U.S. Flag Official website of the Department of Homeland Security
U.S. Department of Homeland Security Seal. ICS-CERT. Industrial Control Systems Cyber Emergency Response Team.
TLP:WHITE

Training Available Through ICS-CERT

Web - Based Training available on the ICS-CERT Virtual Learning Portal

We offer several online training courses via the ICS-CERT Virtual Learning Portal (VLP). Topics include: 

Operational Security (OPSEC) for Control Systems (100W) - 1 hour
Differences in Deployments of ICS (210W-1) – 1.5 hours
Influence of Common IT Components on ICS (210W-2) – 1.5 hours
Common ICS Components (210W-3) – 1.5 hours
Cybersecurity within IT & ICS Domains (210W-4) – 1.5 hours
Cybersecurity Risk (210W-5) – 1.5 hours
Current Trends (Threat) (210W-6) – 1.5 hours
Current Trends (Vulnerabilities) (210W-7) – 1.5 hours
Determining the Impacts of a Cybersecurity Incident (210W-8) – 1.5 hours
Attack Methodologies in IT & ICS (210W-9) – 1.5 hours
Mapping IT Defense-in-Depth Security Solutions to ICS (210W-10) – 1.5 hours

Access the ICS-CERT VLP for more information and to register and complete the courses. There are no tuition costs for these courses.

 

Instructor Led Training

Introduction to Control Systems Cybersecurity (101) - 8 hrs
Intermediate Cybersecurity for Industrial Control Systems (201) - 8 hrs
Intermediate Cybersecurity for Industrial Control Systems (202) - 8 hrs
ICS Cybersecurity (301) - 5 days

ICS-CERT program training events consist of 'regional' training courses and workshops at venues in various locations in addition to the 5-day training event held in Idaho Falls, Idaho. Refer to the ICS-CERT calendar for a schedule of these training options. Note that all ICS-CERT training courses are presented with no tuition cost to the attendee.

Scheduled training is on the ICS-CERT Calendar

Note: Training personnel do not possess proprietary interest in any product, instrument, device, service or material discussed in these courses or in any course materials.

 


Introduction to Control Systems Cybersecurity (101)

The course introduces students to the basics of industrial control systems (ICS) cybersecurity. This includes a comparative analysis of IT and ICS architecture, understanding risk in terms of consequence, security vulnerabilities within ICS environments, and effective cyber risk mitigation strategies for the control system domain.

After attending this course, you will be able to:

  • Describe ICS deployments, components, and information flow.
  • Differentiate cybersecurity within IT and ICS domains.
  • Explain a cyber exploit in an ICS architecture.
  • Recognize sector dependencies.
  • Identify cybersecurity resources available within NPPD.

A Certificate of Completion will be provided at the conclusion of the course.

This course is presented at regional venues in various locations throughout the year. If the course has an open enrollment, it will be posted to the ICS-CERT calendar. There is no tuition cost to the attendee for this training.

Back to top


Intermediate Cybersecurity for Industrial Control Systems (201) Part 1

This course builds on the concepts learned in the Introduction to ICS Cybersecurity (101) course. This course provides technical instruction on the protection of industrial control systems using offensive and defensive methods. Trainees will recognize how cyber attacks are launched, why they work, and mitigation strategies to increase the cybersecurity posture of their control system networks. In addition, this course acts as a prerequisite for the next course, Intermediate Cybersecurity for Industrial Control Systems (202), which offers hands-on application of concepts presented.

After attending this course, you will be able to:

  • Describe ladder logic.
  • Describe network discovery.
  • Discuss the three main stages of an attack.
  • Create a baseline using CSET.
  • Describe defense-in-depth strategies.

A Certificate of Completion will be provided at the conclusion of the course.

This course is presented at regional venues in various locations throughout the year. If the course has an open enrollment, it will be posted to the ICS-CERT calendar. There is no tuition cost to the attendee for this training.

Back to top


Intermediate Cybersecurity for Industrial Control Systems (202) Part 2

This hands-on course is structured to help students recognize how attacks against process control systems can launched, why they work, and provides mitigation strategies to increase the cyber security posture of their control systems networks.

This course provides a brief review of industrial control systems security. This includes a comparative analysis of IT and control system architecture, security vulnerabilities, and mitigation strategies unique to the control system domain. Because this course is hands-on, students will get a deeper understanding of how the various tools work. Accompanying this course is a sample process control network that demonstrates exploits used for unauthorized control of the equipment and mitigation solutions. This network is also used during the course for the hands-on exercises that will help the students develop control systems cybersecurity skills they can apply in their work environment.

Note that this course is not a deep dive into training on specific tools, control system protocols, control system vulnerability details or exploits against control system devices.

This course is split into five sessions: (1) Industrial Control System Overview, (2) Network Discovery and Mapping,  (3) Exploitation and Using Metasploit,  (4) Network Attacks and Exploits, (5) Network Defense, Detection, and Analysis  

After attending this course, you will be able to:

  • Identify risks in ICSs.
  • Demonstrate a process control exploitation.
  • Use passive discovery tools.
  • Use active discovery tools.
  • Describe Metasploit.
  • Use the Metasploit Framework.
  • Discuss basic web hacking techniques.
  • Describe password security.
  • Discuss wireless attacks and exploits.
  • Describe packet analysis.
  • Define intrusion detection and prevention systems.

A Certificate of Completion will be provided at the conclusion of the course.

This course is presented at regional venues in various locations throughout the year. If the course has an open enrollment, it will be posted to the ICS-CERT calendar. There is no tuition cost to the attendee for this training.

Back to top


ICS Cybersecurity (301) - 5 days

This course provides extensive hands-on training on understanding, protecting, and securing industrial control systems (ICSs) from cyber attacks and includes a  Red Team/Blue Team exercise conducted within an actual control systems environment. In order to understand how to best defend a system, trainees will learn about common vulnerabilities and the importance of understanding the environment they are tasked to protect. Learning the weaknesses of a system will enable trainees to implement the mitigation strategies and institute policies and programs that will provide the defense in depth needed to ensure a more security ICS environment. In addition, the training provides the opportunity to network and collaborate with other colleagues involved in operating and protecting control system networks.

Note that this course is not a deep dive into training on specific tools, control system protocols, control system vulnerability details or exploits against control system devices. The 301 designation is simply a course number and has no reference to a “300 level” course.

This course consists of six sessions, followed by a Red Team/Blue Team exercise and a discussion of the lessons learned.

  • Day 1 – Includes a welcome, the program overview,  a brief review of cybersecurity for Industrial Control Systems, a process control attack demonstration, network discovery, and network mapping.
  • Day 2 – Includes network defense, detection, and analysis. In addition, trainees will be divided into Red and Blue teams.
  • Day 3 – Includes the exploitation process, using Metasploit, network attacks, and network exploits followed by Red/Blue Team strategy meetings.
  • Day 4 – Includes an 8-hour hands-on exercise where trainees are either attacking (Red Team) or defending (Blue Team). The Blue Team is tasked with providing the cyber defense for a corporate environment, while maintaining operation of a batch mixing plant, and monitoring an electrical distribution substation SCADA system.
  • Day 5 – Includes Red Team/Blue Team exercise lessons learned and round-table discussion.

Working lunch presentations will provide information on subjects such as the Industrial Control System Cyber Emergency Response Team (ICS-CERT) program and products, common vulnerabilities, and the Cyber Security Evaluation Tool (CSET®).

Prerequisites:

  • Trainees should have practical knowledge and experience with ICS networks, software, and components. They should have a practical understanding of IT network basics such as User Diagram Protocol (UDP) and Transmission Control Protocol (TCP), as well as Media Access Control (MAC) and Internal Protocol (IP) addressing.  
  • Trainees will need a laptop with VMware® Workstation, Player, or Fusion installed and ready to import a VM provided for installation prior to arriving for class.

This course is presented at a facility in Idaho Falls, Idaho, USA configured specifically for the aspects of the course. A certificate of completion will be provided at the conclusion of the course. Refer to the ICS-CERT calendar for a schedule of this training option. There is no tuition cost to the attendee for this training.

Back to top

Back to Top