Syllabus

Introduction

The course unit “Security of Industrial Networks” focuses on the protection of communication systems and data transmission in industrial environments. It covers a range of topics, including network architecture and protocols, threat analysis and risk assessment, and methods for securing industrial networks such as firewalls, access control, and encryption. This course explores the integration of AI and machine learning techniques for real-time monitoring and threat detection in industrial networks.

Students who take this course will gain a comprehensive understanding of the challenges and solutions for securing industrial networks and the role of AI in enhancing network security. They will learn about network monitoring, VPNs, NAT, intrusion detection and prevention systems, security management frameworks, and best practices for industrial network security. Moreover, they will learn how to design and implement secure industrial networks, assess risks, and effectively manage security incidents. By the end of the course, students will have the skills to analyze and optimize industrial networks and make data-driven decisions to drive process improvement and innovation.

Total Hours

This course unit covers 100 hours, from which 28 hours lectures, 14 hours lab work, and 58 hours individual study and work.

General Objective

The general objective of the Security of Industrial Networks course unit is to provide students with a comprehensive understanding of the challenges and solutions for securing industrial networks, including the protection of communication systems and data transmission in industrial environments. By the end of the course, students should have gained knowledge and skills related to network architecture and protocols, threat analysis and risk assessment, as well as various methods for securing industrial networks, such as firewalls, access control, and encryption. The course also explores the integration of AI and machine learning techniques for real-time monitoring and threat detection in industrial networks.

Specific Objectives / Learning Outcomes

The specific objectives/learning outcomes of this course unit on Security of Industrial Networks are:

  • Understand the key concepts and principles of industrial network security, including network architecture, protocols, and segmentation.
  • Analyze the threat landscape in industrial networks and perform risk assessments to identify vulnerabilities.
  • Develop and implement effective security measures to secure industrial networks, such as firewalls, access control, encryption, and intrusion detection and prevention systems (IDPS).
  • Learn how to use monitoring tools and techniques to detect anomalies and security breaches in industrial networks.
  • Understand the role of virtual private networks (VPNs) and network address translation (NAT) in securing industrial networks.
  • Develop a comprehensive understanding of industrial network security management, including security policies and procedures, standards and regulations, and security management frameworks.
  • Explore best practices for industrial network security and case studies of security incidents in industrial networks.
  • Understand the application of machine learning and artificial intelligence techniques in securing industrial networks and the mitigation of adversarial attacks.
  • Learn about the security challenges and solutions for Industrial Internet of Things (I-IoT) systems.
  • Gain an understanding of emerging trends and future directions in industrial network security.
Professional Competencies

The professional competencies developed in this course unit include:

  • Industrial network security knowledge: Students will develop a deep understanding of the fundamental concepts and techniques related to the security of industrial networks, including threat analysis and risk assessment, security policies and procedures, and best practices for industrial network security.
  • Industrial network architecture and protocols: Students will learn about the architecture and communication protocols used in industrial networks, and how to segment and isolate network traffic to enhance security.
  • Security technologies and tools: Students will learn about the use of firewalls, access control, encryption, intrusion detection and prevention systems, and VPNs to secure industrial networks.
  • Machine learning for network security: Students will learn about the use of machine learning and artificial intelligence for real-time threat detection and defense, including the use of neural networks to deal with adversarial attacks.
  • I-IoT security: Students will develop an understanding of the security challenges and solutions for the emerging field of the Industrial Internet of Things (I-IoT), including I-IoT security solutions.
Cross Competencies

The cross competencies that are developed by taking this course unit on Security of Industrial Networks:

  • Critical thinking: Students will need to analyze complex industrial networks, identify potential security threats, and evaluate appropriate security measures to mitigate risks.
  • Problem-solving: Students will learn how to troubleshoot and resolve security issues in industrial networks.
  • Communication: Students will need to effectively communicate security risks and mitigation strategies to stakeholders at various levels within an organization.
  • Collaboration: Students will work in teams on lab exercises and case studies, which will require collaboration and coordination to successfully complete the tasks.
  • Adaptability: As threats to industrial networks continue to evolve, students will need to be able to adapt to new technologies, threats, and security measures.
Alignment to Social and Economic Expectations
The course unit on security of industrial networks is highly aligned with social and economic expectations. As the use of industrial networks continues to expand in various sectors, the need for robust and effective security measures becomes more urgent. The course provides students with the knowledge and skills necessary to secure industrial networks, which is critical for ensuring the safety, reliability, and efficiency of industrial processes. This directly supports the social expectation for safe and secure industrial operations, which are essential for protecting workers, consumers, and the environment. Furthermore, as cyber threats become increasingly sophisticated and pervasive, the ability to secure industrial networks is crucial for protecting the economic interests of organizations that rely on these systems. By equipping students with the necessary competencies to secure industrial networks, the course unit aligns well with the social and economic expectations of the industry and broader society
Evaluation

Assessment methods

For the lectures portion of the course unit the following assessment methods are used:

  • Class participation and engagement: This include asking questions, participating in discussions, and demonstrating a strong understanding of the material.
  • Quizzes or tests: These is given throughout the course to assess students’ understanding of key concepts and theories.
  • Presentations: Students are required to give a presentation on a topic related to security of industrial networks, demonstrating their ability to communicate complex ideas effectively.
  • Written assignments: This include essays, or case studies, allowing students to apply the concepts they have learned to real-world situations.

For the lab work portion of the course, the following assessment methods are used:

  • Completion of lab exercises: Students are required to complete a set of exercises throughout the course to demonstrate their understanding of the key concepts and their ability to apply them.
  • Group projects: Students will work in groups to develop a project related to security of industrial networks, demonstrating their ability to collaborate and apply their knowledge in a practical way.

Assessment criteria

For lectures, the assessment criteria for this course unit on the design of digital twins in industrial production are:

  • Knowledge and Understanding: Assessment of the student’s ability to comprehend and apply the concepts, theories, and principles of security of industrial networks.
  • Analytical and Critical Thinking Skills: Assessment of the student’s ability to analyze and evaluate complex problems related to security of industrial networks, and make informed decisions based on available data.
  • Communication Skills: Assessment of the student’s ability to communicate ideas, theories, and solutions related to security of industrial networks in a clear, concise, and effective manner.
  • Teamwork and Collaboration Skills: Assessment of the student’s ability to work effectively in a team and collaborate with others to achieve common goals in security of industrial networks.
  • Application of Technology: Assessment of the student’s ability to apply appropriate technologies and tools to implement security of industrial networks.

For lab work, the assessment criteria could include:

  • Technical Skills: Assessment of the student’s ability to apply the technical skills and knowledge acquired in the course to implement security of industrial networks solutions.
  • Quality of Work: Assessment of the student’s ability to produce high-quality work that meets the requirements and standards set for security of industrial networks.
  • Creativity and Innovation: Assessment of the student’s ability to think creatively and apply innovative solutions to design security of industrial networks solutions.
  • Attention to Detail: Assessment of the student’s ability to pay close attention to details and ensure that the security of industrial networks solutions are accurate, complete, and well-documented.
  • Time Management: Assessment of the student’s ability to manage their time effectively and deliver completed lab work within the specified timeframe.

Quantitative performance indicators to assess the minimum level of performance (mark 5 on a scale from 1 to 10)

Quantitative performance indicators to assess the minimum level of performance (mark 5 on a scale from 1 to 10) for the lectures in the security of industrial networks course unit include:

  • Attendance and participation in class discussions – The student should attend at least 80% of the lectures and actively participate in class discussions.
  • Homework and Quizzes – The student should complete all homework assignments and quizzes with a minimum score of 60%.
  • Midterm Exam – The student should achieve a minimum score of 50% on the midterm exam.

Quantitative performance indicators to assess the minimum level of performance (mark 5 on a scale from 1 to 10) for the lab works in the security of industrial networks course unit include:

  • Lab attendance and participation – The student should attend and participate in all scheduled lab sessions.
  • Lab reports – The student should submit all lab reports on time, with a minimum score of 60% on each report.
  • Lab assignments – The student should complete all lab assignments with a minimum score of 60%.
  • Lab exams – The student should achieve a minimum score of 50% on the lab exams.

Quantitative performance indicators for the final exam to assess the minimum level of performance in the security of industrial networks course unit:

  • Completion of a minimum number of lecture-related questions correctly – 70% of the total questions.
  • The student should be able to demonstrate an understanding of the basic concepts and principles of security of industrial networks, with a minimum score of 50% on multiple-choice questions or short answer questions.
  • The student should be able to explain and analyze real-life case studies and their results, with a minimum score of 50% on case study analysis questions.
  • The student should be able to demonstrate a basic knowledge of the tools and methodologies used in security of industrial networks, with a minimum score of 50% on matching or labeling questions.
  • The student should be able to apply the concepts and principles learned in the lectures to solve practical problems, with a minimum score of 50% on problem-solving questions.
  • The student should be able to critically evaluate the benefits and challenges of using security of industrial networks in industrial settings, with a minimum score of 50% on essay questions.
  • Evidence of the ability to apply learned concepts and principles to practical scenarios, as demonstrated by the number of correctly answered application-based questions.
  • Display of critical thinking skills, as evidenced by the number of correct answers to questions requiring analysis and synthesis of information.
  • Overall exam performance, measured in terms of the total number of correct answers and expressed as a percentage of the total exam score. A minimum score of 50% or above is set as the benchmark for a mark of 5.
Lectures

Unit 1: Introduction to Industrial Network Security (2 hours)

  • Overview of industrial networks
  • Importance of industrial network security
  • Security challenges in industrial environments

Unit 2: Industrial Network Architecture and Protocols (2 hours)

  • Industrial network architecture
  • Industrial communication protocols
  • Network segmentation and isolation

Unit 3: Threat Analysis and Risk Assessment in Industrial Networks (2 hours)

  • The threat landscape in industrial networks
  • Risk assessment and management
  • Vulnerability assessment

Unit 4: Securing Industrial Networks with Firewalls and Access Control (2 hours)

  • Firewall technology and implementation
  • Access control models and implementation
  • Role-based access control

Unit 5: Encryption in Industrial Networks (2 hours)

  • Encryption fundamentals
  • Cryptographic protocols for industrial networks
  • Digital certificates and Public Key Infrastructure (PKI)

Unit 6: Industrial Network Monitoring (2 hours)

  • Network monitoring tools and techniques
  • Security information and event management
  • Anomaly detection

Unit 7: Virtual Private Networks (VPNs) in Industrial Networks (2 hours)

  • VPN technology and implementation
  • Remote access VPNs and site-to-site VPNs
  • VPN security considerations

Unit 8: Network Address Translation (NAT) in Industrial Networks (2 hours)

  • NAT technology and implementation
  • Benefits and drawbacks of NAT in industrial networks
  • NAT security considerations

Unit 9: Securing Industrial Networks with Intrusion Detection and Prevention Systems (2 hours)

  • Intrusion detection and prevention systems (IDPS)
  • IDPS deployment and management
  • IDPS security considerations

Unit 10: Industrial Network Security Management (2 hours)

  • Security policies and procedures
  • Security standards and regulations
  • Security management frameworks

Unit 11: Industrial Network Security Best Practices (2 hours)

  • Best practices for industrial network security
  • Industrial network security case studies
  • Lessons learned from industrial network security incidents

Unit 12: Machine Learning for Industrial Network Security (2 hours)

  • Machine learning and artificial intelligence for network security
  • Machine learning models for real-time threat detection
  • Adversarial attacks and defenses in industrial networks

Unit 13: I-IoT Security (2 hours)

  • Overview of the Industrial Internet of Things (I-IoT)
  • Security challenges in I-IoT
  • I-IoT security solutions

Unit 14: Future Directions in Industrial Network Security (2 hours)

  • Emerging trends in industrial network security
  • Industrial network security research challenges and opportunities
  • Future directions in industrial network security
Lab Work

Unit 1: Industrial Network Setup and Configuration (2 hours)

Objective: Configure an industrial network using switches, routers, and industrial communication protocols.

  • Identify the different types of industrial communication protocols
  • Connect industrial devices to the network
  • Configure the network devices (switches and routers) for industrial communications
  • Test the network setup to ensure that the devices can communicate with each other

Unit 2: Network Segmentation and VLAN Configuration (2 hours)

Objective: Segment an industrial network using VLANs and configure VLAN tagging on switches.

  • Understand network segmentation and its importance in securing industrial networks
  • Configure VLANs on switches
  • Assign VLAN membership to devices
  • Test VLANs to ensure that traffic is correctly routed between VLANs

Unit 3: Firewall and Access Control Configuration (2 hours)

Objective: Configure firewalls and access control lists (ACLs) to protect an industrial network.

  • Understand the different types of firewalls and their role in industrial network security
  • Configure firewall rules and access control lists (ACLs)
  • Test the firewall to ensure that unauthorized traffic is blocked

Unit 4: VPN Configuration (2 hours)

Objective: Configure remote access VPN and site-to-site VPN to provide secure remote access to an industrial network.

  • Understand the different types of VPN and their use in industrial network security
  • Configure remote access VPN and site-to-site VPN
  • Test the VPN to ensure secure remote access to the network

Unit 5: Network Monitoring and Intrusion Detection (2 hours)

Objective: Configure network monitoring and intrusion detection systems (IDS) to detect and respond to network threats.

  • Understand the importance of network monitoring and intrusion detection in industrial network security
  • Configure network monitoring tools and systems
  • Configure intrusion detection systems (IDS)
  • Test the IDS to detect and respond to network threats

Unit 6: Encryption and Digital Certificates (2 hours)

Objective: Configure encryption and digital certificates to provide secure communication between industrial devices.

  • Understand the importance of encryption and digital certificates in industrial network security
  • Configure encryption for industrial communication protocols
  • Configure digital certificates for secure communication between devices
  • Test the encryption and digital certificates to ensure secure communication between devices

Unit 7: Machine Learning for Industrial Network Security (2 hours)

Objective: Use machine learning models to detect anomalies and threats in industrial networks and evaluate their effectiveness.

  • Understand the role of machine learning in industrial network security
  • Configure machine learning models to detect network anomalies and threats
  • Test the machine learning models to evaluate their effectiveness in detecting and responding to network threats
Supporting Infrastructure

To run the activity for this course unit, students will have the possibility to work in our labs with the following technologies:

  • FESTO Equipment set TP 1333: networks and IT Security