Advanced Cybersecurity for Industrial Control Systems (ICS300)

The ICS300 course is a mandatory prerequisite course to the in-person ICS301 class.

This course provides online virtual training based on understanding, protecting, and securing industrial control systems (ICS) from cyberattacks. In order to understand how to defend information technology (IT) and operational technology (OT) systems, students will learn about common cyber vulnerabilities and the importance of understanding the environment they are tasked to protect. Learning the weaknesses of systems will enable students to identify mitigation strategies, policies, and programs that will provide the defense-in-depth needed to ensure a more secure ICS environment.

The online course consists of pre-recorded videos compiled into five main learning sessions:

• Session 1: Overview of Industrial Control Systems, Including an Attack Demonstration
• Session 2: Network Discovery and Mapping
• Session 3: Network Defense, Detection, and Analysis
• Session 4: The Exploitation Process
• Session 5: Network Attacks and Exploits

Note that this course is not a deep dive into training on specific tools, control systems protocols, control systems vulnerability details, or exploits against control systems devices. 

This course serves as a primer and is a mandatory prerequisite course to the in-person ICS301 class. A comprehensive exam with questions from each section will test the student’s understanding of the principles taught.  

After passing the exam and gaining approval to attend the ICS301 course, students will be provided access to the ICS300 labs (again). Students are urged to practice their skills in preparation for the ICS301 course. It is a team sport!

Prerequisites

Students should have practical knowledge and experience with ICS networks, software, and components. They should have a practical understanding of IT network basics such as User Datagram Protocol (UDP) and Transmission Control Protocol (TCP), as well as media access control (MAC) and Internet Protocol (IP) addressing.

Who Should Attend

This course is for individuals responsible for evaluating or assessing the cybersecurity posture of critical infrastructure. This could include any number of specific roles and responsibilities, such as cybersecurity management and risk management personnel, information technology (IT) and operational technology (OT) security personnel, and IT and OT managers.

Logistics

This course is presented online via the VLP. Upcoming courses can be found on the ICS Training Calendar.

This course is available to students for about a month once it has been started, but expected completion time is 12 to 20 hours. 

This course is accredited by the International Accreditors for Continuing Education and Training, and attendees will be awarded continuing education units (CEUs) and receive a certificate upon completion of the sessions and a passing score of 80% or above on the end-of-course exam. A passing score of at least 80% is required to be considered as an attendee in the ICS301 class. Although completion of the ICS300 course and a passing score on the associated assessment is required to attend the in-person ICS301 course, it does not guarantee attendance. Acceptance to ICS301 is subject to review.

There is no tuition cost to attend this training.

To ask a question or provide other feedback on ICS training, contact us at ICStraining@inl.gov.