Training and certification for industrial control cyber security is becoming a hot topic. Training courses to educate engineers to hot-defend IACS or ICS (industrial control and automation system) are made available by a number of companies; however, many of the training programs that are designed cover only select parts of full-spectrum. This issue becomes truly evident when personnel from different companies, with unequal levels of expertise in security and training work together on major projects together. In some instances the disparities and dissonance in security knowledge among personnel can be very clear.

For several years Yokogawa had incorporated a number of initiatives with its customers and their suppliers to address the issue. Together, Yokogawa and a short list of customers made several attempts to promote a new and universally effective security certification specifically for industrial control systems. When the idea was accepted by SANS and GIAC – the largest and most trusted sources of security training and security certification in the world – the concept began to truly gain traction. The universally all-inclusive certification concept culminated at the end of 2013 with the release of the GICSP certification

SANS and GIAC

Most people outside the world of IT would not be familiar with SANS or GIAC. Established over 25 years ago, today SANS is a security research and training organization viewed to be one of the best in the US and the world, specifically in IT. GIAC is the certification body of SANS. GIAC prepares and administers the exams that are distributed by SANS.

- GIAC (Global Information Assurance Certification) was established in 1999 to validate the skills of information security professionals. GIAC certifications are trusted by thousands of companies and government agencies, including the US National Security Agency (NSA).

- SANS is the leading organization in computer security training. Established i 1989, the SANS Institute is known for providing intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and networks.

SANS has been involved in ICS security for some time and holds a number of global conferences each year. In recent years, SANS has teamed up with John Pollet at Red Tiger Security and give a number of industrial security training courses worldwide – a significant development in this area.

The new GICSP certification (Global Industrial Cyber Security Professional) is intended to establish a base level of knowledge for professionals that work in a number of fields – to serve as a bridge to bring together IT, engineering and cybersecurity professionals to ensure the full-spectrum security of a control system from conception through its entire lifecycle to retirement. Project engineers, support and maintenance engineers, or asset owner staff working in the area should establish an appreciation and mutual understanding of the important issues and challenges in ICS security – and GICSP does just that.

GICSP Content

The GICSP certification is a multiple choice exam of 115 questions. Of these questions, 100 are for evaluation and 15 being tested for future use. The exam will assess the knowledge of the candidate in a number of areas such as Architecture, Risk Assessments, Monitoring, Change Management, Business Continuity, Incident Management, Industrial Control Systems (RTUs, SIS, etc), System Hardening and general Cybersecurity Essentials. GICSP is aimed at ensuring that the people whom are certified have a concrete base level of knowledge that they should know if they are in a role that could impact cyber security of an ICS environment.

The certification is meant to be neither too difficult – nor too easy. If you come from a purely IT background, the exam would be challenging in a number of areas. Similarly, a pure process control engineer may find the IT questions to be challenging. The exam covers a base level in all relevant areas.

SANS course 410 (ICS Security Essentials) is an effective channel to prepare for the GICSP exam. The course is typically one week full-time, but can be spread over several weeks if needed. Take note that there are many information sources readily available online, in regards to the knowledge areas of the certification. Specific training and preparation is not required, but most believe that SANS education is a must.

Are you enjoying this article?? Follow us on LinkedIn and Facebook

GICSP and Yokogawa

GICSP is the only credential of its kind. It addresses the specific cyber security issues in the ICS field, and is perfectly aligned with Yokogawa’s longstanding commitment in bringing safety and efficiency to its customers. Yokogawa is one of the leading companies with GICSP certified employees in the industrial automation industry.

Commenting on GICSP in a recent press release, Shailendra Shete, head of the Global Engineering Business Division, says, “Employees who get this certification will be conversant with the latest technologies and be at the forefront of efforts to provide such services to the industry. I think that they will be able to help Yokogawa take and maintain a leading position in the provision of security services." (read the full press release here)

At a recent Yokogawa business conference, Shell Global Solutions Manager Tyler Williams spoke of GICSP in a similar light; “The most important aspect of setting up a cyber security solution is to ensure that your engineers respect the fact that IT can bring a different, capable set of skills to the table... (GICSP) are the perfect credentials for helping us to continue our security journey,” said Williams. (read further comments by Tyler Williams here)

Now, having standardized methods and terminology, more people are able to work together. By working together we can achieve better results, and better results will lead to a better future. With that being said, it is equally important to educate site staff and become GICSP certified as well.

Yokogawa’s is proud to have played a contributing role in the development of GICSP, and will aim to ensure safe and efficient operations at customer facilities. Due to this belief, Yokogawa will continue its efforts to increase the number of GICSP certified professionals at each of its Group companies around the world, and encourages other companies to take part as well.

Do you have a question about this article? Please CONTACT US.

Apr 18, 2024

Oil & Gas Operations and Decision-Making in the Cloud Era

Recently, KBC launched the Acuity Industrial Cloud Suite, consolidating its simulation software solutions. It aligns with KBC's portfolio to address challenges in energy transition, process optimization, value chain optimization, and asset management. For insights, we interviewed Rolando Gabarron, a senior consultant in product management.

Apr 2, 2024

Behind the scenes of Pioneers: Pursuing objectives while also focusing on personal growth with Esmeralda Roxas

In the dynamic landscape of professional careers, the journey of growth and adaptation of Esmeralda Roxas at Yokogawa stands out. From her humble beginnings in system sales engineering for upstream oil and gas to her current role in network security, her trajectory is a testament to resilience, proactivity, and a thirst for knowledge.

Dec 21, 2023

The Necessity of Converged IT/OT SOC in Strengthening Cybersecurity for Today's Industrial Landscape

In the rapidly advancing technological landscape, industrial organizations face escalating cyber threats. To fortify cybersecurity, embracing a Converged IT/OT SOC is imperative. Yokogawa's cloud-based IT/OT SOC service provides a holistic defense, offering integrated visibility, proactive measures, and real-time monitoring. As cyber threats evolve, businesses can stay ahead with Yokogawa, safeguarding operations effectively in the cybersecurity race.

Dec 19, 2023

Yokogawa Recognised as a ‘Leader’ in Verdantix Green Quadrant for Process Safety Software 2023

Yokogawa has been acknowledged as a key software platform provider in the Green Quadrant report published by Verdantix and achieved the title of a 'Leader' in Process Safety Management. This recognition stands as a great achievement for Yokogawa, showcasing excellent performance in areas such as Control of Work, Mobile, Platform Interoperability, Integration, and Sustainability, including ESG considerations, among other notable areas.

Dec 18, 2023

Behind the scenes of Pioneers: Mahalakshmi R, Deputy Head, Yokogawa India Service: A Trailblazer in Leadership and Career Success at Yokogawa

In a recent interview, Mahalakshmi, Deputy Head at Yokogawa India Service, revealed her remarkable 28-year journey with the company. A leader in training and customer service, she has driven innovative projects and fostered a culture of success. Let's explore the key elements that have defined her leadership and career at Yokogawa.

Nov 30, 2023

Optimizing Energy Efficiency for Industrial Enterprise Buildings & Offices

Explore Yokogawa's EEMS revolutionizing energy efficiency in industrial buildings, recognizing their substantial impact on global energy consumption and CO2 emissions. This blog delves into EEMS's digital prowess for optimizing energy dynamics through real-time monitoring and a centralized platform. Uncover insights into smart meters, sensors, and communication protocol challenges and solutions.

Oct 2, 2023

Enhancing Energy Security Unveils the Power of Convergence and Yokogawa's Cybersecurity Program

In an age of looming cyber threats, the energy sector's vulnerability is glaring. Embracing IT-OT convergence is vital to combat these risks. Explore the benefits, challenges, and the pivotal role of Yokogawa's cybersecurity program in safeguarding energy systems against cyber threats. Discover more in our enlightening infographic, here: Access the infographic. Convergence merges security aspects for a unified defense, yet poses new risks. The Colonial Pipeline incident highlighted the cascading impact of IT breaches on OT systems. Yokogawa's comprehensive cybersecurity program addresses these challenges, offering tailored solutions, risk assessment, layered defense, monitoring, and employee education. Join us in fortifying cybersecurity posture.

Digital Solutions Blog

GICSP: Reducing Risk and Improving Security

SANS and GIAC

GICSP Content

GICSP and Yokogawa

Looking for more information？

Yokogawa Digital Solutions

Contact us