U.S. Flag Official website of the Department of Homeland Security
U.S. Department of Homeland Security Seal. ICS-CERT. Industrial Control Systems Cyber Emergency Response Team.

Training Available Through ICS-CERT

Scheduled training is on the ICS-CERT Calendar

Web - Based Training available on the ICS-CERT Virtual Learning Portal
Operational Security (OPSEC) for Control Systems (100W) - 1 hour
Cybersecurity for Industrial Control Systems (210W) - 15 hours

Instructor Led Format - Introductory Level
Introduction to Control Systems Cybersecurity (101) - 1 day or 8 hrs

Instructor Led Format - Intermediate Level
Intermediate Cybersecurity for Industrial Control Systems (201), lecture only - 1 day or 8 hrs

Hands-On Format - Intermediate Level
Intermediate Cybersecurity for Industrial Control Systems (202), with lab/exercises - 1 day or 8 hrs

Hands-On Format - Technical Level
ICS Cybersecurity (301)—5 days

 

ICS-CERT program training events consist of 'regional' training courses and workshops at venues in various locations in addition to the 5-day training event held in Idaho Falls, Idaho. The information below specifies the type of venue where the course is presented. Refer to the ICS-CERT calendar for a schedule of these training options. Note that all ICS-CERT training courses are presented with no cost to the attendee.

 


Web Based Training

Operational Security (OPSEC) for Control Systems (100W)

It is important to ensure the security of your control system. This training will provide an overview of operational security (OPSEC). It will increase your awareness of what information an adversary may view as valuable. It will provide the tools to recognize potential weaknesses in your daily operations and techniques so you can do something about those weaknesses.

OPSEC crosses all fields and environments and even extends to your private life. This training will cover standard OPSEC practices, with a focus on the control system environment.

This training is intended for anyone working in a control system environment.

A Certificate of Completion is available after completing this course. Access this course via the ICS-CERT Virtual Learning Portal.

Estimated time to complete course:  1 hour

Back to top

Cyber Security Industrial Control Systems (210W)

The 210W series of courses are an online web based version of our 101 and 201 instructor led courses (detailed below).

These courses cover many aspects of cybersecurity for industrial control systems. First, students will be introduced to the basics of industrial control systems security. This includes a comparative analysis of IT and control system architecture, security vulnerabilities, and mitigation strategies unique to the control system domain. Next these courses provide technical instruction on the protection of industrial control systems using offensive and defensive methods.  Students will understand how cyber attacks could be launched, why they work, and mitigation strategies to increase the cybersecurity posture of their control system.

The 210W courses are:

  • 210W-01 Differences in Deployments of Industrial Control Systems (ICS)
  • 210W-02 Influence of Common Information Technology (IT) Components on ICS
  • 210W-03 Common ICS Components
  • 210W-04 Cybersecurity within IT and ICS Domains
  • 210W-05 Cybersecurity Risk
  • 210W-06 Current Trends - Threats
  • 210W-07 Current Trends - Vulnerabilities
  • 210W-08 Determining the Impact of a Cybersecurity Incident
  • 210W-09 Attack Methodologies in IT and ICS
  • 210W-10 Mapping IT Defense-in-Depth Security Solutions to ICS

A Certificate of Completion is available after completing each course.  Access this course via the ICS-CERT Virtual Learning Portal.

Estimated time to complete each course:  1.5 hours

Back to top


Instructor Led Format - Introductory Level

Introduction to Control Systems Cybersecurity (101)

The purpose of this course is to introduce students to the basics of industrial control systems security. This includes a comparative analysis of IT and control system architecture, security vulnerabilities, and mitigation strategies unique to the control system domain.

This course is split into four sessions: (1) Cybersecurity Landscape: Understanding the Risks, (2) Industrial Control Systems Applications, (3) Current State of Cybersecurity in Industrial Control Systems, and (4) Practical Applications of Cybersecurity. A Certificate of Completion will be provided at the conclusion of the course.

This course is presented at regional venues in various locations throughout the year. Refer to the ICS-CERT calendar for a schedule of this training option. The content of this course is also available in the 210W on-line course accessible through the ICS-CERT Virtual Learning Portal.

Back to top


Instructor Led Format - Intermediate Level

Intermediate Cybersecurity for Industrial Control Systems (201), lecture only

This course provides technical instruction on the protection of industrial control systems using offensive and defensive methods. Students will understand how cyber attacks could be launched, why they work, and mitigation strategies to increase the cybersecurity posture of their control system networks. In addition, this course acts as a prerequisite for the next course, Intermediate Cybersecurity for Industrial Control Systems (202), which offers hands-on application of concepts presented.

This course is split into four sessions: (1) Current Security in ICS, (2) Strategies Used Against ICS, (3) Defending the ICS, and (4) Preparation and Further Reading for Part 2.  A Certificate of Completion will be provided at the conclusion of the course.

This course is presented at regional venues in various locations throughout the year. Refer to the ICS-CERT calendar for a schedule of this training option. The content of this course is also available in the 210W on-line course accessible through the ICS-CERT Virtual Learning Portal.

Back to top


Hands-On Format - Intermediate Level

Intermediate Cybersecurity for Industrial Control Systems (202), with lab/exercises

This hands-on course is structured to help students understand how attacks against process control systems could be launched, why they work, and provides mitigation strategies to increase the cyber security posture of their control systems networks.

This course provides a brief review of industrial control systems security. This includes a comparative analysis of IT and control system architecture, security vulnerabilities, and mitigation strategies unique to the control system domain. Because this course is hands-on, students will get a deeper understanding of how the various tools work. Accompanying this course is a sample process control network that demonstrates exploits used for unauthorized control of the equipment and mitigation solutions. This network is also used during the course for the hands-on exercises that will help the students develop control systems cybersecurity skills they can apply in their work environment.

This course is split into six sessions: (1) Supervisory Control and Data Acquisition (SCADA) and control system overview, (2) Risk to Industrial Control Systems, (3) Exploit demonstration, (4) Basic Control Security Considerations, (5) Network: Security, Identification, and Remediation, and (6) Network: Defense, Detection, and Analysis.  A Certificate of Completion will be provided at the conclusion of the course.

This course is presented at regional venues in various locations throughout the year. Refer to the ICS-CERT calendar for a schedule of this training option.

Back to top


Hands-On Format - Technical Level

ICS Cybersecurity (301) - 5 days

This event will provide hands-on training in discovering who and what is on the network, identifying vulnerabilities, learning how those vulnerabilities may be exploited, and learning defensive and mitigation strategies for control system networks. The week includes a Red Team / Blue Team exercise that takes place within an actual control systems environment. The training provides the opportunity to network and collaborate with other colleagues involved in operating and protecting control system networks.

Note that this course is not a deep dive into training on specific tools, control system protocols, control system vulnerability details or exploits against control system devices.

This event consists of industrial control systems cybersecurity training and a Red Team / Blue Team exercise:

  • Day 1 - Welcome, overview of the DHS Control Systems Security Program, a brief review of cybersecurity for Industrial Control Systems, a demonstration showing how a control system can be attacked from the internet, and hands-on classroom training on Network Discovery techniques and practices.
  • Day 2 - Hands-On classroom training on Network Discovery, using Metasploit, and separating into Red and Blue Teams.
  • Day 3 - Hands-On classroom training on Network Exploitation, Network Defense techniques and practices, and Red and Blue Team strategy meetings.
  • Day 4 - 8-hour exercise where participants are either attacking (Red Team) or defending (Blue Team). The Blue Team is tasked with providing the cyber defense for a corporate environment, and with maintaining operations to a batch mixing plant, and an electrical distribution SCADA system.
  • Day 5 - Red Team/Blue Team exercise lessons learned and round-table discussion.

Prerequisites: Each attendee should have an understanding of ICS networks and IT network details. Every student attending this course should bring a laptop computer (with a DVD drive). The user must be able to boot the laptop to an operating system from the DVD. If using a DVD is not an option the user may run the operating system in a VM such as VMware Player, VMware Fusion or Oracle VirtualBox.

This course is presented at a facility in Idaho Falls, Idaho, USA configured specifically for the aspects of the course. A Certificate of Completion will be provided at the conclusion of the course. Refer to the ICS-CERT calendar for a schedule of this training option.

Back to top

Back to Top