CISA Region 1 ICS Cybersecurity Training 2024 (Massachusetts)

This course provides training on understanding, protecting, and securing Industrial Control Systems (ICS) from cyber-attacks. In order to understand how to best defend a system, trainees will learn about common vulnerabilities and the importance of understanding the environment they are tasked to protect. Learning the weaknesses of a system will enable trainees to implement the mitigation strategies and institute policies and programs that will provide the defense-in-depth needed to ensure a more secure ICS environment.

Prerequisite: Every student attending the course must bring a laptop computer (no tablets) with wireless capability (to connect to the exercise networks) and a minimum of 8GB of RAM. A modified Kali distribution and a modified Security Onion VM containing additions to support classroom exercises will be used during the course. Each student must arrive with a VMware® software virtualization package (Workstation, Player, or Fusion) installed on their laptop. You must have administrator privileges to install the VM player.

Course Descriptions:

Monday May 13th, 8:00 am – 12:00 pm

Introduction to Control Systems Cybersecurity (101): The purpose of this course is to introduce students to the basics of industrial control systems security. This includes a comparative analysis of IT and control system architecture, security vulnerabilities, and mitigation strategies unique to the control system domain.

Monday May 13th, and Tuesday May 14th, 8:00 am – 12:00 pm and 1:00pm – 5:00 pm

ICScape: Hands-on escape room. The space station on Asteroid Covenant has sent out a distress signal stating they have experienced a loss of its critical life support control systems. The life support systems (i.e., oxygen and HVAC systems) have failed and there is only 60 minutes of air remaining before the demise of the crew. CISA and Idaho National Laboratory invite you to be a part of the adventure. This escape room contains a series of traditional escape room puzzles mixed with cybersecurity elements that utilize passive and active network discovery tools and techniques. Can you find your way onto the systems and figure out how to restore the life support systems before time runs out?

Tuesday , May 14th, 8:00 am – 5:00 pm

Intermediate Cybersecurity for Industrial Control Systems, Lecture Part 1 (201): This course provides technical instruction on the protection of industrial control systems using offensive and defensive methods. Students will understand how cyber-attacks could be launched, why they work, and mitigation strategies to increase the cybersecurity posture of their control system. Demonstrations will include the use of software tools to establish a baseline of your network(s), and to monitor and analyze its traffic.

Wednesday, May 15th and Thursday May 16th 8:00 am – 5:00 pm

*The two courses (202 and CyberStrike) will be presented alternately on Wednesday and Thursday, with 50 seats available for each class.

Intermediate Cybersecurity for Industrial Control Systems, Part 2 (202) Hands-on:

Because this course is hands-on, students will get a deeper understanding of how the various tools work. Accompanying this course is a sample process control network that demonstrates exploits used for unauthorized control of the equipment and mitigation solutions. This network is also used during the course for the many hands-on exercises that will help the students develop control systems cybersecurity skills they can apply when they return to their jobs.

Wednesday, May 15th and Thursday May 16th 8:00 am – 5:00 pm

CyberStrike: Hands-on workshop for defending against an OT cyber attack

[No laptop required] This course offers a hands-on, simulated demonstration of a cyberattack, drawing form elements of the 2015 and 2016 cyber incidents in Ukraine. The instruction platform challenges course participants to defend against a cyberattack on the equipment they routinely encounter within their industrial control systems.

A certificate of completion and CEUs will be offered to those who complete each session of the course.

Note: These courses are not a deep dive into training on specific tools, Control System protocols, Control System vulnerability details or exploits against Control System devices. The 101,201,202 designation is simply a course number and has no reference to a “100 or 200 level” course.

Who Should attend:

Members of the industrial control systems community associated with IT and process control network operations and security (Operations Technology, OT), operations or management of critical infrastructure (CI) assets and facilities, as well as those who provide CI components and software development.

In effort to help reach our intended audience, registrations using public email domains such as gmail, hotmail, yahoo, icloud, etc. may NOT be accepted. Please register using a work, government, or military email account. Registration is subject to review by CISA and does not guarantee participation with the training event.