CSSA (Certified SCADA Security Architect) passed today

AlexNguyenAlexNguyen Member Posts: 358 ■■■■□□□□□□
I've passed the CSSA exam today. I took the InfoSec 5-day SCADA Security Boot Camp class. The last day of the class was the exam day. It has 100 questions with multiple choices and you have a maximum of 2 hours to complete. You need a minimum score of 70% to pass. It's an online proctored exam via a web site. It was an 'easy' exam for me since I deal with NERC CIP compliance as part of my job responsibilities.
Knowledge has no value if it is not shared.
Knowledge can cure ignorance, but intelligence cannot cure stupidity.

Comments

  • JDMurrayJDMurray Admin Posts: 13,025 Admin
    Congratulations on passing the CSSA exam! icon_cheers.gif

    SCADA is a really cool specialization to have. I wish that I had been able to get into it and ICS more when I had the chance. As it is, I can't tell a NERC from a FERC. icon_lol.gif
  • AlexNguyenAlexNguyen Member Posts: 358 ■■■■□□□□□□
    Outside people think SCADA is cool...but there's nothing exciting about it. It's old technology. There are many SCADA systems still running for almost 30 years. There's a lot of security holes in those systems. The SCADA communication protocols (e.g. Modbus, DNP3) are 'insecured'. It's based on serial communication and now encapsulated in TCP. There's no authentication. In the SCADA security class, a guy said that you can buy a Lego Storm kit and program it to talk to a PLC via Modbus.
    Knowledge has no value if it is not shared.
    Knowledge can cure ignorance, but intelligence cannot cure stupidity.
  • JDMurrayJDMurray Admin Posts: 13,025 Admin
    SCADA is cool because of what it controls and how naive the security controls are. The ladder logic of the PLCs is primitive at best, but that's all ICS needs. In fact, most ICS only use SCADA as a convenience and don't need it to actually operate.
  • remilad2002remilad2002 Registered Users Posts: 1 ■□□□□□□□□□
    can i get the recent question and answer to the CSSA exam
  • DAVIS NGUYENDAVIS NGUYEN Member Posts: 1,472 ■■■□□□□□□□
    Congrats on the pass icon_thumright.gif
  • erg0nerg0n Member Posts: 2 ■□□□□□□□□□
    congrats! I'm also in the SCADA industry but on the vendor side of things specifically in the Oil and Gas sector, but work with clients in water, electricity and traffic. I'm from Montreal as well, but have since relocated to Houston
  • ugur5253ugur5253 Registered Users Posts: 1 ■□□□□□□□□□
    AlexNguyen wrote: »
    I've passed the CSSA exam today. I took the InfoSec 5-day SCADA Security Boot Camp class. The last day of the class was the exam day. It has 100 questions with multiple choices and you have a maximum of 2 hours to complete. You need a minimum score of 70% to pass. It's an online proctored exam via a web site. It was an 'easy' exam for me since I deal with NERC CIP compliance as part of my job responsibilities.

    Hello Alex;
    How was the exam questions ? How did you work on exam ?
    Can you please answer ?
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    ugur5253 wrote: »
    Hello Alex;
    How did you work on exam ?

    Alex...I second this one... What material did you use for studying/preparing for the exam? Thanks :D
  • DevilryDevilry Member Posts: 668
    Congrats on the pass - I would also like to see what materials was used.
  • dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    Devilry wrote: »
    Congrats on the pass - I would also like to see what materials was used.

    Yes please let us know what material you used to prepare. Thanks
  • JDMurrayJDMurray Admin Posts: 13,025 Admin
    Why would you want to study with 3+ year old material? ;)
Sign In or Register to comment.