Threats in the form of cyberattacks on companies’ industrial environments are steadily increasing and pose a major threat as well as a challenge to what is known as OT (Operational Technology) security.
It is therefore becoming increasingly important to ensure the availability of machines and systems despite these threats. We have specifically tailored the “CESA – Certified Expert for Security in Automation” certification to address these challenges.
This expert training course provides comprehensive knowledge ranging from the design to the implementation of all necessary security measures in an industrial environment.
By correctly applying the IEC 62443 standard, operators, integrators, and manufacturers can demonstrate that their industrial automation systems comply with modern cybersecurity standards. But what specific requirements must be met, and what needs to be considered during implementation? This seminar is specifically tailored to IEC 62443 and provides you with the relevant expertise.
The course concludes with a TÜV-Nord certification exam, and upon successful completion, participants may use the title “CESA” (e.g., John Doe, CESA).
Overview
– Introduction to industrial security and the current threat landscape
– Legal requirements & standards (e.g., GDPR, NIS 2, CRA)
– IEC 62443: Structure, security levels, and measures
– Security risk assessment according to IEC 62443-3-2
– Integration of functional safety and cybersecurity (IEC TS 63074).
Industrial Security Fundamentals
– Differences between Safety & Security
– IT vs. OT Security, Purdue Model, Zone and Conduit Concepts
– Protection Goals: Confidentiality, Integrity, Availability
Threats & Attack Vectors
– Malware (Viruses, Ransomware, Trojans)
– Social engineering & phishing
– Attacks on availability, integrity, and confidentiality
– Supply chain risks and insider threats
Defense-in-depth strategy
– Multi-layered protective measures: Physical security, network segmentation, access control, monitoring
Technical Measures
– Firewalls, VPN, IDS/IPS, VLANs
– Multi-factor authentication, certificates, whitelisting
– Patch management, backup & recovery
Organizational measures
– Establishment of an IACS security program
– Roles & responsibilities
– Training, policies, supply chain security
Standards & regulations
– IEC 62443 series (security levels, foundational requirements)
– ISO/IEC 27001 (ISMS), prEN 50742, IEC TS 63074
– EU Regulations: NIS-2, Cyber Resilience Act
Case Studies
– Risk Analysis and Zone Modeling
– Implementation of security measures in real-world scenarios
– IT specialists
– Commissioning engineers
– Design engineers
– System integrators
– Safety officers (ISB)
– Programmers
Certification as a “CESA – Certified Expert for Security in Automation” requires professional experience and a basic understanding of the field.
Not sure if your current qualifications meet the required level? Then please contact us. We will provide you with personalized advice and suggest possible alternatives.