Industrial Control System
Cyber Security Institute

ICS Cyber Security Training Curriculum

Fundamentals of Industrial and Facility-Related Control System Cyber Security
HANDS-ON LAB EXERCISES

Duration	90 days (Self-Paced Remote)
Available Format(s)	Remote Online (On-Demand)
Who should attend	Staff and personnel responsible for understanding, implementing, and evaluating the impact to operational systems and their directed consequences on service availability, safety, environmental responsibility, and business profitability. This is performed through the identification, collection, evaluation and prioritization of threats and vulnerabilities and the calculation of unmitigated and residual risk of the cyber-physical ecosystem. Typical student profiles include: automation engineers (OT), process / manufacturing engineers (OT), facility operations and maintenance, finance, procurement, corporate compliance, system administrators (IT), network managers (IT), security officers, and facility management.
Prerequisites	Fundamentals of Information and Operational Technology Systems Fundamentals of Risk Management Linux Fundamentals
Hands-On Exercises / Labs	Multiple
Expected Outcome	(MANAGERIAL and OPERATIONAL) Ability to supervise, participate in, and/or evaluate results of an operational assessment correlating logical and physical threats, vulnerabilities and weaknesses of integrated, heterogeneous cyber-physical systems and the impacts they have on operational integrity.
CEUs	16
Certification Ready	N/A
Course Fee	$1,500 if already enrolled in eligible course (payment links in existing course content) $2,000 if purchased standalone (via PayPal) $2,250 for Express + Labs bundled package (via PayPal) Contact ICSCSI for other payment methods

This course provides vital hands-on operational skills necessary to perform thorough and accurate security assessments of operational technologies. This course does not provide the background and context of the skill sets, but rather focuses specifically on hands-on skills. When purchased as a bundle, enrollment will also include the "Fundamentals of ICS/FRCS Cyber Security EXPRESS" course content (view details here).

The curriculum introduces processes and methodologies based on decades of field activities and operational data to look at systems from a risk point-of-view that emphasize consequences or impact to critical services and functions rather than component or system level vulnerabilities that often do not map to any operational targets. This course is taught using a range of real-world architectures, components, devices, and protocols that leverage both traditional software vulnerabilities and other more subtle, hard to find yet equally if not, more powerful human vulnerabilities that arise from typical system configuration and usage to focus on mapping threats to impact. This is delivered in a complete virtual environment. Students interact with an advanced simulation environment and in many cases complete written exercises associated with the activities. The instructor reviews student results and is available to offer remote support if needed.

Course Agenda

• • Exercise: Assessment Preparation & Planning - Acme Manufacturing Company
  • Exercise: Installing Network Analysis Tools (optional)
  • Exercise: Using Network Analysis Tools
  • Exercise: Analyzing ICS Network Traffic with Network Analysis Tools
  • Exercise: Multi-Zone Asset Discovery (Hardware & Software Inventories)
  • Exercise: Multi-Zone Asset Discovery (Data Flow & Firewall Analysis)
  • Exercise: Vulnerability Identification on a Multi-Zone OT Architecture
  • Exercise: Performing Credentialed Vulnerability Scans at Home using Nessus (optional)
  • Exercise: Characterization & Compliance Auditing
  • Exercise: ICS Risk Analysis & Control Selection
  • Exercise: Addressing Resilience to Improve Security of OT Architectures

Student Requirements

Students will use their own laptop to complete activities and exercises included with this on-line course. This student-supplied laptop will be used to access the ICSCSI Learning Management System (LMS) throughout the course. The laptop must have installed a modern Internet web browser such as Chrome, Edge, Firefox, Safari, etc. The platform operating system is not important and may include Linux (multiple distributions), macOS, or Windows. No additional software is required for this course.

Access to the LMS requires a public Internet connection that resolves the icscsi.org domain name and allows connectivity using TCP transport ports 443 and 8443.

The LMS will host content used throughout the course that can be viewed and downloaded by the students.

Student Material

All material used in this course is in electronic format and integrated with the course modules. Google Workspace will be used to present students with forms that will be completed and submitted to the instructor for review.

Recommended Optional Reading

It is not practical to think any single course can supply all the reference and background information necessary to become a TVRA expert assessor! He can, however, offer an additional on-demand course and a list of books and manuals that make up the library that can read, practice, and refine the skills needed to become an “OTsec” ninja!

Additional information on other courses offered as part of the curriculum can be viewed by selecting from the following list or the Quick Links located in the top righthand section of this page:

• Introduction to Industrial and Facility-Related Control System Cyber Security
• Fundamentals of Information (IT) and Operational Technology (OT) Systems
• Conducting Asset Inventories for U.S. Department of Defense Facility-Related Control Systems using the Army Methodology
• Fundamentals of Industrial and Facility-Related Control System Cyber Security
• Ethical Hacking for Industrial Control Systems