Home -> Training

Industrial Control System (DCS/SCADA)
Cyber Security Training Curriculum

Why spend high prices to take courses from other organizations that fail to have instructors that have worked in the OT field designing, commissioning, maintaining and securing Industrial Control Systems? SCADAhacker offers on-line training developed by practitioners in both ICS system design/operation and cyber security design/implementation. SCADAhacker can save companies thousands of dollars over other proprietary courses that lack sophisticated infrastructure associated with today's on-line training methodologies. SCADAhacker blends leading edge ICS cyber security content coupled with an extensive textbook (not offered by any other program!) and an advanced learning management system designed to allow students the opportunity to reinforce learning objectives that may require extra attention. Sound interesting ... keep on reading.

As the recent lead SCADA Security Instructor for InfoSec Institute, and having been involved directly with industrial automation and control systems for more than 35 years, we have quickly realized that there is a shortfall in training to address how to secure industrial control systems like Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS). There are several very good courses currently available,however, when reviewing the syllabi of these courses, it becomes clear that they tend to focus too much on either (1) theoretical aspects of the problem, or (2) the hacking or red team side of ICS security. Knowing this, and not trying to duplicate what is currently available, we am pleased to launch SCADAhacker Online Unversity beginning with the highly successful "Fundamentals of ICS Cyber Security". This course originally offered under the title "Understanding, Assessing and Securing Industrial Control Systems" has evolved since its first launch in May 2012 to include various course offerings that span from basic and introductory to full-scope, comprehensive courses that teach in depth concepts of ICS as well as advanced securing techniques. Additional courses will be added to the curriculum in coming months.

The training program initially launched under the SCADAhacker name has been moved to the newly formed Industrial Control System Cyber Security Institute. Under this exciting new organization, the original course content covered here, is now included as part of a comprehensive ICS cyber security curriculum.

These courses are primarily targetted at end-users, asset owners, integrators and vendors who are faced with the challenge of securing systems.

Fundamentals of Industrial Control System Cyber Security

This course is focused entirely on securing or "blue teaming" the industrial control system (ICS) architecture, and will include technical deep dives, optional demonstrations, and other relevant content that will be used to reinforce the selection and implementation of security controls relating specifically to ICS. The initial online version of this course will NOT include any lab exercises. The lab component of the course has been offered in the latest update launched in 2021. Legacy enrollments can purchase this lab content separately if desired.

Many of those individuals responsible for auditing, installing, or operating industrial control systems are aware of the need for cyber security, yet are confused on exactly what to implement, and how to verify the resulting solution. This course provides a solid foundation in addressing these concepts.

Course syllabus:

  • Welcome and Course Overview
    • ICS Fundamentals (Part 1): Operation, Design and Vulnerabilities
      • Learn what is an Industrial Control System
      • Learn how to simply a complex ICS architecture in terms of resources
      • Understand why ICS "operational" security is different from traditional IT "information" security
      • Understand why ICS are more vulnerable to cyber threats than other IT assets
      • Understand the typical vulnerabilities that exist within ICS architectures
    • ICS Fundamentals (Part 2): Networking and Industrial Protocols
      • Understand the OSI 7-Layer Model
      • Learn important Networking Terminology and Concepts
      • Understand common Protocols, Ports and Services
      • Understand the difference between Routers and Firewalls
      • Understand Network Data Analysis
      • Learn about Fieldbus Industrial Protocols
      • Learn about Backend Industrial Protocols
    • Assessing and Managing Risk
      • Understand the meaning of risk and how it impacts operational security and integrity
      • Become aware of the threats and vulnerabiltiies that exist within ICS architectures
      • Initate a risk assessment process to identify, classify and rank cyber security risks to ICS
      • Use the results of the risk assessment to select appropriate controls to mitigate the residual risk
    • Auditing and Assessing ICS (Part 1): Methodology and Characterization
      • Understand the differences between security auditing, assessing and testing
      • Review some leading methodologies and understand how to tailor them to your unique situation
      • Look at theoretical versus physical security assessments
      • Learn how to perform both passive and active analysis
    • Auditing and Assessing ICS (Part 2): System Assessment and Classification
      • Learn additional passive analysis techniques
      • Understand vulnerability assessments
      • Use vulnerability scanners to identify and classify vulnerabilities
      • Use vulnerability scanners to audit configurations against custom and best practice standards
      • Learn now to develop customized testing tools
    • Standards and Best Practices for Industrial Security
      • Understand governmental impact on standards and regulations around cyber security
      • Gain insight into the varous cyber security standards and best practices, and how they can be used "concurrently"
      • Understand the difference between "compliance" standards and "performance" standards
      • Familiarize yourself with "industry" specific standards relating to cyber security
    • Selecting and Implementing Security Controls for ICS
      • Understand what is meant by a security control
      • Understand the correlation between security controls and risk management
      • Learn about the different classes of security controls
      • Learn about the importance of applying mulitple security controls to meet the desired level of risk reduction
      • Introduction to a variety of security controls catalogs
      • Develop strategy for deploying "reasonable" controls for immediate results to ICS architectures

    In addition to informative video lessons, each section contains an extensive list of supplimental information with links to any technical material referenced during the lesson including web sites, technical papers, network captures, and product information. Numerous video demonstrations are also provided, with many supplemented by security vulnerability reports, presentations and papers. This is one of the only courses that includes a textbook - "Industrial Network Security, 2nd ed." providing a learning experience unlike any other.

    This online course also includes a certification preparation module to help students prepare and pass the Certified SCADA Security Architect (CSSA) examination offered through Information Assurance Certification Review Board (IACRB). Save THOUSANDS of dollars off other certification programs!!!

    The material covered in this class is sufficient to successfully pass the Global Industrial Cyber Security Professional (GICSP) offered through GIAC.

    Each student will receive a Certificate of Training once all modules have been successfully viewed, and the associated self-assessments completed. These Continuing Education Units (CEU) can be used against other professional certifications like CISSP, CEH, etc.

    Within 30 days of registration and receipt of payment, students will receive the Course Manual, course textbook "Industrial Network Security, 2nd edition", and sign-on instructions to access the training material online.

    Students will receive a local copy of the extensive SCADAhacker Reference Library and catalog of software for creating security testing environments on other computing platforms. Students will also have access to an online library containing supplemental information, addendums, and corrections to course material.

    Physical ICS security equipment representing that actually available for deployment in the field will be included as part of the material covered. This will include not only ICS equipment, but also associated security components as well. Some of the technologies that will be covered in this course include:

    • Software and devices using common industrial protocols such as Modbus/TCP, TSAP, Ethernet/IP and Common Industrial Protocol (CIP)
    • Industrial Firewalls such as the Tofino Security Appliance, Innominate mGuard, Siemens Scalance X, and Ultra/3eTI
    • Unidirectional Security Gateways and Data Diodes (Waterfall Security Solutions)
    • Application Whitelisting such as Microsoft Software Restriction Policies and McAfee Application Control
    • Security Event and Incident Management solutions such as AlienVault OSSIM, McAfee Enterprise Security Manager and Splunk
    • Network Encryptors (Certes Networks CEP)
    • Firewalls and Firewall Evaluation Tools (Cisco, Athena)
    • Vulnerability and Compliance Scanners from Tenable Networks (Nessus)

    This course includes a certification preparation module to help students prepare and pass the Certified SCADA Security Architect (CSSA) examination offered through Information Assurance Certification Review Board (IACRB) (certification fees not included in course registration fee). Save THOUSANDS of dollars off other certification programs!!!

    The material covered in this class is sufficient to successfully pass the Global Industrial Cyber Security Professional (GICSP) offered through GIAC.

    Each student will receive a Certificate of Training once all modules have been successfully viewed, and the associated self-assessments completed. These Continuing Education Units (CEU) can be used against other professional certifications like CISSP, CEH, etc.

    This course is available via three different delivery methods. The traditional "live" format is available and will be offered based on current restrictions and safety protocols in response to the COVID-19 pandemic. Live courses will be delivered over a consecutive 5-day period 8-hours each day.

    Two different options are available for remote learning. The first is a structured "live /streaming" virtual session that will take place over a fixed period of time with each day beginning with instructor delivered content, followed by unstructured time where students can work on assignments, exercises and quizzes at their own pace with the instructor available to provide assistance as needed.

    For this first time, this course will be offered in a University/College structured delivery format that will consist of fixed weekly sessions beginning Monday, August 30 and will continue for 16 weeks. Each week will consist of a structure discussion session that will begin at 5:00p CT (time subject to change before the first day of class) with content that varies depending on week to include lectures and hands-on lab exercises. These sessions will be supplemented with written assignments and quizzes that will be completed outside of class and submitted for grading according to the course syllabus. Students will be able to schedule one-on-one time with the instructor to ask questions or discuss course content.  This provides flexibility that allows students to attend course outside of normal work hours, and at the same time be challenged to complete the material in a timely manner with additional mentoring time offered. This course includes activities not found in other "bootcamp" style programs. If you miss a weekly discussion session - no problem because all sessions will be recorded and can be viewed afterwards using the LMS.

    The registration deadline for this course structure is August 23 in order to allow sufficient time to ship course materials to students. Register early, because pricing will increase as the course start time approaches.

    For those interested in a self-paced, unstructured format, the course can be completed using an "on demand" format. All courses will utilize the learning management system for content delivery, supplimental information, assignment and exercise instructions and submissions, and examinations. Students will also have access to content via the LMS after the completion of the course using any delivery method.

    All payments are processed through PayPal using the links below and support a range of payment methods including credit/debit cards (a PayPal account is not required). Please contact ICSCSI if an alternate form of payment is required. Group discounts and on-site options are available. Click here for details on military and government discounts. HURRY ... prices will increase January 1!

    Dates Location Price Register
    On Demand Anytime Anywhere $ 6,500

    Why wait - even with the price of the GICSP examination, this college-level course can save you thousands when compared to "similar" SANS ICS course offerings!  Click here to watch an overview of the training program and the how SCADAhacker has built a learning management system unlike any other online training program.

    After registration and receipt of payment, students will you will receive an email with sign-on instructions to access the learning management system. For remote streaming and on-demand courses, course materials will be shipped and should arrive in 1-2 weeks.


    "This is a training program that make sense of it all. And is worth every penny if you have a desire to succeed and make a difference in the industry. The concepts and instructor’s approach lay common sense fundamentals in an understandable way to ensure your success incorporating the concepts in any ICS security program. If you need to further proof, take a look at the SCADAhacker and ICSCSI websites or the presentation videos on the S4 site. Listen to Joel Langill present, then you will see that he is one of the best teachers and mentors out there. Having participated in the SCADAhacker training many years ago, I still find myself accessing the online videos simply to keep reinforcing the concepts. Why, because they work. "
    Frank Garone
    Cyber Security Program Manager - Transportation (USA)

    "Joel has meticulously developed very high quality training materials that lay the foundation for a head start in ICS security. Targeting ICS users by focusing on realistic state-of-the-art security methods and techniques. This is indispensable training by one of the rare true experts of the ICS security field. Highly recommended!"
    Xander van der Voort
    van der Voort Cyber Security (The Netherlands)

    "This training is not to be missed!"
    Lori Hayes
    Cyber Security Specialist - Thornton Tomasetti (USA)

    "Coming from an IT background, finally I could find a venue that would walk me through A-Z of ICS security. This training should be made a mandatory requirement for IT security personnel in Oil & Gas!"
    Fuad Al-Ansari
    Takreer (Abu Dhabi)

    "Joel really is on the forefront of ICS/DCS Security! Excellent class!"
    Manufacturing Cyber Security Analyst - Pharmaceutical Industry (USA)

    "The most rewarding and practical class I have taken on any subject. If ICS security impacts you, this course is a must."
    Brock Perry
    Spartan Controls Ltd. (Canada)

    "Fantastic! Great content and perfect combination of hands-on and theory. I left the course feeling re-energized and well-equipped to address ICS security. If you have an opportunity to attend this class - do it. Joel rocks!"
    Andy Fenoglio
    Tenaska, Inc. (USA)

    "The best way to find out about what you know you don't know about ICS."
    Andy McNeil - CISSP, CISA - New Market Services Corp. (USA)

    "Despite your skill or exposure level to ICS security, you will walk away with a new perspective."
    ICS Vendor (USA)

    "This training is an eye opener to any ICS user, but specifically to vendors that should be more serious about ICS security."
    ICS Vendor (USA)