A Holistic Approach to Industrial Cybersecurity
Detecting Cyber Attacks in Substation Networks

Free Webinar - Watch Replay Now!

Previously held on Thursday, December 10, 2020 - 10AM to 11AM EST

Security is a critical requirement in modern SCADA systems. Interest & awareness of cybersecurity has increased with the looming deadlines by North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards increasing the urgency for the electric power industry to address this need. The good news is existing standard communication protocols like IEC 60870-5-104 and IEC 61850 have security capabilities built into to them and are used by SCADA devices today. This existing infrastructure can be leveraged as a major step towards meeting this requirement.


Energy companies typically operate across vast, geographically dispersed sites and rely on a high volume of complex devices and systems from multiple vendors. Such conditions can make accurately identifying and managing all assets in these OT environments exceedingly challenging. This coupled with the challenge of testing all the system components prior to deployment can further delay that the appropriate security requirements are in place in the final system.


Understanding the security in existing SCADA protocols like IEC 60870-5-104 and IEC 61850 along with utilizing the right tools can help overcome security challenges posed by IT/OT convergence and the expansion of remote workforces. Many challenges can be overcome by verifying secure communications are configured correctly at the system level.  By simulating system components, configuration issues can be identified earlier to ensure security requirements will be satisfied in the final system.

What you'll learn:
  •  Understand the history of malware, specifically Industroyer, the technical details on how it operates and its objectives in the OT network.
  • Using Claroty Continuous Threat Detection (CTD) Platform:
    • Learn how to extend the same controls IT security teams utilize for minimizing risk in IT environments to OT environments.
    • Utilize Passive, Active, and AppDB scanning capabilities to provide comprehensive OT visibility and asset management controls.
    • Learn how to automatically profile all assets, communications, and processes in OT networks, generate a behavioral baseline that characterizes legitimate traffic and weeds out false positives, and alerts users in real-time to anomalies and both known and zero-day threats.
    • Automatically map and virtually segment OT networks into Virtual Zones, which are logical groups of assets that communicate with one another under normal circumstances.
    • Learn how to compare each asset in an OT environment to an extensive database of vulnerabilities and exposures (CVE) data from the National Vulnerability Database allowing you to identify, prioritize, and remediate vulnerabilities in OT environments more effectively.
  • How to simulate messages from IEC 60870-5-104 and IEC 61850 including MMS & GOOSE, using Distributed Test Manager (DTM) to show how substation network monitoring software can be used to learn valid packets and then detect bad packets and invalid IEC 62351 authentication messages.
  • How to simulate a cyber attack on a substation including full network IP discovery followed by malicious controls.

Who should attend this course: 

  • Cyber security personnel
  • Compliance Managers
  • Protection & Control Engineers/ Managers
  • System Planners
  • Maintenance personnel
  • Utility IT personnel
  • Operations personnel

Sharon Brizinov
Vulnerability Research Team Lead

Sharon is an experienced security researcher, who specializes in vulnerability research, malware analysis, network forensics, and ICS security. Sharon's work is highly appreciated in the cyber community, and in the last few years he was invited to speak at leading cybersecurity conferences such as DEFCON and ICS-Village.

Claroty bridges the industrial cybersecurity gap between information technology (IT) and operational technology (OT) environments. Organizations with highly automated production sites and factories that face significant security and financial risk especially need to bridge this gap. Armed with Claroty’s converged IT/OT solutions, these enterprises and critical infrastructure operators can leverage their existing IT security processes and technologies to improve the availability, safety, and reliability of their OT assets and networks seamlessly and without requiring downtime or dedicated teams. The result is more uptime and greater efficiency across business and production operations.

Matthew Green
Senior Applications Engineer
Triangle MicroWorks, Inc.

Matt is a senior applications engineer here at Traingle MicroWorks. He’s been with Triangle for about 6 years and specializes QA testing with all our simulation tools and gateway.




Quick Links  Contact Us:
About Us

Triangle MicroWorks, Inc.
Sales: +1 919.870.5101
Support: +1 919.781.1931
Fax: +1 919.870.6692

Follow us on YouTube Follow us on Facebook Visit us on LinkedIn Follow us on Twitter

Copyright © 2013-2024 Triangle MicroWorks, Inc. All Rights Reserved