Intermediate Cybersecurity for Industrial Control Systems – PART 2 (202)

This hands-on course is structured to help students recognize how attacks against process control systems can be launched, understand why they work, and learn mitigation strategies to increase the cybersecurity posture of their control systems networks.

This course provides a brief review of industrial control systems (ICS) security. This includes a comparative analysis of information technology (IT) and control system architectures, security vulnerabilities, and mitigation strategies unique to the control systems domain. Due to the nature of this hands-on course, students will gain a deeper understanding of how the various tools work. Accompanying this course is a sample process control network that demonstrates exploits used for unauthorized control of the equipment and mitigation solutions. This network is also used during the course exercises and will help students develop control systems cybersecurity skills they can apply in their work environment.

Note that this course is not a deep dive into training on specific tools, control systems protocols, control systems vulnerability details, or exploits against control systems devices.

This course is split into five sessions: (1) Industrial Control Systems Overview; (2) Network Discovery and Mapping; (3) Exploitation and Using Metasploit; (4) Network Attacks and Exploits; and (5) Network Defense, Detection, and Analysis.

After attending this course, participants will be able to:

• Identify risks in ICSs.
• Demonstrate a process control exploitation.
• Use passive discovery tools.
• Use active discovery tools.
• Describe Metasploit.
• Use the Metasploit Framework.
• Discuss basic web hacking techniques.
• Describe password security.
• Discuss wireless attacks and exploits.
• Describe packet analysis.
• Define intrusion detection and prevention systems.

Who Should Attend

This course is for individuals responsible for evaluating or assessing the cybersecurity posture of critical infrastructure. This could include any number of specific roles and responsibilities, such as cybersecurity management and risk management personnel, IT and operational technology (OT) security personnel, and IT and OT managers.

Logistics

This course is a regional training event and is coordinated with each CISA Regional Office. Contact your CISA Regional Office for the event schedule and to register for a training event in your area.

A certificate of completion will be provided at the conclusion of the course. This course is accredited by the International Accreditors for Continuing Education and Training and awards attendees continuing education units (CEUs) upon completion. 

There is no tuition cost to attend this training.

To ask a question or provide other feedback on ICS training, contact us at ICStraining@inl.gov.