How to get certified in OT cybersecurity

Overcyte met with representatives from industrial cybersecurity firm Dragos​ and Palo Alto's threat intelligence specialists Unit 42 last week to hear the latest on ICS/OT activity in the APAC region.

We spoke about IT/OT convergence and the PRC state-sponsored advanced persistent threat group Volt Typhoon before the discussion turned to training and certifying in cybersecurity.

Whilst IT specialists can choose to study courses offered by an array of product and service vendors or industry organisations such as ISACA and ISC2, there are specialist options when it comes to upskilling in OT.

OT courses and concepts

Foundational areas to study include:

• Key differences between OT and IT
• ICS principles, threats and attacks
• Security measures to protect industrial systems
• Digital and analog operations in OT environments
• The 5 ICS Cybersecurity Critical Controls developed by Tim Conway and Dragos co-founder Robert M. Lee
• ICS/OT Standards including IEC 62443, NIST 800-82, NIS2, and NERC CIP

Major providers of Critical Infrastructure specific training include:

SANS Institute

SANS provide both introductory courses like ICS Cybersecurity Foundations (ICS310) and respected industry certs such as GIAC Response and Industrial Defense (GRID). Certification body GIAC provides the testing capability to certify against the full range of SANS courses.

The International Society of Automation

ISA provides a series of courses for ISA/IEC 62443 cybersecurity certification.

The IEC 62443 series of standards address security for operational technology in automation and control systems and familiarity is key for engineers working in these environments. Start with the ISA/IEC 62443 Cybersecurity Fundamentals Specialist and there are three further courses to complete before you can be awarded Cybersecurity Expert standing.

Microlearning modules are now also offered to jump start your knowledge with IACS Cybersecurity for CISOs available for free.

A new entrant for OT learning?

In May, CompTIA announced its intent to join SANS and ISA in offering OT certification options for those looking to add critical cybersecurity skills in operational technology.

The proposed SecOT+ certification will "bridge critical knowledge and skill gaps between OT and IT" and - upon formal launch - would add to the organisation's list of well-known entry level certs including Security+ and PenTest+ for those studying network security and risk management practices.

As the regulatory requirements increase for CNI operators, enhancing and verifying employee capability through OT training and certification will pay dividends.