Educational guide

IDENTIFYING DATA

2023_24

Subject

INDUSTRIAL CYBERSECURITY II

Code

01747020

Study programme

1746 - Máster Universitario de Investigación en Ciberseguridad (OL)

Descriptors

Credit.

Type

Year

Period

Optional

First

Second

Language

Castellano

Prerequisites

Department

ING.ELECTR.DE SIST. Y AUTOMATI

Coordinador

PRADA MEDRANO , MIGUEL ANGEL

E-mail

mapram@unileon.es
dperl@unileon.es
jrodo@unileon.es

Lecturers

PRADA MEDRANO , MIGUEL ANGEL

PEREZ LOPEZ , DANIEL

RODRIGUEZ OSSORIO , JOSE RAMON

Web

http://

General description

Tribunales de Revisión

Tribunal titular
Cargo	Departamento	Profesor
Presidente	ING.ELECTR.DE SIST. Y AUTOMATI	BLAZQUEZ QUINTANA , LUIS FELIPE
Secretario	ING.ELECTR.DE SIST. Y AUTOMATI	MARCOS MARTINEZ , DAVID
Vocal	ING.ELECTR.DE SIST. Y AUTOMATI	ALAIZ MORETON , HECTOR

Tribunal suplente
Cargo	Departamento	Profesor
Presidente	ING.ELECTR.DE SIST. Y AUTOMATI	ALAIZ RODRIGUEZ , ROCIO
Secretario	ING.ELECTR.DE SIST. Y AUTOMATI	FOCES MORAN , JOSE MARIA
Vocal	ING.ELECTR.DE SIST. Y AUTOMATI	GARCIA RODRIGUEZ , ISAIAS

Competencies

Type A	Code	Competences Specific
	A18816
Type B	Code	Competences Transversal
	B5729
	B5730
	B5731
	B5732
	B5740
Type C	Code	Competences Nuclear
	C2
	C4
	C5

Learning aims

	Competences
Knowing the main initiatives, programs and procedures of security focused to systems, networks and applications in industry environments.	A18816	B5730 B5731 B5740	C2 C4
Knowing the main security techniques in industrial control systems.	A18816	B5729 B5730 B5732 B5740	C2 C4 C5

Contents

Topic	Sub-topic
I. Security in depth.	T1. Policies and procedures. Privileges and authentication. T2. Host security. T3. Network security. Perimeter defense and network segmentation. Zones and conduits model.
II. Technologies on industrial cybersecurity.	T4. Technologies. T5. Protocol filtering. T6. Intrusion detection.
III. Detection and response to incidents in industrial environments.	T7. Security information and event monitoring. T8. Forensic analysis and incident response.
IV. Security programs in critical infrastructures.	T9. National schema of industrial cybersecurity. Capacity assessment. T10. Operator security plans. Specific Protection Plans.

Planning

Methodologies :: Tests
	Class hours	Hours outside the classroom	Total hours
Presentations / expositions	2	13	15

Practicals using information and communication technologies (ICTs) in computer rooms	10	18	28
Personal tuition	1	0	1

Lecture	10	20	30

Objective multiple-choice tests	1	0	1

(*)The information in the planning table is for guidance only and does not take into account the heterogeneity of the students.

Methodologies

Methodologies ::

	Description
Presentations / expositions	Course project and its exposition
Practicals using information and communication technologies (ICTs) in computer rooms	Hands-on tasks
Personal tuition	Personal attention
Lecture	Lectures

Personalized attention

Personal tuition

Description

The students can receive personal or group attention that should be requested in advance by e-mail.

Assessment

	Description	Qualification
Presentations / expositions	Course project and its exposition	20%
Practicals using information and communication technologies (ICTs) in computer rooms	Evaluation of hands-on tasks	20%
Objective multiple-choice tests	The exam covers theoretical and practical concepts.	60%

Other comments and second call
In order to pass the course, it is necessary to reach at least 3 out of 6 in the written exam, 1 out of 2 in the hands-on tasks, and a total grade of 5 points out of 10. SECOND CALL: Written exam: 60% Hands-on tasks: 20% Project: 20%

Sources of information

Access to Recommended Bibliography in the Catalog ULE

Basic
	Industrial Network Security, Second Edition: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Eric Knapp, Joel Thomas Langill. Syngress, 2014. Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure. Eric Knapp, Raj Samani, Joel Thomas Langill. Syngress, 2013. Guide to industrial control systems (ICS) security. Keith Stouffer, Joe Falco, Karen Scarfone. National Institute of Standards and Technology, 2015. Informe de Amenazas CCN-CERT IA-04/16. Amenazas y análisis de riesgos en Sistemas de Control Industrial (ICS). Centro Criptológico Nacional, 2016
Complementary
	Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies, US Homeland Security, 2016 Estándar ISA/IEC 62443. https://ics-cert.us-cert.gov/

Recommendations

Subjects that it is recommended to have taken before

INDUSTRIAL CYBERSECURITY I / 01746014