July 2021 issue

Cybersecurity learning lab for energy and water supply - get to know us

Against the backdrop of the increasing digitalization of energy and water supply systems, our cybersecurity learning lab for energy and water supply addresses the current and future challenges facing the infrastructures concerned. Particular focus is placed here on the secure and stable operation of critical energy and water supply and ICT infrastructures. Hazard analyses and risk assessments for IT/OT attack scenarios, knowledge of the legal requirements for IT security and the use of suitable tools are playing an increasingly important role.

The advanced training in our cybersecurity learning lab is primarily aimed at operators and planners of utility infrastructures from the energy and water sectors, but also at manufacturers of components and solutions. The range of services offered by the learning lab covers the entire spectrum from awareness training to intensive technical courses and individual workshops. In addition to the open training courses offered by the Fraunhofer Academy, we also develop customized in-house training courses.

Thanks to an extensive laboratory infrastructure at our two locations in Ilmenau and Görlitz, as well as the use of the mobile training platform developed in the learning laboratory, we are able to offer an extremely high practical component in the technical intensive courses and provide the opportunity to work on very specific issues in a practical manner.

The range of services is rounded off by our cybersecurity assessments, in which we carry out security analyses and evaluations as well as conceptual designs for existing and future IT/OT infrastructures on the basis of the latest research findings.

Gap analysis - security check for your OT infrastructure

One of the core competencies of our cybersecurity learning lab is the preparation and execution of cybersecurity assessments. This includes general assessments of concepts, selective security reviews in the form of target-performance comparisons based on IT security standards, and so-called gap analyses - multi-stage, in-depth security reviews.

A gap analysis examines numerous security aspects of the IT and OT infrastructure under consideration, from reviewing documentation and analyzing security gaps using automated vulnerability scans to validating susceptibility to selected homegrown attacks. This methodology is similar to the approach hackers use to prepare targeted attacks, including:

Obtaining the necessary information about the target
Reviewing installed systems and applications, including potential points of attack
Developing targeted attacks on selected systems and communication interfaces.

This holistic approach allows utilities to review your critical systems, such as telecontrol or I&C infrastructure, in an isolated environment for vulnerabilities and potential security deficiencies, identify attack opportunities for the defined assets, and examine their impact.

The planning and execution of gap analyses can be very individually adapted to the specific infrastructures of the companies and designed to support the various processes resulting from the requirements of the ISMS.

Technical intensive course - Master cyberattacks!

The Technical Intensive Training is a multi-day seminar that focuses on the practical teaching of aspects relating to different types and manifestations of cyber attacks and their defense. For this purpose, a mobile training platform developed by Fraunhofer IOSB-AST is used, which realistically represents a section of the OT infrastructure of the energy supply. During the training, the approach of hackers when attacking systems and processes of the energy supply is structurally explained and reproduced by example attacks on the training platform. The entire cyber kill chain is run through and the multi-stage procedure during an attack is reenacted. From this awareness of the actions of attackers, targeted structural vulnerabilities and threats are worked through and practical countermeasures for protection are developed. The focus is on preventive measures for network protection and system hardening. The focus is on practical relevance through independent configuration of technical components and implementation of the developed security measures. The seminar participants are thus enabled to immediately apply the knowledge they have learned about attack prevention in their practical work.

The seminar is supported by an accompanying online offer, in which the participants can deepen individual aspects in advance and after completion of the seminar.

Our training dates

Are you looking for individually designed training for your company?

No problem! We offer customized in-house seminars that are individually tailored to your company or your training needs. You decide what is learned, where and when.