A new workshop sponsored by the National Institute of Building Sciences addresses what to do when a building control system has been hacked or taken over by ransomware.
A combination of classroom learning modules and hands-on laboratory exercises to help attendees learn how to detect, contain, eradicate, and recover from a cyber event, “Your Building Control Systems Have Been Hacked, Now What?” will be held Oct. 4 from 8 a.m. to 5 p.m. in Arlington, Va. It is intended for building owners, facility managers, and engineering, physical-security, information-assurance, and other professionals involved with the design, deployment, and operation of building control systems.
The workshop, taught by Michael Chipley, PhD, GICSP, PMP, LEED AP; Daryl Haegley, OCP, CCO; and Eric Nickel RCDD, CEH, CEP, is built around the Advanced Control System Tactics, Techniques and Procedures developed by the U.S. Cyber Command, which provide detailed step-by-step guidance for responding to a cyber attack.
During the one-day workshop, attendees will use the Cyber Security Evaluation Tool, GrassMarlin, Glasswire, and Belarc tools to create a fully mission-capable (FMC) baseline, which consists of documentation characterizing the control system, such as the topology diagram, enclave entry points, user accounts, server/workstation documentation, and network documentation.
Next, attendees will conduct footprinting and learn how to find building control systems exposed on the Internet using Google Hacking, Shodan, and WhiteScope discovery tools. Attendees then will build a Recovery Jump-Kit containing the tools control-systems and information-technology (IT) teams need to restore a system to its last FMC state during mitigation and recovery. Using the Recovery Jump-Kit, attendees then will find and eradicate malware using tools such as MalwareBytes and the Microsoft Internals suite and learn how to perform data collection for forensics, which involves the acquisition of volatile and non-volatile data from a host, a network device, and control-system field controllers. Lastly, attendees will learn to evaluate the cyber severity of an incident and prepare an incident report.
Attendees will need a laptop with administrative privileges to load software. Course content, tools, and lab exercises will be provided on a CD at the beginning of the workshop.
Registration is $600 per person. Because this course is being offered for the first time, participants will receive a discounted rate of $300. Space is limited to 20 students. To view the workshop schedule and to register, click here.