The Certified Automation Cybersecurity Specialist (CACS) and Certified Automation Cybersecurity Expert (CACE) program were developed in response to the growing demand to secure industrial automation control systems (IACS) and SCADA systems by providing a means for people to develop and demonstrate competence in understanding and applying security standards and best practices.
Control system cybersecurity is an emerging, highly specialized field of engineering. Its goal is to assure a systematic, lifecycle approach is used to assess, design, implement, and monitor methods to protect critical infrastructure from attack. The field of industrial automation and control system cybersecurity combines disciplines of basic control system engineering, risk assessment, safety system engineering, software (e.g. Microsoft) platforms, industrial networking, and IT network security. While several programs exist for training and certification of each of these individual disciplines, there is no program today that focuses on the intersection of these disciplines as it applies to control system cybersecurity. The CACE / CACS focuses on the practical application of security practices and principles, not on knowledge of theory.
“As the use of Ethernet technologies and the complexity of Industrial Control networks increases dramatically, industrial specific knowledge and experience will also become increasingly more important. Participating in the CACE / CACS certification program is a major step towards affirming your competence and knowledge working within these environments.” says Eric Persson, MS, MBA, Sr. Cybersecurity Engineer. “This program focuses on the practical application of security practices and principles, attaining this certification displays your commitment to Industrial network cybersecurity, can ultimately make you a more valuable employee, and open the door for career advancement.”
2. Preparing to pass the exam
The CACE/CACS exams consist of questions prepared and reviewed by the Advisory Board. A periodic review is done to assure that questions are understandable to those well versed in the applicable standards and fields of practice.
The CACE/CACS program requires demonstrated competency in current standards. Anyone not up to date will be unlikely to pass. While experience and conservative judgment is important to safety, experience alone is not enough. Additional preparation is needed for anyone not completely up to date with current standards and practice.
The Advisory Board highly recommends that you study at least 40-50 self study hours for preparation of the CACE/CACS exam.
Recommended Preparation Resources:
a. exida CACE study guide; Any relevant industrial contrul networking information, i.e. a copy of “Framework for Improving Critical Infrastructure Cybersecurity”
All CACE/CACS exams are open book with all readily available published references allowed to be used during the exam. Please also note that the candidates are specifically encouraged to bring in any standards relevant to the subject.
Other textbooks, publicly available published course materials, and workbooks are also allowed and may be useful to the candidates. NOTE: Personal hand notes are not permitted in the exam area.
3. The curriculum for this program consists of general knowledge plus the knowledge in the applicable field of expertise:
Common terms and definitions
Industrial Contrul Systems (ICS) Cyber security Lifecycle