Download Interent ExplorerDownload Apple SafariDownload OperaDownload FirefoxDownload Google Chrome

ICS Security Training | SCADA Systems Security Training

ICS Security Training | SCADA Systems Security Training

ICS Security Training – SCADA Systems Security Training:

ICS Security Training – SCADA Systems Security Training Course – Hands-on Labs (Online or Classroom Live)

ICS Security Training or SCADA Systems Security Training Course, SCADA controls our nation’s mission-critical infrastructure, everything from the power grid to water treatment facilities Gain homeland security skills, by learning to assess and secure SCADA systems. This ICS Security Training or SCADA Systems Security Training Course covers everything from field-based attacks to automated vulnerability assessments for SCADA networks. Learn the best practices for security SCADA networks and systems inside and out. ENO shows you how to defend against both internal and external attackers to provide holistic security for critical industrial automation systems.

Our ICS Security Training – SCADA Systems Security Training Course instructors have real-world hands-on experience securing some of the most high-profile energy delivery, water treatment, and mission-critical SCADA system. Dozens of exercises in our Hands-On ICS Security – SCADA Systems Security Course Labs bring you up to speed with the latest threats to your SCADA systems. Learn subjects not found in books, on the Internet, or taught anywhere else in any other information security class.

What’s Included?

  • Five days of ICS Security Training – SCADA Systems Security Training with an expert instructor
  • ICS/SCADA Security Training (Electronic Courseware)
  • Certificate of Completion
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee


Related Courses

Customize It:

  • If you are familiar with some aspects of ICS Security Training – SCADA Systems Security Training, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the ICS Security – SCADA Systems Security course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the ICS Security – SCADA Systems Security course in a manner understandable to lay audiences.

Audience / Target Group:

The ICS Security – SCADA Systems Security course is designed for the range of individuals who work in, interact with, or can affect industrial control system environments, including asset owners, vendors, integrators, and other third parties.

This personnel primarily comes from four domains:

  • IT (includes operational technology support)
  • IT security (includes operational technology security)
  • Engineering
  • Corporate, industry, and professional standards


The knowledge and skills that a learner must have before attending this ICS Security – SCADA Systems Security course are as follows:

  • ICS Security – SCADA Systems Security Course participants need to have a basic understanding of networking and system administration, TCP/IP, networking design/architecture, vulnerability assessment, and risk methodologies.
  • ICS Security – SCADA Systems Security covers many of the core areas of security and assumes a basic understanding of technology, networks, and security. For those who are brand new to the field and have no background knowledge, Intro to Information Security would be the recommended starting point. While Intro to Information Security is not a prerequisite, it provides introductory knowledge that will help maximize a student’s experience with ICS Security Training – SCADA Systems Security Crash Course.

ICS Security Training – Objectives:

Upon completing this SCADA Systems Security Training course, learners will be able to meet these objectives:

  • Better understand various industrial control systems and their purpose, application, function, and dependencies on network IP and industrial communications
  • Work with control network infrastructure design (network architecture concepts, including topology, protocols, and components) and their relation to IEC 62443 and the Perdue Model.
  • Run Windows command line tools to analyze the system looking for high-risk items
  • Run Linux command line tools (ps, ls, netstat, etc) and basic scripting to automate the running of programs to perform continuous monitoring of various tools
  • Work with operating systems (system administration concepts for Unix/Linux and/or Windows operating systems)
  • Better understand the systems’ security lifecycle
  • Better understand information assurance principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation)
  • Use your skills in computer network defense (detecting host and network-based intrusions via intrusion detection technologies)
  • Implement incident response and handling methodologies
  • Map different ICS technologies, attacks, and defenses to various cybersecurity standards including NIST Cyber Security Framework, ISA/IEC 62443, ISO/IEC 27001, NIST SP 800-53, Center for Internet Security Critical Security Controls, and COBIT 5

ICS Security Training – Course Syllabus:

Students will develop and reinforce a common language and understanding of Industrial Control System (ICS) cybersecurity as well as the important considerations that come with cyber-to-physical operations within these environments.

Day 1: ICS Overview

  • Global Industrial Cybersecurity Professional (GICSP) Overview
  • Overview of ICS
  • Processes & Roles
  • Industries
  • Purdue Levels 0 and 1
  • Controllers and Field Devices
  • Programming Controllers
  • Exercise: Programming a PLC
  • Purdue Levels 2 and 3
  • HMIs, Historians, Alarm Servers
  • Specialized Applications and Master Servers
  • DCS and SCADA
  • Differences in Location and Latency
  • Exercise: Programming an HMI
  • IT & ICS Differences
  • ICS Life Cycle Challenges
  • Physical and Cyber Security
  • Secure ICS Network Architectures
  • ICS410 Reference Model
  • Design Example
  • Exercise: Architecting a Secure DCS

Day 2: Field Devices & Controllers

Students will develop a better understanding of where these specific attack vectors exist and how to block them, starting at the lowest levels of the control network.

  • ICS Attack Surface
  • Threat Actors and Reasons for Attack
  • Attack Surface and Inputs
  • Vulnerabilities
  • Threat/Attack Models
  • Purdue Level 0 and 1
  • Purdue Level 0 and 1 Attacks
  • Control Things Platform
  • Exercise: Finding Passwords in EEPROM Dumps
  • Purdue Level 0 and 1 technologies
  • Purdue Level 0 and 1 Communications
  • Fieldbus Protocol Families
  • Exercise: Exploring Fieldbus Protocols
  • Purdue Level 0 and 1 Defenses
  • Ethernet and TCP/IP
  • Ethernet Concepts
  • TCP/IP Concepts
  • Exercise: Network Capture Analysis
  • ICS Protocols over TCP/IP
  • Wireshark and ICS Protocols
  • Attacks on Networks
  • Exercise: Enumerating Modbus TCP

Day 3: Supervisory Systems

Students will learn about different methods to segment and control the flow of traffic through the control network. Students will explore cryptographic concepts and how they can be applied to communications protocols and devices that store sensitive data.

  • Enforcement Zone Devices
  • Firewalls and NextGen Firewalls
  • Data Diodes and Unidirectional Gateways
  • Understanding Basic Cryptography
  • Crypto Keys
  • Symmetric and Asymmetric Encryption
  • Hashing and HMACs
  • Digital Signatures
  • Wireless Technologies
  • Satellite and Cellular
  • Mesh Networks and Microwave
  • Bluetooth and Wi-Fi
  • Wireless Attacks and Defenses
  • 3 Eternal Risks of Wireless
  • Sniffing, DoS, Masquerading, Rogue AP
  • Exercise: Network Forensics of an Attack
  • Purdue Level 2 and 3 Attacks
  • Historians and Databases
  • Exercise: Bypassing Auth with SQL Injection
  • HMI and UI Attacks
  • Web-based Attacks
  • Password Defenses
  • Exercise: Password Fuzzing

Day 4: Workstations and Servers

Students will learn essential ICS-related server and workstation operating system capabilities, implementation approaches, and system management practices.

  • Patching ICS Systems
  • Patch Decision Tree
  • Vendors, CERTS, and Security Bulletins
  • Defending Microsoft Windows
  • Windows Services
  • Windows Security Policies and GPOs
  • Exercise: Baselining with PowerShell
  • Defending Unix and Linux
  • Differences with Windows
  • Daemons, SystemV, and SystemD
  • Lynis and Bastille
  • Endpoint Security Software
  • Antivirus and Whitelisting
  • Application Sandboxing and Containers
  • Exercise: Configuring Host-Based Firewalls
  • Event Logging and Analysis
  • Windows Event Logs and Audit Policies
  • Syslog and Logrotate
  • Exercise: Windows Event Logs
  • Remote Access Attacks
  • Attacks on Remote Access
  • Honeypots
  • Exercise: Finding Remote Access

Day 5: ICS Security Governance

Students will learn about the various models, methodologies, and industry-specific regulations that are used to govern what must be done to protect critical ICS systems.

  • Building an ICS Cyber Security Program
  • Starting the Process
  • Frameworks: ISA/IEC 62443, ISO/IEC 27001, NIST CSF
  • Using the NIST CSF
  • Creating ICS Cyber Security Policy
  • Policies, Standards, Guidance, and Procedures
  • Culture and Enforcement
  • Examples and Sources
  • Disaster Recovery
  • DR and BCP Programs
  • Modification for Cyber Security Incidents
  • Measuring Cyber Security Risk
  • Quantitative vs Qualitative
  • Traditional Models
  • Minimizing Subjectivity
  • Incident Response
  • Six-Step Process
  • Exercise: Incident Response Tabletop Exercise
  • Final Thoughts and Next Steps
  • Other ICS Courses by SANS
  • Other SANS Curriculums and Courses
ICS Security Training – SCADA Systems Security Training Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help!

Request More Information

    Time frame: