ICS Security Training | SCADA Systems Security Training

Print Friendly, PDF & Email

ICS Security Training | SCADA Systems Security Training Course with real World hands-on labs

ICS Security Training | SCADA Systems Security Training Crash Course, SCADA controls our nation’s mission critical infrastructure, everything from the power grid to water treatment facilities Gain homeland security skills, by learning to assess and secure SCADA systems.

This ICS Security Training | SCADA Systems Security Training Crash Course covers everything from field based attacks to automated vulnerability assessments for SCADA networks. Learn the best practices for security SCADA networks and systems inside and out. ENO shows you how to defend against both internal and external attackers to provide holistic security for critical industrial automation systems.

ENO’s ICS Security Training | SCADA Systems Security Training Crash Course instructors have real world hands on experience securing some of the most high profile energy delivery, water treatment and mission critical SCADA system. Dozens of exercises in our Hands On ICS Security Training | SCADA Systems Security Training Crash Course Labs bring you up to speed with the latest threats to your SCADA systems. Learn subjects not found in books, on the Internet, or taught anywhere else in any other information security class.

Duration: 5 days

ICS Security Training | SCADA Systems Security Training Related Courses

Customize It

• If you are familiar with some aspects of ICS Security Training | SCADA Systems Security Training, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the ICS Security Training | SCADA Systems Security Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the ICS Security Training | SCADA Systems Security Training course in manner understandable to lay audiences.

Audience / Target Group

The target audience for this ICS Security Training | SCADA Systems Security Training course is defined here:

The ICS Security Training | SCADA Systems Security Training course is designed for the range of individuals who work in, interact with, or can affect industrial control system environments, including asset owners, vendors, integrators, and other third parties.

These personnel primarily come from four domains:

• IT (includes operational technology support)
• IT security (includes operational technology security)
• Engineering
• Corporate, industry, and professional standards

ICS Security Training | SCADA Systems Security Training - Prerequisites:

The knowledge and skills that a learner must have before attending this ICS Security Training | SCADA Systems Security Training course are as follows:

• ICS Security Training | SCADA Systems Security Training Course participants need to have a basic understanding of networking and system administration, TCP/IP, networking design/architecture, vulnerability assessment, and risk methodologies. ICS Security Training | SCADA Systems Security Training covers many of the core areas of security and assumes a basic understanding of technology, networks, and security. For those who are brand new to the field and have no background knowledge, Intro to Information Security would be the recommended starting point. While Intro to Information Security is not a prerequisite, it provides introductory knowledge that will help maximize a student’s experience with ICS Security Training | SCADA Systems Security Training Crash Course.

ICS Security Training | SCADA Systems Security Training - Objectives:

Upon completing this ICS Security Training | SCADA Systems Security Training course, learners will be able to meet these objectives:

• Better understand various industrial control systems and their purpose, application, function, and dependencies on network IP and industrial communications
• Work with control network infrastructure design (network architecture concepts, including topology, protocols, and components) and their relation to IEC 62443 and the Perdue Model.
• Run Windows command line tools to analyze the system looking for high-risk items
• Run Linux command line tools (ps, ls, netstat, ect) and basic scripting to automate the running of programs to perform continuous monitoring of various tools
• Work with operating systems (system administration concepts for Unix/Linux and/or Windows operating systems)
• Better understand the systems’ security lifecycle
• Better understand information assurance principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation)
• Use your skills in computer network defense (detecting host and network-based intrusions via intrusion detection technologies)
• Implement incident response and handling methodologies
• Map different ICS technologies, attacks, and defenses to various cybersecurity standards including NIST Cyber Security Framework, ISA/IEC 62443, ISO/IEC 27001, NIST SP 800-53, Center for Internet Security Critical Security Controls, and COBIT 5

ICS Security Training | SCADA Systems Security Training – Course Syllabus:

Day 1: ICS Overview

Global Industrial Cybersecurity Professional (GICSP) Overview
Overview of ICS
Processes & Roles
Purdue Levels 0 and 1
Controllers and Field Devices
Programming Controllers
Exercise: Programming a PLC
Purdue Levels 2 and 3
HMIs, Historians, Alarm Servers
Specialized Applications and Master Servers
Differences in Location and Latency
Exercise: Programming an HMI
IT & ICS Differences
ICS Life Cycle Challenges
Physical and Cyber Security
Secure ICS Network Architectures
ICS410 Reference Model
Design Example
Exercise: Architecting a Secure DCS

Day 2: Field Devices & Controllers

Students will develop a better understanding of where these specific attack vectors exist and how to block them, starting at the lowest levels of the control network.
ICS Attack Surface
Threat Actors and Reasons for Attack
Attack Surface and Inputs
Threat/Attack Models
Purdue Level 0 and 1
Purdue Level 0 and 1 Attacks
Control Things Platform
Exercise: Finding Passwords in EEPROM Dumps
Purdue Level 0 and 1 Technologies
Purdue Level 0 and 1 Communications
Fieldbus Protocol Families
Exercise: Exploring Fieldbus Protocols
Purdue Level 0 and 1 Defenses
Ethernet and TCP/IP
Ethernet Concepts
TCP/IP Concepts
Exercise: Network Capture Analysis
ICS Protocols over TCP/IP
Wireshark and ICS Protocols
Attacks on Networks
Exercise: Enumerating Modbus TCP

Day 3: Supervisory Systems

Students will learn about different methods to segment and control the flow of traffic through the control network. Students will explore cryptographic concepts and how they can be applied to communications protocols and on devices that store sensitive data.
Enforcement Zone Devices
Firewalls and NextGen Firewalls
Data Diodes and Unidirectional Gateways
Understanding Basic Cryptography
Crypto Keys
Symmetric and Asymmetric Encryption
Hashing and HMACs
Digital Signatures
Wireless Technologies
Satellite and Cellular
Mesh Networks and Microwave
Bluetooth and Wi-Fi
Wireless Attacks and Defenses
3 Eternal Risks of Wireless
Sniffing, DoS, Masquerading, Rogue AP
Exercise: Network Forensics of an Attack
Purdue Level 2 and 3 Attacks
Historians and Databases
Exercise: Bypassing Auth with SQL Injection
HMI and UI Attacks
Web-based Attacks
Password Defenses
Exercise: Password Fuzzing

Day 4: Workstations and Servers

Students will learn essential ICS-related server and workstation operating system capabilities, implementation approaches, and system management practices.
Patching ICS Systems
Patch Decision Tree
Vendors, CERTS, and Security Bulletins
Defending Microsoft Windows
Windows Services
Windows Security Policies and GPOs
Exercise: Baselining with PowerShell
Defending Unix and Linux
Differences with Windows
Daemons, SystemV, and SystemD
Lynis and Bastille
Endpoint Security Software
Antivirus and Whitelisting
Application Sandboxing and Containers
Exercise: Configuring Host-Based Firewalls
Event Logging and Analysis
Windows Event Logs and Audit Policies
Syslog and Logrotate
Exercise: Windows Event Logs
Remote Access Attacks
Attacks on Remote Access
Exercise: Finding Remote Access

Day 5: ICS Security Governance

Students will learn about the various models, methodologies, and industry-specific regulations that are used to govern what must be done to protect critical ICS systems.
Building an ICS Cyber Security Program
Starting the Process
Frameworks: ISA/IEC 62443, ISO/IEC 27001, NIST CSF
Using the NIST CSF
Creating ICS Cyber Security Policy
Policies, Standards, Guidance, and Procedures
Culture and Enforcement
Examples and Sources
Disaster Recovery
DR and BCP Programs
Modification for Cyber Security Incidents
Measuring Cyber Security Risk
Quantitative vs Qualitative
Traditional Models
Minimizing Subjectivity
Incident Response
Six Step Process
Exercise: Incident Response Tabletop Exercise
Final Thoughts and Next Steps
Other ICS Courses by SANS
Other SANS Curriculums and Courses

Whether you are looking for general information or have a specific question, we want to help!

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment