Course #396-12-BCMD-1

How Vulnerable Is Your Infrastructure? (Supervisory Control and Data Acquisition SCADA)

Dates: Aug-15-2012 - Aug-15-2012


Baltimore Convention Center

Baltimore, MD

Hours: 8:30am11:30am

$200 Government AFCEA Member
        Government Non Member
        Non-Government AFCEA Member
$250 Non-Government Non Member

This course qualifies for Continuing Education Units.
Note: Students registered for this course will also receive a one day pass for August 15th for TNLF-East at no additional cost. The course is provided by Cypherpath LLC (an AFCEA Educational Preferred Provider) in conjunction with AFCEA TechNet Land Forces-East at the Baltimore Convention Center. Course hours are 8:30am-11:30am. The course is also scheduled for 1:30pm-4:30pm. Please register for the afternoon session at

Course Description:

Over the last several years researchers have expressed growing concern over the possibility that the US and other major industrial nations are at risk due to vulnerabilities in a class of devices known in the engineering and manufacturing world as SCADA. SCADA devices control the invisible but necessary infrastructure of commercial enterprises from air conditioning systems to electrical grids and factory automation equipment.
The problem lies largely with the fact that many of these devices were designed to be embedded in equipment that was largely standalone and controlled using out-of-band management with laptops or directly connected terminal to configure device specific capabilities. The move to network all aspects of the corporate enterprise gradually began to include these devices which are often custom controllers programmed to provide specific functions that support a business need.  Critical Infrastructure including power plants, manufacturing facilities, hospitals and energy sectors provide a rich target for bad actors. This course will help prepare security professionals and organizations to better understand the network and security issues facing them and to be better prepared and informed.

The objectives for this course are for students to gain familiarilty with the most common SCADA device controls, Network Security, Compliance and Operational Security issues, and best practices in relation to SCADA and enterprise networks via access control, assessments and cryptography concepts.

Who Should Attend: Anyone involved with SCADA systems, SCADA supervisors, analysts, system administrators as well as SCADA vendors.

Course Outline:
 -  How does adding a SCADA device to the network make it vulnerable?
 -  What’s the threat?
 -  How should business respond to this threat?
 -  Network Security Concerns
 -  Where to go for guidance...NIST


Instructor: Gale Pomper has over 25 years of experience installing and designing computer networks. She holds numerous certifications from Microsoft, Novell, and CompTIA, including Server+, MCT, MCSE, MCTS for SharePoint , and MCTS and EMA for Exchange 2007. She is the principal author for an exam guide for Windows 2000 Active Directory published in December 2001, and a contributing author for Windows XP Power Pack published in March 2003.  

 For the past 15 years, Gale has been an independent consultant providing network design services, customized training, and SharePoint implementation services.
 In 2007, Ms. Pomper took a position working for the Department of Defense as a Global Exploitation and Vulnerability Analyst and is currently a Program Director for her office. She is a CISSP.