This course is
focused entirely on securing or "blue teaming" the
industrial control system (ICS) architecture,
and will include technical deep dives, optional
demonstrations, and other relevant content that
will be used to reinforce the selection and implementation
of security controls relating specifically to ICS. The
initial online version of this course will NOT include any
lab exercises. The lab component of the course will be
offered (in the future) as an optional purchase. .
responsible for auditing, installing, or operating industrial
control systems are aware of the need for cyber security,
yet are confused on exactly what to implement, and how to
verify the resulting solution. This course provides a
solid foundation in addressing these concepts.
- MODULE 1: Welcome and Course Overview [35m]
- MODULE 2: ICS Fundamentals (Part 1): Operation, Design and Vulnerabilities [2h45m]
- Learn what is an Industrial Control System
- Learn how to simply a complex ICS architecture in terms of resources
- Understand why ICS "operational" security is different from traditional IT "information" security
- Understand why ICS are more vulnerable to cyber threats than other IT assets
- Understand the typical vulnerabilities that exist within ICS architectures
- MODULE 3: ICS Fundamentals (Part 2): Networking and
Industrial Protocols [2h15m]
- Understand the OSI 7-Layer Model
- Learn important Networking Terminology and Concepts
- Understand common Protocols, Ports and Services
- Understand the difference between Routers and Firewalls
- Understand Network Data Analysis
- Learn about Fieldbus Industrial Protocols
- Learn about Backend Industrial Protocols
- MODULE 4: Assessing and Managing Risk [2h15m]
- Understand the meaning of risk and how it impacts operational security and integrity
- Become aware of the threats and vulnerabiltiies that exist within ICS architectures
- Initate a risk assessment process to identify, classify and rank cyber security risks to ICS
- Use the results of the risk assessment to select appropriate controls to mitigate the residual risk
- MODULE 5: Auditing and Assessing ICS (Part 1): Methodology and Characterization [2h30m]
- Understand the differences between security auditing, assessing and testing
- Review some leading methodologies and understand how to tailor them to your unique situation
- Look at theoretical versus physical security assessments
- Learn how to perform both passive and active analysis
- MODULE 6: Auditing and Assessing ICS (Part 2): System Assessment and Classification [2h15m]
- Learn additional passive analysis techniques
- Understand vulnerability assessments
- Use vulnerability scanners to identify and
- Use vulnerability scanners to audit
configurations against custom and best practice
- Learn now to develop customized testing tools
- MODULE 7: Standards and Best Practices for
Industrial Security [1h30m]
- Understand governmental impact on standards and regulations around cyber security
- Gain insight into the varous cyber security standards and best practices, and how they can be used "concurrently"
- Understand the difference between "compliance" standards and "performance" standards
- Familiarize yourself with "industry" specific standards relating to cyber security
- MODULE 8: Selecting and Implementing Security
Controls for ICS [4h15m]
- Understand what is meant by a security control
- Understand the correlation between security controls and risk management
- Learn about the different classes of security controls
- Learn about the importance of applying mulitple security controls to meet the desired level of risk reduction
- Introduction to a variety of security controls catalogs
- Develop strategy for deploying "reasonable" controls for immediate results to ICS architectures
In addition to informative video lessons, each module is
also populated with links to any technical material
referenced during the lesson including web sites, technical
papers, network captures, and product information. Numerous
video demonstrations are also provided, with many
supplimented by security vulnerability reports,
presentations and papers. Together with the textbook
"Industrial Network Security", a student should expect to
spend between 40-80 hours to complete all material.
The material covered in this class is sufficient to
successfully pass the Global Industrial Cyber Security
Professional (GICSP) offered through GIAC.
Each student will receive a Certificate of Training once all
modules have been successfully viewed, and the associated
self-assessments completed. These Continuing Education Units
(CEU) can be used against other professional certifications
like CISSP, CEH, etc.
Within 30 days of registration and receipt of payment, students will receive
the Course Manual, course textbook "Industrial Network Security, 2nd edition", and sign-on instructions
to access the training material online.
Students will receive a local copy of the extensive SCADAhacker Reference Library and catalog of
software for creating security testing environments on other
computing platforms. Students will also have access to an online library
containing supplemental information, addendums, and corrections to course material.
Physical ICS security equipment representing that
actually available for deployment in the field will be
included as part of the material covered. This will include not only ICS equipment, but also
associated security components as well. Some of the
technologies that will be covered in this course include:
- Software and devices using common industrial protocols such as Modbus/TCP, TSAP,
Ethernet/IP and Common
Industrial Protocol (CIP)
- Industrial Firewalls such as the Tofino Security Appliance,
Innominate mGuard, Secure Crossing Zenwall and Siemens
- Unidirectional Security Gateways and Data Diodes (Waterfall Security Solutions)
- Application Whitelisting such as Microsoft Software
Restriction Policies and McAfee Application Control
- Security Event and Incident Management solutions
such as McAfee Enterprise Security Manager and AlienVault
- Network Encryptors (Certes Networks CEP)
- Firewalls and Firewall Evaluation Tools (Cisco,
- Vulnerability and Compliance Scanners from Tenable Networks (Nessus)
To celebrate the launch of this new online course, a
special introductory price of $3,000 is
being offered. This pricing is valid for a limited time, so
register now. Why wait - even with the price of the GICSP
examination, this college-level course can save you
thousands when compared to "similar" SANS ICS course
Group discounts are available.
Click here to receive an overview of the training
program and the learning management system.
No refunds are available for online courses.
||Payments processed through PayPal
WHAT PREVIOUS STUDENTS HAVE TO SAY ABOUT
"Coming from an IT background,
finally I could find a venue that would walk me through A-Z
of ICS security. This training should be made a mandatory
requirement for IT security personnel in Oil & Gas!"
Takreer (Abu Dhabi)
"Joel really is on the forefront
of ICS/DCS Security! Excellent class!"
Manufacturing Cyber Security Analyst - Pharmaceutical
"The most rewarding and practical
class I have taken on any subject. If ICS security impacts
you, this course is a must."
Spartan Controls Ltd. (Canada)
"Fantastic! Great content and perfect
combination of hands-on and theory. I left the course
feeling re-energized and well-equipped to address ICS
security. If you have an opportunity to attend this class -
do it. Joel rocks!"
Tenaska, Inc. (USA)
"The best way to find out about
what you know you don't know about ICS."
Andy McNeil - CISSP, CISA - New Market Services Corp. (USA)
"Despite your skill or exposure level
to ICS security, you will walk away with a new perspective."
ICS Vendor (USA)
"This training is an eye opener to
any ICS user, but specifically to vendors that should be
more serious about ICS security."
ICS Vendor (USA)