Course Description
ICS410 provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.
What Do Participants Learn?
- Better understand various industrial control systems and their purpose, application, function, and dependencies on network IP and industrial communications
- Work with control network infrastructure design (network architecture concepts, including topology, protocols, and components) and their relation to IEC 62443 and the Purdue Model.
- Run Windows command line tools to analyze the system looking for high-risk items
- Run Linux command line tools (ps, ls, netstat, ect) and basic scripting to automate the running of programs to perform continuous monitoring of various tools
- Work with operating systems (system administration concepts for Unix/Linux and/or Windows operating systems)
- Better understand the systems' security lifecycle
- Better understand information assurance principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation)
- Use your skills in computer network defense (detecting host and network-based intrusions via intrusion detection technologies)
- Implement incident response and handling methodologies
- Map different ICS technologies, attacks, and defenses to various cybersecurity standards including NIST Cyber Security Framework, ISA/IEC 62443, ISO/IEC 27001, NIST SP 800-53, Center for Internet Security Critical Security Controls, and COBIT 5
Who Should Attend?
The course is designed for the range of individuals who work in, interact with, or can affect industrial control system environments, including asset owners, vendors, integrators, and other third parties. These personnel primarily come from four domains:
- IT (includes operational technology support)
- IT security (includes operational technology security)
- Engineering
- Corporate, industry, and professional standards
What Will the Learning Experience Include?
Phase: 1
Introduce
- Comprehensive pre-program activities include:
- Web-based information forms & surveys completed by attendee.
- Direct consultation with the attendee about the expectations.
- During the training, participants engage in data, activities, and conversations that lead to insight and knowledge.
- Participants learn from expert trainers who have both academic and business experiences.
- Highly applicable training content & instructive activities for adding depth to training topics.
- **A half-day site visit for integrating the experience & plan next steps. Opportunities to provide connections, ideas & support.
Phase: 2
Explore & Practice
Phase: 3
Apply
- Apply & sustain the learning experience by using this ongoing support:
- To ensure participant has new skills or behavior progress.
- Optional, fee-based mentoring & coaching with the trainer.
- Training materials & additional documents (e-books, pdf files, presentations and articles)
- Evaluate your training experience by giving us feedbacks and help us to reach our organizational goals.
- Participant's Evaluation
- Trainer's Evaluation
Phase: 4
EVALUATE
Section 1. ICS Overview
- Overview of ICS
- Purdue Levels 0 and 1
- Purdue Levels 2 and 3
DCS and SCADA - IT & ICS Differences
Section 2. Field Devices and Controllers
- ICS Attack Surface
- Purdue Level 0 and 1
- Ethernet and TCP/IP
Section 3. Supervisory Systems
- Enforcement Zone Devices
- Understanding Basic Cryptography
- Wireless Technologies
- Wireless Attacks and Defenses
- Purdue Level 2 and 3 Attacks
Section 4. Workstations and Servers
- Patching ICS Systems
- Defending Microsoft Windows
- Defending Unix and Linux
- Endpoint Security Software
- Event Logging and Analysis
- Remote Access Attacks
Section 5. ICS Security Governance
- Building an ICS Cyber Security Program
- Creating ICS Cyber Security Policy
- Disaster Recovery
- Measuring Cyber Security Risk
- Incident Response
- Final Thoughts and Next Steps