Industrial Control Systems Evaluation (401V)

Completion of ICS300 and ICS301 is NOT a prerequisite for this course. The 401V is identical in content to the 401L. The 401 course is offered in both in-person and online formats.

The 401V course provides training on analyzing and conducting a self-evaluation of an industrial control systems (ICS) network to determine its defense status and what changes need to be made. The purpose of the course is to provide hands-on training in analyzing, evaluating, and documenting the cybersecurity posture of an ICS for internal and external recommended changes. Specifically, this course will utilize a repeatable process within a simulated ICS environment to analyze cybersecurity weaknesses and threats, evaluate and map findings, and document potential mitigations. Trainees will leave with a template that can be used for evaluations at their workplace.

The online course consists of pre-recorded videos and hands-on activities compiled into sessions by our instructional staff:

• Analysis and Evaluation Overview
• Step 1 - Analyze Business Purpose
• Step 2 - Identify Assets
• Step 3 - Determine ICS Connectivity
• Step 4 - Determine ICS Dependencies
• Step 5 - Assess Risk to Business
• Step 6 - Determine Critical Risk
• Step 7 - Recommend Actions
• Step 8 - Monitor and Reassess
• Optional: Final Evaluation
• Optional: Cyber Security Evaluation Tool (CSET^®)

Plan on dedicating approximately 15 to 20 hours over the two-week period to complete the online course. Hands-on activities may add additional time. Participants can go through the sessions at their own pace during the week, but the sessions must be completed in order. Each session must be completed before the next session will be available for viewing. Hands-on activities using NetLab can be completed at any time. All videos and hands-on activities must be completed by the closing date. If you do not or cannot complete the course in the allotted time frame, you may register for the next available 401 course to finish the videos and hands-on labs.

Who Should Attend

This course is for individuals responsible for evaluating or assessing the cybersecurity posture of critical infrastructure. This could include any number of specific roles and responsibilities, such as cybersecurity management and risk management personnel, information technology (IT) and operational technology (OT) security personnel, and IT and OT managers.

Logistics

This course is presented online via the VLP. Upcoming courses can be found on the ICS Training Calendar.

This course is accredited by the International Accreditors for Continuing Education and Training, and attendees will be awarded continuing education units (CEUs) and receive a certificate upon completion of the sessions and a passing score of 80% or above on the end-of-course exam.  

There is no tuition cost to attend this training.

To ask a question or provide other feedback on ICS training, contact us at ICStraining@inl.gov.