Home -> Training

Industrial Control System (DCS/SCADA)
Cyber Security Training Curriculum

Register now for introductory pricing!

As the recent lead SCADA Security Instructor for InfoSec Institute, and having been involved in directly with ICS for more than 30 years, I have quickly realized that there is a shortfall in training to address how to secure industrial control systems like Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS). There are several very good courses currently available,however, when reviewing the syllabi of these courses, it becomes clear that they tend to focus too much on either (1) theoretical aspects of the problem, or (2) the hacking or red team side of ICS security. Knowing this, and not trying to duplicate what is currently available, I am pleased to launch SCADAhacker Online Unversity beginning with the highly successful "Understanding, Assessing and Securing Industrial Control Systems". This course has evolved since its first launch in May 2012 to include various course offerings that span from basic and introductory to full-scope, comprehensive courses that teach in depth concepts of ICS as well as advanced securing techniques. Additional courses will be added to the curriculum in coming months.

These courses are primarily targetted at end-users, asset owners, integrators and vendors who are faced with the challenge of securing systems.

Understanding, Assessing and Securing Industrial Control Systems (ONLINE - 25+ hours)

This course is focused entirely on securing or "blue teaming" the industrial control system (ICS) architecture, and will include technical deep dives, optional demonstrations, and other relevant content that will be used to reinforce the selection and implementation of security controls relating specifically to ICS. The initial online version of this course will NOT include any lab exercises. The lab component of the course will be offered (in the future) as an optional purchase. .

Many of those individuals responsible for auditing, installing, or operating industrial control systems are aware of the need for cyber security, yet are confused on exactly what to implement, and how to verify the resulting solution. This course provides a solid foundation in addressing these concepts.

Course syllabus:

  • MODULE 1: Welcome and Course Overview [35m]
    • MODULE 2: ICS Fundamentals (Part 1): Operation, Design and Vulnerabilities [2h45m]
      • Learn what is an Industrial Control System
      • Learn how to simply a complex ICS architecture in terms of resources
      • Understand why ICS "operational" security is different from traditional IT "information" security
      • Understand why ICS are more vulnerable to cyber threats than other IT assets
      • Understand the typical vulnerabilities that exist within ICS architectures
    • MODULE 3: ICS Fundamentals (Part 2): Networking and Industrial Protocols [2h15m]
      • Understand the OSI 7-Layer Model
      • Learn important Networking Terminology and Concepts
      • Understand common Protocols, Ports and Services
      • Understand the difference between Routers and Firewalls
      • Understand Network Data Analysis
      • Learn about Fieldbus Industrial Protocols
      • Learn about Backend Industrial Protocols
    • MODULE 4: Assessing and Managing Risk [2h15m]
      • Understand the meaning of risk and how it impacts operational security and integrity
      • Become aware of the threats and vulnerabiltiies that exist within ICS architectures
      • Initate a risk assessment process to identify, classify and rank cyber security risks to ICS
      • Use the results of the risk assessment to select appropriate controls to mitigate the residual risk
    • MODULE 5: Auditing and Assessing ICS (Part 1): Methodology and Characterization [2h30m]
      • Understand the differences between security auditing, assessing and testing
      • Review some leading methodologies and understand how to tailor them to your unique situation
      • Look at theoretical versus physical security assessments
      • Learn how to perform both passive and active analysis
    • MODULE 6: Auditing and Assessing ICS (Part 2): System Assessment and Classification [2h15m]
      • Learn additional passive analysis techniques
      • Understand vulnerability assessments
      • Learn now to develop customized testing tools
    • MODULE 7: Standards and Best Practices for Industrial Security [1h30m]
      • Understand governmental impact on standards and regulations around cyber security
      • Gain insight into the varous cyber security standards and best practices, and how they can be used "concurrently"
      • Understand the difference between "compliance" standards and "performance" standards
      • Familiarize yourself with "industry" specific standards relating to cyber security
    • MODULE 8: Selecting and Implementing Security Controls for ICS [4h15m]
      • Understand what is meant by a security control
      • Understand the correlation between security controls and risk management
      • Learn about the different classes of security controls
      • Learn about the importance of applying mulitple security controls to meet the desired level of risk reduction
      • Introduction to a variety of security controls catalogs
      • Develop strategy for deploying "reasonable" controls for immediate results to ICS architectures

    In addition to informative video lessons, each module is also populated with links to any technical material referenced during the lesson including web sites, technical papers, network captures, and product information. Numerous video demonstrations are also provided, with many supplimented by security vulnerability reports, presentations and papers. Together with the textbook "Industrial Network Security", a student should expect to spend between 40-80 hours to complete all material.

    The material covered in this class is sufficient to successfully pass the Global Industrial Cyber Security Professional (GICSP) offered through GIAC.

    Each student will receive a Certificate of Training once all modules have been successfully viewed, and the associated self-assessments completed. These Continuing Education Units (CEU) can be used against other professional certifications like CISSP, CEH, etc.

    Within 30 days of registration and receipt of payment, students will receive the Course Manual, course textbook "Industrial Network Security, 2nd edition", and sign-on instructions to access the training material online.

    Students will receive a local copy of the extensive SCADAhacker Reference Library and catalog of software for creating security testing environments on other computing platforms. Students will also have access to an online library containing supplemental information, addendums, and corrections to course material.

    Physical ICS security equipment representing that actually available for deployment in the field will be included as part of the material covered. This will include not only ICS equipment, but also associated security components as well. Some of the technologies that will be covered in this course include:

    • Software and devices using common industrial protocols such as Modbus/TCP, TSAP, Ethernet/IP and Common Industrial Protocol (CIP)
    • Industrial Firewalls such as the Tofino Security Appliance, Innominate mGuard, Secure Crossing Zenwall and Siemens Scalance X
    • Unidirectional Security Gateways and Data Diodes (Waterfall Security Solutions)
    • Application Whitelisting such as Microsoft Software Restriction Policies and McAfee Application Control
    • Security Event and Incident Management solutions such as McAfee Enterprise Security Manager and AlienVault OSSIM
    • Network Encryptors (Certes Networks CEP)
    • Firewalls and Firewall Evaluation Tools (Cisco, Athena)
    • Vulnerability and Compliance Scanners from Tenable Networks (Nessus)

    To celebrate the launch of this new online course, a special introductory price of $3,000 is being offered. This pricing is valid for a limited time, so register now. Why wait - even with the price of the GICSP examination, this college-level course can save you thousands when compared to "similar" SANS ICS course offerings! Group discounts are available. Click here to receive an overview of the training program and the learning management system.

    No refunds are available for online courses.

      Payments processed through PayPal  


    "Coming from an IT background, finally I could find a venue that would walk me through A-Z of ICS security. This training should be made a mandatory requirement for IT security personnel in Oil & Gas!"
    Fuad Al-Ansari
    Takreer (Abu Dhabi)

    "Joel really is on the forefront of ICS/DCS Security! Excellent class!"
    Manufacturing Cyber Security Analyst - Pharmaceutical Industry (USA)

    "The most rewarding and practical class I have taken on any subject. If ICS security impacts you, this course is a must."
    Brock Perry
    Spartan Controls Ltd. (Canada)

    "Fantastic! Great content and perfect combination of hands-on and theory. I left the course feeling re-energized and well-equipped to address ICS security. If you have an opportunity to attend this class - do it. Joel rocks!"
    Andy Fenoglio
    Tenaska, Inc. (USA)

    "The best way to find out about what you know you don't know about ICS."
    Andy McNeil - CISSP, CISA - New Market Services Corp. (USA)

    "Despite your skill or exposure level to ICS security, you will walk away with a new perspective."
    ICS Vendor (USA)

    "This training is an eye opener to any ICS user, but specifically to vendors that should be more serious about ICS security."
    ICS Vendor (USA)