Training course on Industrial Control Systems (ICS) Security

Module 1: Introduction to Industrial Control Systems and Operational Technology
Subtopics:
Overview of ICS, SCADA, DCS, and PLC systems
Differences between IT and OT environments
Evolution of industrial automation and connectivity
Critical infrastructure and cyber-physical systems (CPS)
Common ICS industries: energy, water, transport, oil & gas, and manufacturing
Lab: Explore a simulated ICS network topology and identify its core components
Case Study: Stuxnet — redefining the landscape of ICS security threats

Module 2: ICS Architecture and Communication Protocols
Subtopics:
ICS architecture layers: field, control, supervisory, and enterprise
Common ICS communication protocols: Modbus, DNP3, PROFINET, OPC, BACnet
Network segmentation and data flow within ICS environments
Remote access, wireless, and IIoT integration in control systems
Lab: Analyze network traffic using Wireshark for Modbus/TCP and DNP3
Case Study: Manipulation of industrial protocols in Ukraine’s power grid attack

Module 3: Threat Landscape and Attack Vectors in ICS Environments
Subtopics:
Common ICS/SCADA threat actors and motivations
Attack vectors: supply chain, ransomware, insider threats, zero-day exploits
ICS-specific vulnerabilities and misconfigurations
Mapping threats using MITRE ATT&CK for ICS
Lab: Threat simulation — identify attack stages within a sample ICS environment
Case Study: BlackEnergy and Industroyer malware impact on critical infrastructure

Module 4: ICS Risk Management and Security Frameworks
Subtopics:
Principles of ICS risk management and asset classification
ICS cybersecurity frameworks: NIST SP 800-82, ISA/IEC 62443, ISO/IEC 27019
Security policies and governance models for OT
Developing and implementing ICS risk mitigation plans
Lab: Conduct a basic ICS risk assessment using a provided industrial scenario
Case Study: Applying IEC 62443 to enhance power grid resilience

Module 5: Network Defense and Security Architecture for ICS
Subtopics:
Designing secure ICS networks with segmentation and zoning
Demilitarized zones (DMZs), firewalls, and secure remote access
Whitelisting, network monitoring, and anomaly detection
Secure configuration management for control systems
Lab: Build a segmented ICS network model with firewall rules and monitoring
Case Study: Securing a manufacturing plant network against lateral movement attacks

Module 6: ICS Security Monitoring, Detection, and Incident Response
Subtopics:
ICS-specific intrusion detection and monitoring tools (Nozomi, Claroty, Dragos)
Logging, alert correlation, and forensic evidence collection
ICS incident response lifecycle and playbooks
Coordinating IT and OT during security events
Lab: Detect and analyze anomalies using a simulated ICS intrusion scenario
Case Study: Lessons from Norsk Hydro ransomware recovery and response

Module 7: Securing ICS Applications and Endpoints
Subtopics:
Hardening control system devices: PLCs, HMIs, and RTUs
Patch management in operational technology
Secure engineering workstations and vendor access controls
Using virtualization and secure firmware management
Lab: Apply hardening guidelines to a PLC and simulate firmware validation
Case Study: Remote access vulnerabilities leading to ICS compromise

Module 8: ICS and IIoT Integration Security
Subtopics:
Convergence of IT, OT, and IoT environments
Risks introduced by IIoT sensors and edge devices
Secure data exchange and gateway security
Encryption and identity management in IIoT networks
Lab: Configure secure communication between IIoT devices and SCADA servers
Case Study: Smart factory cybersecurity challenges in Industry 4.0 environments

Module 9: Business Continuity, Resilience, and Disaster Recovery in ICS
Subtopics:
Designing resilient industrial operations
Backup and recovery planning for control systems
Redundancy and failover mechanisms
Building cyber resilience and maintaining uptime under attack
Lab: Develop a disaster recovery and continuity plan for an industrial process
Case Study: Maintaining operational continuity during OT ransomware incidents

Module 10: Governance, Compliance, and Future Trends in ICS Security
Subtopics:
ICS security governance and audit processes
Compliance with industry standards (NERC CIP, ISO 27001 for OT)
Emerging trends: AI in ICS security, 5G-enabled control systems, quantum threats
Building a long-term ICS cybersecurity maturity roadmap
Lab: Design an ICS cybersecurity policy framework for a critical infrastructure organization
Case Study: Implementing a sustainable OT cybersecurity program in the energy sector
Capstone Project
Participants will complete a hands-on ICS Security Assessment and Mitigation Plan involving:
Asset inventory and network mapping
Threat modeling and risk assessment
Network segmentation and intrusion detection design
Incident response and recovery planning
Policy and compliance documentation
Deliverables:
ICS network security architecture diagram
Risk and vulnerability report
Incident response strategy and action plan
Governance and compliance checklist