Industrial Control System
Cyber Security Institute

Cyber Security Training for Industrial Control Systems


The impacts of cyber-attacks are becoming everyday headlines. Attacks targeted at critical infrastructure were non-existent 10-20 years ago but are becoming more common as malicious actors realize the importance of these systems and how infrastructure depends on them. Attackers are showing signs of increasing sophistication in the tools, techniques, and procedures used in their campaigns. At the same time, the consequences from these attacks continue to rise as society depends more on technology and automation, leading to loss of economic stability, intellectual property, personal identity, mission assurance and operational resilience. The life of these attackers – whether rogue individuals with limited funding or well-resourced nation states – is becoming easier due to instant access to advanced offensive toolkits, open-sourced databases of sensitive information, and the ability to perform aggressive acts with little or no chance of detection.

There is a worldwide shortage of a competent and qualified workforce to respond to operational installations to perform security assessments uncovering potential weaknesses and understanding how these industrial automation and control systems work and can be secured within the constraints of maintaining system reliability. They must then recognize how to secure not only the systems, but the vital services these systems provide to a facility, a company, and society as a whole. It is important that when selecting a training partner to provide vital operational training and continuing mentorship through industry-recognized subject matter experts that they are able to demonstrate a repeatable process that consistently meets mission objectives in terms of situational awareness, operational knowledge, technical capability, and the ability to operate safely within sensitive and often hazardous areas. A qualified training partner should be able to efficiently uncover system weaknesses, and then offer solutions that can mitigate client-specific risk factors without impacting the operational integrity of the systems being secured.

ICSCSI believes their approach with respect to industrial control systems helps clients gain a better understanding of system operation, while at the same time helping to identify, verify, mitigate and monitor risks of these systems and their direct impact on business integrity and mission assurance. This approach helps clients deploy solutions and services that specifically target their unique reduction of operational risk.

Additional information describes how the ICSCSI curriculum addresses workforce skills improvement through a proven set of courseware, published textbooks, industrial control system-specific cyber ranges, and real-world case studies that cannot be obtained from traditional large-scale, bulk training organizations. Individuals learn at different rates and through different means, which is why ICSCSI provides a learning environment that can be individually tailored to yield the greatest benefits.


The ICS Cyber Security Institute offers on-line training developed by practitioners in both ICS system design/operation and cyber security design/compliance. This not only enriches the learning environment, but also provides realistic insight into the systems and topologies that are commonly installed and the internal and external challenges in securing these architectures. ICSCSI can save commercial and federal organizations thousands of dollars over other course offerings by focusing on teaching operational skills necessary to understand complex ICS architectures rather than just a basis of knowledge of security concepts. All ICSCSI courses are developed from a foundation of real-world data that is then converted into relevant and meaning hands-on scenarios and exercises. This is reinforced with a basis of knowledge that is embedded in an advanced learning management system that allows students the opportunity to focus on areas of interest or those that require extra attention. ICSCSI blends leading edge ICS cyber security content with an extensive textbook (not offered by any other program!) and exposure to many of the leading ICS cyber security technologies that are necessary in improving security and resilience of vital operational technologies.

Joel Langill, Founder and Managing Member of ICSCSI and Founder of has more than 35 years experience as a practicing control systems engineer and nearly 20 years of security experience coupled with over 10 years of developing and delivering ICS-specific cyber security programs. Though the number of outlets for operational cyber security training has increased, there remains a shortfall in training individuals and organizations how to secure industrial control systems like Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), Building Automation Systems (BAS) and Facility-Related Control Systems (FRCS). There are several acceptable courses currently available, however, when reviewing the syllabi of these courses, it becomes clear that they tend to focus too much on either (1) theoretical aspects of the problem, or (2) the hacking or red team side of industrial cyber security. Knowing this, and not trying to duplicate what is currently available, ICSCSI provides various course offerings that span basic and introductory concepts necessary for everyone who interacts physically or logically with control systems to full-scope, comprehensive courses that teach in depth concepts of automation and control systems and associated advanced securing and hardening techniques. Additional courses continue to be added as client needs are reviewed.

ICSCSI courses are targetted primarily for end-users, asset owners, integrators, vendors, and consultants of industrial and facility-related control systems who are faced with the challenges of assessing, securing, and maintaining these systems. This also includes those involved in the assessment and authorization process as part of compliance to the Risk Management Framework (RMF) for mission critical facility-related control systems such as utility monitoring, energy management, electronic security, and life-safety.

ICSCSI's comprehensive training program is based on significant public and private sector input allowing it to address specific challenges relating to industrial cyber security. Training objectives are designed to provide the greatest value to the client organization while at the same time, providing the vital operational skills necessary to secure their critical infrastructure. These objectives include:

  • What is the role of the targeted trainee (who)
    • Engineers
    • System Operations
    • Network Operations
    • Maintenance Personnel
    • Vendor / Support Personnel
    • Supervisory Personnel
    • Operations Management
    • Corporate Leadership
    • Risk Managers
  • What skills do these trainees need to obtain, improve, or reinforce ...
    • General Security Awareness - Threats, Methods, Risks, Impacts
    • ICS/FRCS Architecture - Topology, Applications, Hardware, Communications
    • ICS/FRCS Operation - Safety, Redundancy, Scope of Loss, Safety Backup
    • ICS/FRCS Maintenance - External Influences, Software Updates, Hardware Refresh
    • Offensive "Red Team" Capabilities - Host-based, Network-based, Device-based Attacks
    • Defensive "Blue Team" Capabilities - Prevention, Detection, Correction, Forensics
  • Methods used to teach skills to trainees (how)
    • Reconnaissance
    • Attack
    • Detection
    • Response
    • Attribution
    • Correction and Remediation

All courses irrespective of length provide material that focuses on securing the industrial and facility-related automation and control system architecture through a curriculum of lectures, in-depth demonstrations, hands-on student exercises (where appropriate), and real-world case studies. The material covered is designed to reinforce a basic understanding of ICS/FRCS’s, their architectures and their underlying operation and technologies. It provides a methodology of assessing operational systems and evaluating risk in terms of how threats can impact operational integrity and mission assurance. All training covers the purpose (introductory courses) and the steps (advanced courses) needed to perform on-line security and vulnerability assessments whether from a tactical (hands-on) or strategic (supervisory) perspective. The assessments can then be used to help select and implement security controls and countermeasures relating specifically to ICS/FRCS’s to mitigate identified risks within an organization or facility.

Industrial and facility-related control systems represent a broad collection of system types, suppliers and solution offerings. Training discusses these systems providing the most realistic representation of what trainees can expect when they work with actual client systems. This curriculum includes hands-on demonstrations and student lab exercises utilizing actual ICS/FRCS equipment providing a realistic scenario to the industrial and facility-related control systems found at most client facilities. This includes not only ICS/FRCS equipment, but also ICS/FRCS-specific security technologies. This is possible due to the support of several technology leaders including:    

Allen-Bradley Honeywell Security Onion
Automation Direct Iconics Siemens
Beckhoff Johnson Controls Sierra Wireless
Bosch Lantronix Splunk
Certes Networks Moxa Tenable Network Security
Cisco NETRESEC Tofino (Belden)
Claroty NexDefense (Dragos) TrapX
Dragos OISF Tridium
Eaton OSIsoft Turck
Emerson Phoenix Contact Ultra/3eTI
Galaxy Control Systems Rapid 7 United Technologies
GarrettCom (Belden) Red Lion Controls Wago
General Electric RuggedCom (Siemens) Waterfall Security
Hirsch Schneider Electric Yokogawa
Hirschmann (Belden) Securiton  

Some of the technologies covered in this course including products developed by those vendors listed above include:

  • Anomaly Detection
  • Application and Network Whitelisting
  • Asset Identification
  • Automation and Control Technologies
  • Compliance Auditing Tools
  • Electronic Security Systems
  • Firewalls and Firewall Evaluation/Analysis Tools
  • Host Characterization Tools
  • Industrial Firewalls include Deep Packet Inspection for Industrial Protocols
  • Industrial Networking
  • Industrial Protocol Converters and Gateways
  • Log Monitoring
  • Network Analysis and Characterization Tools
  • Network Encryptors for Industrial Protocols
  • Security Incident and Event Management Solutions
  • Unidirectional Security Gateways
  • Vulnerability Scanners
  • Wireless Gateways

Advanced Learning Management System provides a Flexible Training Environment

What makes the ICSCSI Training Curriculum unique is the advanced Learning Management System (LMS) that all students will use as part of their unique training program. Our LMS provides a sophisticated platform to blend lecture videos, written and hands-on lab exercises, and quizzes with detailed suppliemental information that can be used to explore topics at much greater depth and breadth than others. The following video provides an overview of the ICSCSI LMS.

Cyber Range for Training and Mission Planning

One of the most valuable aspects of the ICSCSI approach to industrial control system cyber security training is the ability to incorporate state-of-the-art physical components into a cyber range environment that is tightly integrated with the LMS. The issue with other training programs is the need to virtualize the entire training environment which effectively eliminates the ability to interact with real-world industrial components since most critical ICS assets cannot be virtualized. ICSCSI has developed an infrastructure that allows physical field devices (level 0) and primary control components (level 1) to be integrated into the cyber range. This capability provides the greatest amount of realism to the architecture since the physical equipment is fully integrated with the virtual infrastructure irrespective of location - a very important aspect when learning industrial networks and how they can vary significantly from traditional IT networking. Students can now access large, complex, and costly systems via this range integration using a proprietary gateway that can be installed in any facility that provides unfiltered and without proxy public Internet access. This same technology allows ICSCSI to take any physical environment and extend it into the training range. The possibilities are endless, but for the first time, large scale training can take place on actual industrial equipment. This LMS Cyber Range integration brings real-world physical devices, platforms, and systems to student desktops anywhere in the world!

ICSCSI Cyber Range Topology

What previous students have to say about this training

"This is a training program that make sense of it all. And is worth every penny if you have a desire to succeed and make a difference in the industry. The concepts and instructor’s approach lay common sense fundamentals in an understandable way to ensure your success incorporating the concepts in any ICS security program. If you need to further proof, take a look at the SCADAhacker and ICSCSI websites or the presentation videos on the S4 site. Listen to Joel Langill present, then you will see that he is one of the best teachers and mentors out there. Having participated in the SCADAHacker training many years ago, I still find myself accessing the online videos simply to keep reinforcing the concepts. Why, because they work. "
Frank Garone
Cyber Security Program Manager - Transportation (USA)

"Joel has meticulously developed very high quality training materials that lay the foundation for a head start in ICS security. Targeting ICS users by focusing on realistic state-of-the-art security methods and techniques. This is indispensable training by one of the rare true experts of the ICS security field. Highly recommended!"
Xander van der Voort
van der Voort Cyber Security (The Netherlands)

"This training is not to be missed!"
Lori Hayes
Cyber Security Specialist - Thornton Tomasetti (USA)

"Coming from an IT background, finally I could find a venue that would walk me through A-Z of ICS security. This training should be made a mandatory requirement for IT security personnel in Oil & Gas!"
Fuad Al-Ansari
Takreer (Abu Dhabi)

"Joel really is on the forefront of ICS/DCS Security! Excellent class!"
Manufacturing Cyber Security Analyst - Pharmaceutical Industry (USA)

"The most rewarding and practical class I have taken on any subject. If ICS security impacts you, this course is a must."
Brock Perry
Spartan Controls Ltd. (Canada)

"Fantastic! Great content and perfect combination of hands-on and theory. I left the course feeling re-energized and well-equipped to address ICS security. If you have an opportunity to attend this class - do it. Joel rocks!"
Andy Fenoglio
Tenaska, Inc. (USA)

"The best way to find out about what you know you don't know about ICS."
Andy McNeil - CISSP, CISA - New Market Services Corp. (USA)

"Despite your skill or exposure level to ICS security, you will walk away with a new perspective."
ICS Vendor (USA)

"This training is an eye opener to any ICS user, but specifically to vendors that should be more serious about ICS security."
ICS Vendor (USA)