A CSII Practitioner Training Course has been developed as an IoT/ICS (Internet of Things, industrial control systems) hacking course. The aim; to teach candidates all the skills they need to securely test and assess connected systems and devices in consumer, industrial, and critical infrastructure settings. It is designed for beginner-intermediate level security people, whether they are engineers, technicians, analysts, or penetration testers.
The in-person course covers all the skill sets needed to understand, find, and act on, vulnerabilities found within IoT or OT (operational technology). It teaches practical skills that the candidate will be able to use in multiple scenarios, says Charles While, CEO of The Cyber Scheme. It combines traditional hacking/pen testing methodology and the hacking of hardware as well as a focus on the practicalities of consulting within IoT/OT.
Charles While says: “In 2024 IOT/OT security isn’t just a nice-to-have. It is now an absolute necessity if we are to protect individuals, organisations, and society as a whole and this is why we developed the new CSII practitioner training course. Our reliance on smart technology continues to grow, which means investing in robust IoT/OT security is now essential to preserve the digital innovations we’ve all come to depend on. Our new training course helps organisations to ensure their security consultants understand the specific challenges around securing IoT/OT environments, so they are able to take advantage of the opportunities, while mitigating the threats.
“The Cyber Scheme is committed to developing a talent pool of individuals who are able to cross into this field using the skills they already bring to their job, whether they’re from a software or hardware engineering background, or skilled at web-based security testing methods. The skills we instil can be applied to existing roles, creating well-rounded testers capable of understanding, and acting on, vulnerabilities found within these specialised environments.”
The course is run by The Cyber Scheme’s IoT/OT Subject Matter Expert Alex Teague PCSP. Alex began his career in Web Development and UX/UI Design and Application Development, progressing to a role in HM Government and then a focus on Operational Technologies, particularly on Automotive Applications. Alex is also a trained and approved Assessor for the Cyber Scheme, and a Principal Registrant with the UK Cyber Security Council.
Having an IoT/OT expert on hand, whether as a full-time employee on the factory floor or as an independent consultant, is an essential to an offensive cyber security team, The Cyber Scheme suggests, providing the ability to exploit and/or assess infrastructure not covered by traditional pen-testing services.
Topics covered include:
• Understanding IoT & OT Ecosystems
• Edge Devices
• Legal and ethical considerations In IoT
• The Cyber Kill Chain
• Common Vulnerabilities in IoT and OT Technologies
• CAN Protocol
• Assessing OT Environments & Special Considerations
• The Devices Found Within ICS Environments
• Assessment and Exploitation of exclusive Virtualised Factory
• Hardware Overview
• UART
• JTAG
• Reverse Engineering Firmware
Practical sessions:
• MQTT
• Cyber Kill Chain – staged practical session incorporating scanning, weaponisation, delivery, exploitation, installation, command & control and actions
• Car Hacking
• Exploitation of virtualised factory.
About The Cyber Scheme
The Cyber Scheme is an assessment body and an NCSC-certified Delivery Partner for technical training and exams. Visit https://thecyberscheme.org/.
