SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
ICS456: Essentials for NERC Critical Infrastructure Protection
ICS456Industrial Control Systems Security
- 5 Days (Instructor-Led)
- 31 Hours (Self-Paced)
Course created by:
Tim Conway, Ted Gutierrez & Felix Schallock
Course created by:Tim Conway, Ted Gutierrez & Felix Schallock
- GIAC Critical Infrastructure Protection (GCIP)
- 31 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Essential Skill Level
Course material is for individuals with an understanding of IT or cyber security concepts
- 23 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Close the gap between NERC CIP compliance and real-world security. Learn hands-on skills to protect the Bulk Electric System and ensure you're always ready for both the next audit and the next threat.
Featured Quote
ICS456 has been crucial for our staff in understanding NERC CIP compliance and honing skills to protect our nation’s grid through real-life labs. Paired with the GCIP certification, it has shaped career paths in Critical Infrastructure Protection and brought prestige to CIP professionals. At NextEra Energy, ICS456 gives us a competitive advantage as we guide the future of our compliance program.
Course Overview
ICS456: Essentials for NERC Critical Infrastructure Protection offers practical guidance that translates regulatory policy into action. The evolving landscape of cybersecurity threats and regulatory pressure has made compliance with the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards more than just a checkbox exercise—it is a complex, high-stakes challenge for organizations operating the Bulk Electric System. Designed to cut through the confusion for operations, IT/OT security, and compliance professionals alike, the course demystifies NERC CIP requirements, aligns them with real-world industrial control system (ICS) environments, and equips teams to manage risks, avoid violations, and build a culture of cyber resilience. If staying ahead of audits while defending critical infrastructure is your mission, ICS456 delivers the knowledge and tools to do it with confidence.
What You'll Learn
- Understand the structure and authority of the NERC regulatory framework and how CIP standards align with broader BES reliability goals
- Acquire accurate BES Cyber System identification, categorization, and impact rating strategies to reduce compliance exposure
- Learn how to interpret nuanced NERC CIP terminology and apply standards appropriately in complex ICS and OT environments
- Apply practical approaches to implementing effective cyber and physical access controls, monitoring, and logical protections
- Master system and configuration management strategies, including timelines for patching, vulnerability assessments, and procedural controls
- Gain techniques for maintaining a sustainable CIP program, including personnel training, risk assessments, and recurring task management
- Practice proven methods to prepare audit-ready compliance evidence and effectively support audit engagements
Business Takeaways
- Reduce compliance risk through better program management
- Enhance security posture beyond minimum requirements
- Improve audit readiness and defensible documentation
- Better ROI on security technology investments
- Streamline recurring compliance activities
- Reduce penalties through proactive compliance
- Balance compliance and operational security needs
Meet Your Experts
- Slide 1 of 3
Tim Conway
FellowTim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings.
Read more about Tim Conway - Slide 2 of 3
Ted Gutierrez
Ted is course author of ICS456: Essentials for NERC Critical Infrastructure Protection and is the former ICS Curriculum Director and Utility NERC CIP Product Manager at the SANS Institute.
Read more about Ted Gutierrez - Slide 3 of 3
Felix Schallock
Felix is the owner of TIBITS Consulting GmbH, where he provides consulting and advisory services to organizations in the critical infrastructure sector. He brings over 30 years of experience and a diverse IT and OT background to SANS.
Read more about Felix Schallock
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in ICS456: Essentials for NERC Critical Infrastructure Protection.
Section 1Asset Identification and Governance
Develop understanding of electric sector regulatory structure and how Critical Infrastructure Protection (CIP) standards fit into the reliability framework. Explore Bulk Electric System (BES) Cyber Asset identification approaches and the importance of governance controls.
Topics covered
- Regulatory History and NERC Model
- NERC Reliability Standards
- Key Terms and Definitions
- BES Cyber System Categorization
- Security Management Controls
Labs
- Virtual Machine Setup
- Protocol Analysis with Wireshark
- Facility Environment Assessment
- CSET Facility Evaluation
Section 2Access Control and Monitoring
Gain proficiency in the physical and cyber access controls that form the foundation of effective security programs. Learn practical implementations of firewalls, proxies, gateways, and IDS. Understand strengths and weaknesses of physical security controls through hands-on exercises.
Topics covered
- Electronic Security Perimeter(s)
- Interactive Remote Access
- External Routable Communication
- Physical Security Planning
- Visitor Control Programs
Labs
- Network Analysis and Visualization
- Firewall Rule Development
- ICS Signatures and Alerting
- Physical Control Breach Techniques
- Security Review and Response
Section 3System Management
Address compliance challenges with CIP-007 and CIP-010 through system design and architecture approaches. Explore system security management requirements and configuration change management techniques through labs focused on implementation and testing.
Topics covered
- Physical and Logical Ports
- Patch Management
- Malicious Code Prevention
- Account Management
- Configuration Change Management
Labs
- Windows System Assessment
- Validating Findings & Impact
- System Hardening Techniques
- System Log Management
- Vulnerability Assessment Tools
Section 4Information Protection and Response
Learn to build effective awareness programs that reinforce information protection and cybersecurity training. Understand incident response roles and disaster recovery requirements while mastering communication protocols and data preservation techniques.
Topics covered
- Security Awareness Programs
- Personnel Risk Assessment
- Information Protection
- Incident Response Planning
- Recovery Plan Development
Labs
- Information Leakage Awareness
- Steganography Detection
- Incident Response Tabletop Exercise
- Forensic Data Preservation
- Yara Introduction
Section 5The CIP Process
Master key components of an effective CIP compliance program including standards development, violation penalties, and RAI processes. Learn to prepare for audits through gap analysis, culture building, and self-reporting strategies.
Topics covered
- Compliance Process Maintenance
- Audit Preparation Techniques
- Standards Development Process
- Future CIP Directions
- Violation Case Studies
Labs
- Auditor Tools & NP-View Analysis
- PowerShell Automation
- Audit Simulation Exercise
- DOE C2M2 Assessment
- Blue Team-Red Team Approaches
Things You Need To Know
Relevant Job Roles
ICS Security Leader
Industrial Control SystemsBuilds and maintains business relationships with engineering staff and C-suite stakeholders by communicating and managing cyber-to- physical risks while reducing security risk to engineering operations and simultaneously prioritising safety.
Explore learning pathPrivacy Compliance Manager (DCWF 732)
DoD 8140: Cyber EnablersLeads privacy program development and compliance oversight to ensure adherence to privacy laws, standards, and executive data protection needs.
Explore learning pathCybersecurity Analyst / Engineer
Cyber DefenseAs this is one of the highest-paid jobs in the field, the skills required to master the responsibilities involved are advanced. You must be highly competent in threat detection, threat analysis, and threat protection. This is a vital role in preserving the security and integrity of an organization’s data.
Explore learning pathICS Security Incident Responder
Industrial Control SystemsExecutes specific industrial incident response for incidents that threaten or impact control system networks and assets, while maintaining the safety and reliability of operations.
Explore learning pathICS Security Analyst
Industrial Control SystemsAcquires and manages resources, supports, and performs key industrial security protection while adhering to safety and engineering goals.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Filter by:
Location & instructorDate & TimeCourse priceEnrollment options
- Location & instructor
Virtual (OnDemand)
Instructed by Jason ChristopherDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$7,650 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by Jason ChristopherDate & TimeFetching schedule..View event detailsCourse price$7,650 USD*Prices exclude applicable local taxes - Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by Jason ChristopherDate & TimeFetching schedule..View event detailsCourse price$7,650 USD*Prices exclude applicable local taxes - Location & instructor
Houston, TX, US & Virtual (live)
Instructed by Tim ConwayDate & TimeFetching schedule..View event detailsCourse price$7,650 USD*Prices exclude applicable local taxes - Location & instructor
Orlando, FL, US & Virtual (live)
Date & TimeFetching schedule..View event detailsCourse price$7,650 USD*Prices exclude applicable local taxes
Showing 5 of 5
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3This course was spot on and then some! The caliber of the materials/instructor/support team was outstanding.
- Slide 2 of 3For anyone with CIP compliance responsibilities and technical experience, this was the perfect course to fill in knowledge gaps, get hands-on with some of the tech used by entities, and improve compliance.
- Slide 3 of 3Coming into this class with minimal knowledge of NERC\CIP, I feel I have a better understanding so I can ask questions and help support our OT networks, and keep them compliant.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources