Advanced Cybersecurity for Industrial Control Systems (ICS301)

ICS301 is an instructor-led companion course to ICS300. 

This instructor-led, four-day course provides hands-on training for understanding, protecting, and securing industrial control systems (ICS) from cyberattacks and includes a red team versus blue team exercise conducted within an actual control systems environment. Attendees will get an instructor-led, hands-on experience with open source operating systems and security tools, such as Kali Linux and Security Onion. Attendees will also use their cyber skills, along with tools covered in the ICS301 course, to solve a series of cyber escape rooms. In addition, the training provides the opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks.

Note that this course is not a deep dive into training on specific tools, control systems protocols, control systems vulnerability details, or exploits against control systems devices.

Below is an example of the course schedule:

• Day 1 - Includes a welcome, a brief review of cybersecurity for industrial control systems, and a process control attack demonstration. The morning also includes a discussion on the main differences between information technology (IT) and operational technology (OT) networks, roles, responsibilities, and strategies for working together. Following the IT/OT discussion is a lecture and hands-on activities dealing with wireless communications, building on the topic discussion from the 301V. Hands-on activities in the afternoon are run in smaller groups as breakout sessions and focus on network discovery and mapping, network defense, detection and analysis, and exploitation using Metasploit.
• Day 2 - The morning includes the continuation of the breakout sessions listed above.  In the afternoon, the groups will participate in solving cyber escape rooms drawing on the topics and tools discussed in ICS300 and ICS301 breakout sessions. The ICScape Rooms include a fun mix of cyber puzzles and traditional escape room puzzles. Following the completion of each cyber escape room, there will be a short debrief to review the skills and tools used.
• Day 3 - The morning includes the continuation of the ICScape Room activities. In the afternoon, trainees will be divided into red and blue teams and will receive training and instruction in preparation for the Red Team vs. Blue Team exercise.
• Day 4 - Includes a seven-hour, hands-on exercise where trainees are either attacking (Red Team) or defending (Blue Team) IT and OT networks. The Blue Team is tasked with providing cyber defense for a corporate environment while maintaining the operation of a chemical batch mixing plant and monitoring an electrical distribution substation supervisory control and data acquisition (SCADA) system. After the exercise, there will be a brief roundtable discussion of lessons learned to close out the training.

Prerequisites

Trainees must have previously participated in the virtual ICS300 course and passed the assessment test with an 80% or better.

Trainees should have practical knowledge and experience with ICS networks, software, and components. They should have a practical understanding of IT network basics, such as User Datagram Protocol (UDP) and Transmission Control Protocol (TCP), as well as media access control (MAC) and Internet Protocol (IP) addressing.

Who Should Attend

This course is for individuals responsible for evaluating or assessing the cybersecurity posture of critical infrastructure. This could include any number of specific roles and responsibilities, such as cybersecurity management and risk management personnel, IT and OT security personnel, and IT and OT managers.

Logistics

This course is presented at a facility in Idaho Falls, Idaho, USA, configured specifically for the aspects of the course. Upcoming courses can be found on the ICS Training Calendar.

This course is accredited by the International Accreditors for Continuing Education and Training, and attendees will be awarded continuing education units (CEUs) and receive a certificate upon completion of the sessions and a passing score of 80% or above on the end-of-course exam.

There is no tuition cost to attend this training.

To ask a question or provide other feedback on ICS training, contact us at ICStraining@inl.gov