Overview
– Introduction to industrial security and the current threat landscape
– Legal requirements & standards (e.g., GDPR, NIS 2, CRA)
– IEC 62443: Structure, security levels, and measures
– Security risk assessment according to IEC 62443-3-2
– Integration of functional safety and cybersecurity (IEC TS 63074).
Industrial Security Fundamentals
– Differences between Safety & Security
– IT vs. OT Security, Purdue Model, Zone and Conduit Concepts
– Protection Goals: Confidentiality, Integrity, Availability
Threats & Attack Vectors
– Malware (Viruses, Ransomware, Trojans)
– Social engineering & phishing
– Attacks on availability, integrity, and confidentiality
– Supply chain risks and insider threats
Defense-in-depth strategy
– Multi-layered protective measures: Physical security, network segmentation, access control, monitoring