5-day Course for Securing ICS/SCADA Systems (Online)
This is a hands-on ICS / SCADA Security course with over 20 exercises and labs that are performed on a SCADA lab that contains over 15 different PLCs, RTUs, RF, and telemetry devices.
This course has been refined over the past 5 years, and over 3,000 professionals have been trained around the world by this course. It was designed to bridge the skills sets of Control System Engineers, Technicians, and IT Security professionals. The first day is spent diving deep into teaching how ICS and SCADA Systems work from the ground up. Instrumentation, I/O, control techniques, automation theory, HMI visualization, and data archival systems are broken down at their functional level. Several SCADA protocols are taught, captured, dissected, and then used to hack into the embedded devices. OPC, ModbusTCP, and EthernetIP are some of the ICS protocols that are used in live hands-on exercises and labs.
Everyone in the course builds their own SCADA system by implementing and designing their own OPC servers, data tags, and HMI graphics. The download Virtual Machines allow students watching the course from their computer to follow along with the exercises using the same tools as the instructors. RF and telemetry systems used in SCADA, ICS, and Smart Grid applications are covered, and live demonstrations are provided on the following RF systems: 900 MHz Spread Spectrum, Zigbee (802.15.4), WirelessHART, Bluetooth, and WiFi (2.4 and 5.6 GHz). Wireless hacking demonstrations are provided to convey the weaknesses and security hardening required when using wireless systems in ICS and SCADA applications.
Once all of the ICS and RF concepts are completely understood, then the course shifts into a Penetration and Exploitation mindset. The students are taught how to find security vulnerabilities in ICS and SCADA system components, how to safely conduct penetration testing against live ICS and SCADA systems, and how to conduct Cyber Vulnerability Assessments that satisfy the NERC CIP and DHS CFATS regulations. The Metasploit framework is taught using the BackTrack environment. The hands-on exercises start with basic Linux commands, and by the end of the course, students are creating their own buffer overflows and other exploits using Metasploit, NETCAT, HPING, and other open source tools.
After everyone has built their own SCADA system, and spent time learning how to attack these real-time systems, then the course rounds out the process by explaining how to defend these systems from similar threats. The defense techniques include how to design secure SCADA architectures, where to place firewalls, how to implement secure remote access into SCADA environments, where to deploy IDS / IPS systems, and tips for implementing centralized log aggregation and network monitoring solutions.
The instructors for this course have collectively over 20 years of experience conducting Cyber Security Penetration Testing and Vulnerability Assessments on live operational ICS and SCADA Systems, and the students like the ability to be able to pause and resume their learning at their own pace, or go back to previous material if required.
Course InformationView the Course Outline Download Information Links Guide