The Cybersecurity Fundamentals course for water and wastewater utility professionals will provide a general overview of successful cybersecurity program development. Designed for organizational leaders in the water and wastewater industry, this online course provides practical knowledge of basic security measures that can be implemented to address risks associated with the most common cyberattacks.
The key take-away from this course is to provide organizational leadership with knowledge needed to be able to ask their team of cybersecurity professionals the right questions when conducting an internal assessment of their organization’s cybersecurity posture and ability to be resilient to cyberattacks.
Register today to learn about:
- The most common cyber threats
- Specific counter measures that can be employed by any organization
- The role organizational culture plays in impacting risk-mitigating activities against water and wastewater facilities’ critical infrastructure
- Leaders will also develop an understanding of how people, processes and technology all work together to improve cyber defense efforts
Learning Outcomes
- Analyze leading trends in next-gen cyber challenges and innovative solutions
- Describe and compare cybersecurity frameworks and compliance models
- Discuss social engineering, ransomware, and email/media channel compromise mitigation
- Discuss identification and protection of high value assets in critical infrastructures
- Review assessment and risk management approaches and incident management methods
- Examine supply chain and partner risks and cyber contracting and litigation issues
- Communicate strategies for effective cybersecurity budgeting and prioritization
MONDAY, MARCH 4, 2024
9:00 a.m. – 4:00 p.m. Central Time
Introduction to Cyber Threat for Water and Wastewater Utilities
- The Most Common Cyber Threat Attack Vectors
- Who Are the Attackers and What Do They Want?
- The Basics about Advanced Persistent Threat (APT) Teams
Best Practices from Water ISAC, NIST, ISO, and CIS
- Water ISAC Best Practices
- Cyber Policy and IT Security Frameworks
- Social Engineering
- Being Smart in the Digital World
Lunch Break
Common Exposures of Email, Media, Supply Chain, Etc.
- Definitions
- Email Security
- Social Media and Related Security
- Supply Chain
- Process Control
- Procurement Controls
Ransomware and Other Common Malware Variants
- Definitions of Malware Variants
- Ransomware Discussion
Common Adversary Methodologies
- Cyber “Kill Chain”
- Adversary Tactics, Techniques and Procedures (TTPs)
- MITRE ATT&CK framework
Overview of Technical Counter Measures
- Cybersecurity Hardware
- Cybersecurity Software
- Overview of Cloud Architectures
- Basic Enterprise Architecture
Overview of Defensive Architectures
- Defense In-Depth
- Zero Trust
- Secure Access Service Edge (SASE)
TUESDAY, MARCH 5, 2024
9:00 a.m. – 12:00 p.m. Central Time
Basic Elements of Incident Response (Responding to Cyberattacks)
- Cyber Incident Management Framework
- Communications Planning
- Cyber Incident Walk Through
Cyber Resiliency
- Emergency Response Plan
- The Triad of Emergency Response Planning – Business Continuity, Disaster Recovery and Cyber Incident Response
- Continuity of Operations Plan / Disaster Recovery Plan
- Crisis Management Teams
- Manual Overrides and Temporary Manual Operations
- System Redundancy
Assessing Risk and Making Risk-Based Decisions
- Cyber Risks are different from Financial, and Operational Risks
- Using Threat, Cybersecurity Assessments, Audits and Penetration Tests
- Developing Meaningful Compensating Controls
- Creating the Realistic Risk Assessment
Establishing the Value Proposition for Cybersecurity
Online Activity
Wrap up and Adjourn
Dr. Christopher Carter, Chief Information Officer (CIO), a Maryland Water Utility
Dr. Carter is an experienced IT and Cybersecurity leader with a Doctorate in Information Assurance and has cultivated process expertise across diverse mission disciplines. As Chief Information Officer for a large Maryland Water Utility, he served as the executive responsible for directing and managing the IT Department and leading a large team of staff, consultants, and implementation support specialists for IT and OT Management. He is accountable for ensuring that Water Utility Technology and Services are securely designed and implemented under constrained budgets and in full alignment with senior business leadership’s strategic goals and objectives. He was formerly the Technical Director for Cybersecurity and Cyber-Physical OT Security at Diplomatic Security at the State Department and has held several other Cybersecurity leadership roles in other civil agencies and the Department of Defense (DOD).