CyberLive DoD 8140* Operational Technology (OT) environments face a growing wave of sophisticated cyber threats, yet many organizations rely on IT-centric security measures ill- suited to the distinct challenges of Industrial Control Systems (ICS) and SCADA systems. The absence of specialized knowledge and practical expertise in ICS cybersecurity leaves critical infrastructure exposed, increasing the risk of operational disruptions, financial losses, and safety incidents. This course builds on foundational ICS cybersecurity principles to provide industrial cybersecurity professionals with the advanced skills necessary to secure OT environments effectively. By focusing on the unique demands of industrial systems, the course equips both IT and OT cybersecurity professionals to address emerging threats, ensuring the safety, security, and resilience of critical infrastructure with minimal operational impact. Critical infrastructure and key resource sectors face a rapidly evolving threat landscape, where cyberattacks can disrupt essential services, compromise safety, and cause significant economic and operational harm. Professionals who operate, manage, design, implement, monitor, and defend control systems are at the forefront of this challenge. This course is designed specifically for these practitioners, providing the essential skills and knowledge needed to secure and support control systems in high-stakes environments. This course equips professionals to address the day-to-day security needs of critical infrastructure— ensuring resilience, safety, and operational continuity. Syllabus Summary SECTION 1: ICS Overview SECTION 2: Architectures and Processes SECTION 3: Communications and Protocols SECTION 4: Supervisory Systems SECTION 5: ICS Security Governance SECTION 6: Capstone CTF You Will Be Able To ▐ Understand various industrial control systems and their purpose, application, function, and dependencies on network IP and industrial communications ▐ Work with control network infrastructure design (network architecture concepts, including topology, protocols, and components) and their relation to IEC 62443 and the Purdue Model. ▐ Run Windows command line tools to analyze the system looking for high-risk items ▐ Run Linux command line tools (ps, ls, netstat, ect) and basic scripting to automate the running of programs to perform continuous monitoring of various tools ▐ Work with operating systems (system administration concepts for Unix/Linux and/or Windows operating systems) ▐ Understand the systems’ security lifecycle ▐ Understand information assurance principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation) ▐ Use your skills in computer network defense (detecting host and network-based intrusions via intrusion detection technologies) ▐ Implement incident response and handling methodologies ▐ Map different ICS technologies, attacks, and defenses to various cybersecurity standards including NIST Cyber Security Framework, ISA/IEC 62443, ISO/IEC 27001, NIST SP 800-53, Center for Internet Security Critical Security Controls, and COBIT 5 Who Should Attend The course is designed for the range of individuals who work in, interact with, or can affect industrial control system environments, including asset owners, vendors, integrators, and other third parties. These personnel primarily come from four domains: ▐ IT (includes operational technology support) ▐ IT security (includes operational technology security) ▐ Engineering ▐ Corporate, industry, and professional standards NICE Framework Work Roles ▐ Process Control Engineer/Instrument & Control Engineer (ZZ-ICS-001) ▐ ICS/SCADA Security Engineer (ZZ-ICS-002) ▐ ICS/OT Systems Engineer (ZZ-ICS-003) ▐ OT SOC Operator (ZZ-ICS-004) ICS410: ICS/SCADA Security Essentials™ CURRICULUM: Industrial Control Systems (ICS) Security 6 Day Program 36 CPEs 15 Labs GICSP Global Industrial Cyber Security Professional giac.org/gicsp “ The real-world, practical examples paired with an instructor who clearly knew the subject matter inside and out made this course invaluable.” —Theresa H., Booz Allen Hamilton For detailed course description, visit SANS.ORG/ICS410 Justin Searle Course Author WAYS TO TAKE ICS410 Live Online In-Person OnDemand * sans.org/8140
