CyberLive DoD 8140* ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats. Course Author Statement “This course provides students with the essentials for conducting cybersecurity work in industrial control system environments. After spending years working with industry, we believe there is a gap in the skill sets of industrial control system personnel, whether it be cybersecurity skills for engineers or engineering principles for cybersecurity experts. In addition, both information technology and operational technology roles have converged in today’s industrial control system environments, so there is a greater need than ever for a common understanding between the various groups who support or rely on these systems. Students in ICS410 will learn the language, the underlying theory, and the basic tools for industrial control system security in settings across a wide range of industry sectors and applications.” —Justin Searle, SANS Senior Instructor Syllabus Summary SECTION 1: ICS Overview SECTION 2: Architectures and Processes SECTION 3: Communications and Protocols SECTION 4: Supervisory Systems SECTION 5: ICS Security Governance SECTION 6: Capstone CTF You Will Be Able To ▐ Understand various industrial control systems and their purpose, application, function, and dependencies on network IP and industrial communications ▐ Work with control network infrastructure design (network architecture concepts, including topology, protocols, and components) and their relation to IEC 62443 and the Purdue Model. ▐ Run Windows command line tools to analyze the system looking for high-risk items ▐ Run Linux command line tools (ps, ls, netstat, ect) and basic scripting to automate the running of programs to perform continuous monitoring of various tools ▐ Work with operating systems (system administration concepts for Unix/Linux and/or Windows operating systems) ▐ Understand the systems’ security lifecycle ▐ Understand information assurance principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation) ▐ Use your skills in computer network defense (detecting host and network-based intrusions via intrusion detection technologies) ▐ Implement incident response and handling methodologies ▐ Map different ICS technologies, attacks, and defenses to various cybersecurity standards including NIST Cyber Security Framework, ISA/IEC 62443, ISO/IEC 27001, NIST SP 800-53, Center for Internet Security Critical Security Controls, and COBIT 5 Who Should Attend The course is designed for the range of individuals who work in, interact with, or can affect industrial control system environments, including asset owners, vendors, integrators, and other third parties. These personnel primarily come from four domains: ▐ IT (includes operational technology support) ▐ IT security (includes operational technology security) ▐ Engineering ▐ Corporate, industry, and professional standards NICE Framework Work Roles ▐ Process Control Engineer/Instrument & Control Engineer (ZZ-ICS-001) ▐ ICS/SCADA Security Engineer (ZZ-ICS-002) ▐ ICS/OT Systems Engineer (ZZ-ICS-003) ▐ OT SOC Operator (ZZ-ICS-004) ICS410: ICS/SCADA Security Essentials™ CURRICULUM: Industrial Control Systems (ICS) Security 6 Day Program 36 CPEs 15+ Labs GICSP Global Industrial Cyber Security Professional giac.org/gicsp “ The real-world, practical examples paired with an instructor who clearly knew the subject matter inside and out made this course invaluable.” —Theresa H., Booz Allen Hamilton For detailed course description, visit SANS.ORG/ICS410 Justin Searle Course Author WAYS TO TAKE ICS410 Live Online In-Person OnDemand * sans.org/8140
