This course is
focused entirely on securing or "blue teaming" the
industrial control system (ICS) architecture,
and will include technical deep dives, optional
demonstrations, and other relevant content that
will be used to reinforce the selection and implementation
of security controls relating specifically to ICS. The
initial online version of this course will NOT include any
lab exercises. The lab component of the course has been
offered in the latest update launched in 2021. Legacy
enrollments can purchase this lab content separately if
desired.
Many of
those individuals
responsible for auditing, installing, or operating industrial
control systems are aware of the need for cyber security,
yet are confused on exactly what to implement, and how to
verify the resulting solution. This course provides a
solid foundation in addressing these concepts.
Course syllabus:
- Welcome and Course Overview
- ICS Fundamentals (Part 1): Operation, Design
and Vulnerabilities
- Learn what is an Industrial Control System
- Learn how to simply a complex ICS architecture in terms of resources
- Understand why ICS "operational" security is different from traditional IT "information" security
- Understand why ICS are more vulnerable to cyber threats than other IT assets
- Understand the typical vulnerabilities that exist within ICS architectures
- ICS Fundamentals (Part 2): Networking and
Industrial Protocols
- Understand the OSI 7-Layer Model
- Learn important Networking Terminology and Concepts
- Understand common Protocols, Ports and Services
- Understand the difference between Routers and Firewalls
- Understand Network Data Analysis
- Learn about Fieldbus Industrial Protocols
- Learn about Backend Industrial Protocols
- Assessing and Managing Risk
- Understand the meaning of risk and how it impacts operational security and integrity
- Become aware of the threats and vulnerabiltiies that exist within ICS architectures
- Initate a risk assessment process to identify, classify and rank cyber security risks to ICS
- Use the results of the risk assessment to select appropriate controls to mitigate the residual risk
- Auditing and Assessing ICS (Part 1): Methodology and
Characterization
- Understand the differences between security auditing, assessing and testing
- Review some leading methodologies and understand how to tailor them to your unique situation
- Look at theoretical versus physical security assessments
- Learn how to perform both passive and active analysis
- Auditing and Assessing ICS (Part 2): System
Assessment and Classification
- Learn additional passive analysis techniques
- Understand vulnerability assessments
- Use vulnerability scanners to identify and
classify vulnerabilities
- Use vulnerability scanners to audit
configurations against custom and best practice
standards
- Learn now to develop customized testing tools
- Standards and Best Practices for Industrial Security
- Understand governmental impact on standards and regulations around cyber security
- Gain insight into the varous cyber security standards and best practices, and how they can be used "concurrently"
- Understand the difference between "compliance" standards and "performance" standards
- Familiarize yourself with "industry" specific standards relating to cyber security
- Selecting and Implementing Security Controls for ICS
- Understand what is meant by a security control
- Understand the correlation between security controls and risk management
- Learn about the different classes of security controls
- Learn about the importance of applying mulitple security controls to meet the desired level of risk reduction
- Introduction to a variety of security controls catalogs
- Develop strategy for deploying "reasonable" controls for immediate results to ICS architectures
In addition to informative video lessons, each section
contains an extensive list of supplimental information with links to any technical material
referenced during the lesson including web sites, technical
papers, network captures, and product information. Numerous
video demonstrations are also provided, with many
supplemented by security vulnerability reports,
presentations and papers. This is one of the only courses
that includes a textbook - "Industrial Network Security, 2nd
ed." providing a learning experience unlike any other.
This online course also includes a certification preparation module to
help students prepare and pass the Certified SCADA Security Architect (CSSA) examination
offered through
Information Assurance Certification Review Board (IACRB). Save THOUSANDS of dollars off other certification programs!!!
The material covered in this class is sufficient to
successfully pass the Global Industrial Cyber Security
Professional (GICSP) offered through GIAC.
Each student will receive a Certificate of Training once all
modules have been successfully viewed, and the associated
self-assessments completed. These Continuing Education Units
(CEU) can be used against other professional certifications
like CISSP, CEH, etc.
Within 30 days of registration and receipt of payment, students will receive
the Course Manual, course textbook "Industrial Network Security, 2nd edition", and sign-on instructions
to access the training material online.
Students will receive a local copy of the extensive SCADAhacker Reference Library and catalog of
software for creating security testing environments on other
computing platforms. Students will also have access to an online library
containing supplemental information, addendums, and corrections to course material.
Physical ICS security equipment representing that
actually available for deployment in the field will be
included as part of the material covered. This will include not only ICS equipment, but also
associated security components as well. Some of the
technologies that will be covered in this course include:
- Software and devices using common industrial protocols such as Modbus/TCP, TSAP,
Ethernet/IP and Common
Industrial Protocol (CIP)
- Industrial Firewalls such as
the Tofino Security Appliance,
Innominate mGuard,
Siemens Scalance X,
and Ultra/3eTI
- Unidirectional Security Gateways and Data Diodes (Waterfall Security Solutions)
- Application Whitelisting such as
Microsoft Software Restriction Policies
and McAfee Application Control
- Security Event and Incident Management solutions
such as AlienVault OSSIM,
McAfee Enterprise Security Manager
and Splunk
- Network Encryptors (Certes Networks CEP)
- Firewalls and Firewall Evaluation Tools
(Cisco,
Athena)
- Vulnerability and Compliance Scanners from Tenable Networks (Nessus)
This course includes a certification preparation module
to help students prepare and pass the Certified SCADA
Security Architect (CSSA) examination offered through Information
Assurance Certification Review Board (IACRB) (certification
fees not included in course registration fee). Save
THOUSANDS of dollars off other certification programs!!!
The material covered in this class is sufficient to
successfully pass the Global Industrial Cyber Security
Professional (GICSP) offered through GIAC.
Each student will receive a Certificate of Training once
all modules have been successfully viewed, and the
associated self-assessments completed. These Continuing
Education Units (CEU) can be used against other professional
certifications like CISSP, CEH, etc.
This course is available via three different delivery
methods. The traditional "live" format is available and will
be offered based on current restrictions and safety
protocols in response to the COVID-19 pandemic. Live courses
will be delivered over a consecutive 5-day period 8-hours
each day.
Two different options are available for remote learning.
The first is a structured "live /streaming" virtual session
that will take place over a fixed period of time with each
day beginning with instructor delivered content, followed by
unstructured time where students can work on assignments,
exercises and quizzes at their own pace with the instructor
available to provide assistance as needed.
For this first time, this course will be offered in a
University/College structured delivery format that will consist of
fixed weekly sessions beginning Tuesday, August 31 and will continue
for 15 weeks. Each week will consist of a structure discussion
session that will begin at 5:00p CT (time subject to change before
the first day of class) with content that varies depending on week
to include lectures and hands-on lab exercises. These sessions will
be supplemented with written assignments and quizzes that will be
completed outside of class and submitted for grading according to
the course syllabus. Students will be able to schedule one-on-one
time with the instructor to ask questions or discuss course content.
This provides flexibility that allows students to attend course
outside of normal work hours, and at the same time be challenged to
complete the material in a timely manner with additional mentoring
time offered. This course includes activities not
found in other "bootcamp" style programs. If you miss a weekly discussion session - no problem
because all sessions will be required and can be viewed aftewards
using the LMS.
The registration deadline for this course
structure is August 13 in order to allow sufficient time to ship
course materials to students. Register early, because pricing
will increase as the course start time approaches.
For those interested in a self-paced, unstructured
format, the course can be completed using an "on demand"
format. All courses will utilize the learning management
system for content delivery, supplimental information,
assignment and exercise instructions and submissions, and
examinations. Students will also have access to content via
the LMS after the completion of the course using any
delivery method.
All payments are processed through PayPal using the links
below and support a range of payment methods including
credit/debit cards (a PayPal account is not required).
Please contact ICSCSI if
an alternate form of payment is required. Group
discounts and on-site options
are available. Click here
for details on military and government discounts.
Delivery
Method |
Dates |
Location |
Price |
Register |
| Live / In-Person |
September |
Lambeau Field
Green Bay, Wisconsin
TBD |
$ 5,000 |
Reserve Space
|
| Live / In-Person |
October |
Lambeau Field
Green Bay, Wisconsin
TBD |
$ 4,750 |
Reserve Space
|
| Live / In-Person |
November |
Lambeau Field
Green Bay, Wisconsin
TBD |
$ 4,500 |
Reserve Space
|
| On Demand |
Anytime |
Anywhere |
$ 4,500 |
|
| Live / Weekly Streaming |
Tuesdays
5-7:30 pm CT
Aug 31 - Dec 7 |
Anywhere |
$ 5,500 |
|
Why wait - even with the price of the GICSP
examination, this college-level course can save you
thousands when compared to "similar" SANS ICS course
offerings!
Click here to watch an overview of the training
program and the how SCADAhacker has built a learning management system
unlike any other online training program.
After registration and receipt of payment, students will
you will receive an email with sign-on instructions to
access the learning management system. For remote streaming
and on-demand courses, course materials will be shipped and
should arrive in 1-2 weeks.
WHAT PREVIOUS STUDENTS HAVE TO SAY ABOUT
SCADAHACKER TRAINING:
"This is a training program that make sense of it all. And is worth every penny
if you have a desire to succeed and make a difference in the industry. The concepts
and instructor’s approach lay common sense fundamentals in an understandable way to
ensure your success incorporating the concepts in any ICS security program.
If you need to further proof, take a look at the SCADAhacker and ICSCSI websites
or the presentation videos on the S4 site. Listen to Joel Langill present, then you
will see that he is one of the best teachers and mentors out there. Having participated
in the SCADAhacker training many years ago, I still find myself accessing the online
videos simply to keep reinforcing the concepts. Why, because they work. "
Frank Garone
Cyber Security Program Manager - Transportation (USA)
"Joel has meticulously developed very high quality
training materials that lay the foundation for a head start in ICS security.
Targeting ICS users by focusing on realistic state-of-the-art security methods
and techniques. This is indispensable training by one of the rare true experts
of the ICS security field. Highly recommended!"
Xander van der Voort
van der Voort Cyber Security (The Netherlands)
"This training is not to be missed!"
Lori Hayes
Cyber Security Specialist - Thornton Tomasetti (USA)
"Coming from an IT background,
finally I could find a venue that would walk me through A-Z
of ICS security. This training should be made a mandatory
requirement for IT security personnel in Oil & Gas!"
Fuad Al-Ansari
Takreer (Abu Dhabi)
"Joel really is on the forefront
of ICS/DCS Security! Excellent class!"
Manufacturing Cyber Security Analyst - Pharmaceutical
Industry (USA)
"The most rewarding and practical
class I have taken on any subject. If ICS security impacts
you, this course is a must."
Brock Perry
Spartan Controls Ltd. (Canada)
"Fantastic! Great content and perfect
combination of hands-on and theory. I left the course
feeling re-energized and well-equipped to address ICS
security. If you have an opportunity to attend this class -
do it. Joel rocks!"
Andy Fenoglio
Tenaska, Inc. (USA)
"The best way to find out about
what you know you don't know about ICS."
Andy McNeil - CISSP, CISA - New Market Services Corp. (USA)
"Despite your skill or exposure level
to ICS security, you will walk away with a new perspective."
ICS Vendor (USA)
"This training is an eye opener to
any ICS user, but specifically to vendors that should be
more serious about ICS security."
ICS Vendor (USA)
