Course overview

The ICS/SCADA Cybersecurity course is a hands-on training module that teaches the foundations of security and defending network architectures from attacks. Students will learn to think like a malicious hacker to defend their organizations.

ICS/SCADA teaches powerful methods to analyze risks possessed by network infrastructure in IT and corporate spaces. Once your foundation or basic concepts are clear, you will learn a systematic process of intrusion and malware analysis. After this, you will learn about digital forensic process and incident response techniques upon detecting a breach.

About

• Hands-On Experience: Engage in practical training to apply learned concepts.
• Comprehensive Coverage: Gain in-depth knowledge of ICS/SCADA systems and their security challenges.
• Expert Instruction: Learn from experienced professionals in the field of cybersecurity.
• Certification Preparation: Prepare for certification exams to validate your skills and knowledge.

What you will learn?

• Basics of ICS/SCADA Security – Learn how industrial control systems work and how to protect them.
• Networking Basics – Understand how ICS/SCADA devices communicate over networks.
• Hacking Techniques – Learn common attack methods so you can defend against them.
• Finding Vulnerabilities – Discover weak points in systems and how to fix them.
• Malware and Intrusion Analysis – Learn how to detect and analyze attacks.
• Incident Response & Forensics – Know what to do when a system is compromised.

Goals

The ICS/SCADA Cybersecurity course aims to:

• Understand Security Foundations: Learn the basics of securing and defending network architectures from attacks.
• Adopt a Hacker's Mindset: Think like a hacker to better protect organizations from common attacks on ICS/SCADA systems.
• Analyze Risks: Use powerful methods to assess risks in both IT and corporate networks.
• Bridge the Air Gap: Learn best practices and recommendations for connecting isolated networks securely.
• Conduct Intrusion and Malware Analysis: Master systematic processes for analyzing intrusions and malware.
• Respond to Incidents: Understand the digital forensic process and how to respond to breaches effectively.

Audience

This course is designed for IT professionals who manage or direct their organization’s IT infrastructure and are responsible for establishing and maintaining information security policies, practices, and procedures. The focus in the course is on the Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) Systems.

• SCADA Systems personnel.
• Business System Analysts who support SCADA interfaces.
• System Administrators, Engineers, and other IT professionals who are administering, patching, securing SCADA, and/or ICS.
• Security Consultants who are performing security assessments of SCADA and/or ICS.

Content

Module 1: Introduction to ICS/SCADA Network Defense

• IT Security Model
• ICS/SCADA Security Model

LAB: Security Model

• Security Posture
• Risk Management in ICS/SCADA
• Risk Assessment
• Defining Types of Risk
• Security Policy

LAB: Allowing a Service

Module 2: TCP/IP 101

Introduction and Overview
Introducing TCP/IP Networks
Internet RFCs and STDs
TCP/IP Protocol Architecture
Protocol Layering Concepts
TCP/IP Layering
Components of TCP/IP Networks
ICS/SCADA Protocols

Module 3: Introduction to Hacking

Review of the Hacking Process
Hacking Methodology
Intelligence Gathering
Footprinting
Scanning
Enumeration
Identify Vulnerabilities
Exploitation
Covering Tracks

LAB: Hacking ICS/SCADA Networks Protocols

• How ICS/SCADA Are Targeted
• Study of ICS/SCADA Attacks
• ICS/SCADA as a High–Value Target
• Attack Methodologies In ICS

Module 4: Vulnerability Management

• Challenges of Vulnerability Assessment
• System Vulnerabilities
• Desktop Vulnerabilities
• ICS/SCADA Vulnerabilities
• Interpreting Advisory Notices
• CVE
• ICS/SCADA Vulnerability Sites
• Life Cycle of a Vulnerability and Exploit
• Challenges of Zero-Day Vulnerability
• Exploitation of a Vulnerability
• Vulnerability Scanners
• ICS/SCADA Vulnerability Uniqueness
• Challenges of Vulnerability Management Within ICS/SCADA

LAB: Vulnerability Assessment

• Prioritizing Vulnerabilities
• CVSS
• OVAL

Module 5: Standards and Regulations for Cybersecurity

• ISO 27001
• ICS/SCADA
• NERC CIP
• CFATS
• ISA99
• IEC 62443
• NIST SP 800-82

Module 6: Securing the ICS network

• Physical Security
• Establishing Policy – ISO Roadmap
• Securing the Protocols Unique to the ICS
• Performing a Vulnerability Assessment
• Selecting and Applying Controls to Mitigate Risk
• Monitoring
• Mitigating the Risk of Legacy Machines

Module 7: Bridging the Air Gap

• Do You Really Want to Do This?
• Advantages and Disadvantages
• Guard
• Data Diode
• Next Generation Firewalls

Module 8: Introduction to Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

• What IDS Can and Cannot Do
• Types IDS
• Network
• Host
• Network Node
• Advantages of IDS
• Limitations of IDS
• Stealthing the IDS
• Detecting Intrusions

LAB: Intrusion Detection

• Log Analysis
• ICS Malware Analysis

LAB: ICS Malware Analysis

• Essential Malware Mitigation Techniques
• ICS/SCADA Network Monitoring
• ICS/SCADA IDS

Prerequisites

• Linux operating system fundamentals, including basic command line usage.
• Conceptual knowledge of programming/scripting.
• Solid grasp of essential networking concepts (OSI model, TCP/IP, networking devices, and transmission media).
• Understanding of basic security concepts (e.g., malware, intrusion detection systems, firewalls, and vulnerabilities).
• Familiarity with network traffic inspection tools (Wireshark, TShark, or TCPdump) is highly recommended.

Exam Title: ICS/SCADA Cyber Security
Exam Code: ICS-SCADA
Number of Questions: 75
Duration: 2 hours
Exam Availability Locations: ECC Exam Portal
Languages: English
Test Format: Multiple Choice
Passing Score: 70%
Exam Mode: Remote Proctoring Services

Mane Piperevski

About

Mane is an Experienced Information Technology Expert with extensive experience in Cyber Security. Over 20 years in IT industry and 15 years experience in field of Cyber Security. With a breadth of technology skills, including networks, operating systems, databases and application development, Mane has provided penetration testing and IT forensics services in various industry sectors such as banking, electronic payment services, transportation, software development companies, utilities, pension and disability insurance and state courts. As experienced Microsoft Certified Trainer and Certified EC-Council Instructor, Mane has conducted training classes in Cyber security and Microsoft Products for over 1500 students in last 12 years. He is regular speaker at Cyber Security International Conferences and community events, leader and founder of OWASP Macedonian Chapter.

He is also AlienVault Certified Security Engineer (ACSE) capable for implementing, supporting and managing AlienVault USM solution.

As Security Expert he understands and knows how to look for the weaknesses and vulnerabilities in systems, how they work, how to investigate them and exploit for Proof of Concept.