Search
-
Recent Posts
Recent Comments
- Gabi Spencer on The importance of Process Hazard Analysis studies
- Ephraim Gasitene Phonela on The importance of Process Hazard Analysis studies
- Gabi Spencer on ESC’s TÜV Rheinland Cyber Security Training Program
- David Dewdney on ESC’s TÜV Rheinland Cyber Security Training Program
- David Balfour on Functional Safety (FS) for Technicians – Proposed CompEx modules
Archives
- May 2022
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- January 2020
- July 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- November 2018
- August 2018
- April 2018
- March 2018
- February 2018
- November 2017
- May 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- August 2015
- June 2015
- May 2015
- February 2015
- November 2014
- September 2014
- July 2014
- April 2014
Categories
Are you competent on IACS cybersecurity?
On this blog ESC’s Dr Fan Ye looks back at some of his previous articles written for LinkedIn and raises the question ‘Are you competent on IACS cybersecurity?’
Are you competent on IACS cybersecurity?
Looking back at the following posts we can establish from our experiences that there is a general lack of competence in the field of IACS cybersecurity.
- Industrial Automation and Control System (IACS) is different from IT in terms of cybersecurity – see the LinkedIn post “Cyber Security – How is ICS different from IT?”.
- IACS asset owner needs to conduct a cybersecurity risk assessment and manage the risks identified (required by IEC 61511:2016) – see the LinkedIn post “IEC 61511 Security Requirement – Cyber Security And What It Means for you”.
- HSE has issued an Operational Guide on Cyber Security for IACS (OG-0086) for their inspectors when performing inspections at major accident workplaces – see the LinkedIn post “Is your plant ready for HSE inspection on Cyber Security?”.
If you are an IACS asset owner, IACS product manufacturer, IACS integrator, or an IACS service provider, do you have the necessary competence in fulfilling your role on IACS cybersecurity, e.g. in compliance with IEC 62443 series standards on Security for IACS?
One way of building up the necessary competence is through training.
TÜV Rheinland has recently started a CySec Specialist certificate course on IACS cybersecurity. Successful delegates will be issued a CySec Specialist (TÜV Rheinland) certificate.
TÜV Rheinland training program and structure diagram below

ESC is one of the TÜV Rheinland approved course providers, with Dr Fan Ye (GICSP) as the approved trainers, on the following courses:
- Fundamentals of Cyber Security
- Security Risk Assessment
In order to obtain a CySec Specialist (TÜV Rheinland) certificate, a delegate must
- Demonstrate adequate knowledge on the fundamentals of cyber security, either by attending the fundamentals course and pass the exam, or by pass the exam without attending the fundamentals training; and
- Attend advanced training courses on specialist areas such as Product Development and Risk Assessment and pass the exam
If you are interested and would like to find out more about the training programme, see ESC’s Training and Industrial Control Systems Cyber Security pages for more details.