Fixing what you broke: security hardening¶
After you have crashed turbines and exfiltrated secrets, the real work begins: securing the systems without making them unusable, unaffordable, or impossible to operate.
This self-paced module presents eleven hands-on challenges using real industrial security components: authentication systems, encryption frameworks, anomaly detection, protocol filtering, and network segmentation.
You can discover why:
“Just add a password” turns into certificate lifecycle management.
Dual authorisation saves lives but drives operators to creative workarounds.
Perfect network segmentation is an expensive fiction operations will not accept.
Anomaly detection works beautifully right up until the false positives start.
You can configure OPC UA encryption and measure the performance impact. Deploy jump hosts and deal with the consequences when they fail during emergencies. Implement detection controls and tune them until operators can still do their jobs.
Each challenge ends the same way: prove that your controls work, and that the plant still runs.
These exercises can be done standalone, or paired as a purple team exercise: attack -> defend, with full visibility on both sides.
Why effective security work is 20% finding vulnerabilities and 80% making fixes survivable:
- Overview
- Challenge 1: Password protect the SCADA
- Challenge 2: Role-based access control (RBAC)
- Challenge 3: Deploy Logging and Auditing
- Challenge 4: Anomaly detection deployment
- Challenge 5: Function Code Filtering (Protocol-Level Security)
- Challenge 6: Session Management and Dual Authorisation
- Challenge 7: Encrypt SCADA Communications
- Challenge 8: Implement jump host architecture
- Challenge 9: Network segmentation (IEC 62443 zones)
- Challenge 10: Build a complete security architecture
- Challenge 11: Design and defend a critical operation
- Challenge 12: Combining challenges 10 and 11