt at university. These days there are many face-to-face and online courses, both free and ones which you paid for, such as the training provided by INCIBE-CERT which allows this knowledge to be gained, both on a general and specific level.

Certifications and Courses

Within the world of industrial cybersecurity there are a series of well-renowned certifications which are highly sought after by security services companies and for their staff, and also by the industries. These certifications have already been mentioned within Security certifications in control systems.

The catalogue of courses on industrial cybersecurity grows on a daily basis, with new options, revised versions and specialisations. There is a very wide range of courses, with ones that start from just a few hours up to various days, both online and face-to-face, theoretical ones and more practical ones, ones that you pay for and ones that are free, etc.

The most interesting courses for those that have just started will be those that include the largest amount of practical elements possible, as that allows them to be in contact with the technology of the industry and the equipment that, quite possibly, they have never had the opportunity to touch before. Those that are more advanced can opt for more theoretical courses, commonly focused on a single subject, which explain new equipment or new security solutions; their knowledge will allow them to reproduce these characteristics in a laboratory without too much effort.

Programming Skills

Knowledge about computer programming is going to be very important, not just because of the necessity to develop applications, but also to understand what these applications do, or the malware, and to be able to suggest ways of improving security and to be able to create analysis scripts or concept tests.

Often, a high level of languages will be required (mainly C and C++), as well as the scripting languages which are very present, be that PowerShell, Python, etc. Another very important point will be the handling of assembly language, of which basic knowledge must be held on a general level, including how call stacks work, the registries in memories, etc., as well as the commands and instructions of basic systems such as ARM, Microchip, Intel etc.

This, is the IT part of the industrial sector, but then there is also PLC programming, in other words the knowledge of IEC 61131-3 standards. In this standard, the 5 types of PLC programming are defined, although there is no reason for all of these options to be implemented. In this regard, practice is what provides a greater knowledge and fluency.

- Example of the programming languages defined in IEC 61131-3 -

Applications

The world of security applications for industrial systems is not all that dissimilar to that of business security. The applications used are often the same, although the way they are used varies.

Thus, the use of network analysers, whether they be in terms of traffic or the state of communications, will be much used applications. Data mining applications will also be very important, as will code disassembling applications when it comes to figuring out how a malware works. But the difference will be in the handling and use of applications which simulate SCADA protocols and suites.

A great deal of applications which are of interest to industrial security experts are gathered in the article Industrial Protocols: Security tools.

Hardware

The security hardware which is specific to control systems will be another important point. Firewalls should have control protocol capacities, IDS/IPS should be installed with particular attention paid to their possible impact, special equipment such as industrial switches or data diodes, etc. should be learnt both on a theoretical and practical level.

Training on devices tends to be difficult to find, as it is not common for free access courses to spring up about a technology, therefore in this case it will be necessary to attend talks by manufacturers and to search through expert forums to be able to gather all the knowledge.

The more knowledge that is gained about different solutions, the better the security solutions which will be able to be put forward from the same architecture, alternatives will be able to be suggested according the the final level of security expected or the budget available.

Other Resources

Attending conferences, presentations and webinars by other experts will also be a very important source of information. The industrial world has many sectors, and it is very complicated, if not impossible, to try and encompass them all; but it is possible to know about the most relevant parts of each one at the hands of the experts in each sector. Moreover, attending these types of meetings keeps you up to date with new products, technology and methodology, as well as attack vectors and security measures.

- Key specialisations in industrial security -

As an expert in cybersecurity, one of the first decisions that you will have to take will be to determine your scope and to choose which sectors you want to focus on. Many of the actions that are carried out by a security expert are valid in the majority of sectors, but the specific control equipment could mean that applications methods vary. Years of experience and practice in the field will provide you with the final knowledge that you need, and it will stop you from getting rusty as you will always be facing new challenges.