CESA – Certified Expert for Security in Automation

Cyber-attacks targeting industrial environments are becoming increasingly common, highlighting the need for robust Industrial Security. This involves safeguarding machines against threats such as cyber-attacks, manipulation, or even improper operation. To address these challenges, the CESA – Certified Expert for Security in Automation qualification provides a pathway to protection for industrial systems. This expert level training provides in-depth knowledge of relevant standards and legal requirements, security risk assessments, and both technical and organizational measures essential for industrial protection. Participants who successfully pass the examination earn a TÜV certified CESA-credential, validating their expertise.

This training is tailored specifically to IEC 62443 and will provide you with the corresponding specialist knowledge. Appropriate application of the IEC 62443 standard enables operators, integrators and manufacturers to demonstrate that their industrial automation systems conform to the standards of modern Industrial Security.

• Introduction 
  • Introduction to Industrial Security
• Legislation
  • Overview of International Legislation 
  • Machinery Regulation (MR)
  • Cyber Resilience Act (CRA)
  • NIS 2 
• Standards 
  • Overview of International Security Standards.
  • Basics of IEC 62443 as the central framework for Industrial Security (IACS Lifecycle, Responsibilities/Conformity). 
• Roles and responsibilities of Operator, Integrator and Manufacturer in the context of IEC 62443 and regulatory requirements
  • Operator related standards for OT security management, governance and continuous risk management:
    • ISO 27000
    • IEC 62443 -2-1, -2-2
  • Manufacturer related standards for secure product development, technical security requirements and protection against corruption
    • IEC 62443-3-3, -4-1,-4-2
    • EN 50742
  • Integrator related standards: Security Program requirements and methodology for Service Providers
    • IEC 62443-2-4, -6-1
• Risk Assessment (detailed review) 
  • Security Risk Assessment requirements from Legislations (NIS 2, CRA, MR). 
  • Different types of Security Risk Assessments in accordance with Standards. 
  • Security Risk Assessment based on IEC 62443-3-2.

This training is aimed at manufacturers, integrators and operators of industrial automation systems, in particular:

• Plant engineers
• Construction engineers
• Design engineers
• Project engineers
• System integrators
• Production managers/those responsible for production
• Those responsible for upgrades and maintenance of plant and machinery
• Development managers
• Chief Information Security Officers (CISO)

Registration for “CESA – Certified Expert for Security in Automation” requires a basic understanding of industrial networks and communication protocols. Experience with security measures is useful but not mandatory. Participation in the Pilz training ‘Fundamentals of Industrial Security’ is also an advantage. Are you unsure about whether your current qualification corresponds to the required level? Feel free to get in touch with us. We are pleased to offer individual support and outline possible alternatives that will enable you to achieve the qualification level for CESA.

The training is provided in both classroom and online format with a live instructor. Participants are required to attend on specific dates and times. For online training, a laptop equipped with a webcam, and Google Chrome or Microsoft Edge is required to participate.

An examination takes place at the end of the training. Examination can be in paper format (classroom-based training only) or online format (classroom or online training). The exam is 40 minutes in duration, and 25 multiple choice questions are asked. A score of 80% or above must be achieved to pass the examination.

If the examination is passed, you receive the globally recognised TÜV NORD certificate of “CESA – Certified Expert for Security in Automation”. The certificate is valid for four years and then can be extended for another four years by taking part in a recertification.

• Specialised know-how on requirements of related standards, risk assessment, technical and organisational measures in relation to Industrial Security.
• Overview of relevant legislation, with a focus on MR, CRA, and NIS 2 requirements and recommended course of action towards compliance
• Deep dive into the correct application and implementation of the IEC 62443 standard.
• Guidance on how to deal with the interface between IT applications and industrial machinery in production areas, with respect to security requirements.
• Attain a personalised and internationally recognised certificate issued by TÜV NORD as a CESA – Certified Expert for Security in Automation (upon successful completion of the examination).