SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
ICS612: ICS Cybersecurity In-Depth
ICS612Industrial Control Systems Security
- 5 Days (Instructor-Led)
- 30 Hours (Self-Paced)
Course created by:
Tim Conway, Jason Dely, Christopher Robinson & Jeffrey Shearer
Course created by:Tim Conway, Jason Dely, Christopher Robinson & Jeffrey Shearer
- 30 CPEs
Apply your credits to renew your certifications
- In-Person or Virtual
Attend a live, instructor-led class from a location near you or virtually from anywhere
- Advanced Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 25 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Develop comprehensive defenses in industrial control systems, and master methodologies through hands-on exercises in a simulated operational technology environment with real-world components.
Featured Quote
Excellent course, would definitely recommend to my team and others wanting a more in-depth experience with ICS. The examples provided during class are really what made this so special.
Course Overview
Securing Operational Technology (OT) vs. IT environments requires a different perspective and approach. Each OT system is uniquely engineered to an organization's operational needs, so how should we go about securing these systems?
Through our immersive operations environment, ICS612 will take you from theory to practice over this five-day ICS security training course. You will learn to identify operational vulnerabilities and build defenses in the roles of engineering, operations, and red and blue teams. You will navigate from PLC and HMI operations to the complexities of advanced IT and OT security architecture and monitoring, understanding how threat actors attack operations through ICS systems and personnel. You will reinforce these skills in hands-on lab exercises and conclude with an incident response scenario investigating and recovering classroom operations.
Emerge with a thorough understanding of how to analyze an unknown system to secure and maintain operational resilience.
What You'll Learn
- Learn active and passive methods to safely gather information about an ICS environment
- Identify vulnerabilities in ICS environments
- Determine how attackers can maliciously interrupt and control processes and how to build defenses
- Implement proactive measures to prevent, detect, slow down, or stop attacks
- Understand ICS operations and what "normal" looks like
- Build choke points into an architecture and determine how they can be used to detect and respond to security incidents
- Manage complex ICS environments and develop the capability to detect and respond to ICS security events
Business Takeaways
- Enhance operational resilience in critical infrastructure
- Reduce risk of costly production outages
- Protect intellectual property and operational data
- Meet regulatory compliance requirements
- Improve threat detection capabilities
- Build security into system architecture
- Develop incident response capabilities for OT incidents
Meet Your Authors
- Slide 1 of 4
Tim Conway
FellowTim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings.
Read more about Tim Conway - Slide 2 of 4
Jason Dely
Certified InstructorJason Dely brings over 20 years of experience and a diverse industrial control system background to SANS and the industrial control system (ICS) community.
Read more about Jason Dely - Slide 3 of 4
Christopher Robinson
Certified InstructorChristopher, Principal Consultant at Applied Risk/DNV, specializes in ICS red team activities. He holds multiple security certifications and brings a wealth of practical experience to the classroom environment.
Read more about Christopher Robinson - Slide 4 of 4
Jeffrey Shearer
Certified InstructorJeff is a Subject Matter Expert (SME) for the Global Industrial Cyber Security Professional (GICSP) certification and is an instructor for the ICS612: ICS Cybersecurity In-Depth course.
Read more about Jeffrey Shearer
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in ICS612: ICS Cybersecurity In-Depth.
Section 1The Local Process
This section aligns students to the baseline fundamentals of industrial control systems, focusing on local process control components, such as Programmable Logic Controllers (PLCs) and Human Machine Interfaces (HMIs).
Topics covered
- Purdue model and ICS architecture
- Communication flow mapping
- Level 0-2 components
- Protocol analysis of operations data
- Embedded device security essentials
Labs
- PLC and HMI platform setup
- PLC programming and troubleshooting
- Service discovery on controllers
- OT protocol analysis with Wireshark
- PLC/HMI communication analysis
Section 2System of Systems
This section explores how multiple control systems interact in a larger industrial environment and the security implications. Students will understand peer-to-peer communications in ICS, Supervisory Control and Data Acquisition (SCADA) systems, and Open Platform Communications (OPC).
Topics covered
- Level 3 system components
- PLC peer-to-peer communications
- SCADA/OPC communications
- IT service dependencies in OT
- Defense techniques for Level 3
Labs
- Zone/Cell/Area network connections
- SCADA system configuration
- OPC security configuration
- Securing traditional IT services
- Defending against Level 3 attacks
Section 3ICS Network Infrastructure
This section focuses on designing and implementing secure network architecture for industrial control systems. Students will understand and practice the deployment of common IT network technology in ICS.
Topics covered
- Connected process security
- Secure plant design principles
- Industrial network segmentation
- Trusted communications flows
- Remote access and historian security
Labs
- Network segmentation implementation
- Firewall configuration for ICS
- Data diode implementation
- Historian system hardening
- Jump host and 2FA implementation
Section 4ICS System Management
This section addresses the ongoing management and monitoring of industrial control systems to maintain security. Students will understand and practice ICS system monitoring and logging, asset management, and asset validation.
Topics covered
- ICS environment logging strategies
- Monitoring and alerting best practices
- Serial network security monitoring
- System integrity verification
- Asset management for OT systems
Labs
- Log aggregation configuration
- Event monitoring tuning
- Asset management implementation
- System integrity verification
- Change management procedures
Section 5Covfefe Down!
This final section tests students' skills through a NetWars-style comprehensive incident response scenario in the classroom ICS environment.
Topics covered
- OT environment attack patterns
- Protocol-level manipulation techniques
- Firmware security considerations
- Industrial wireless security
- Time synchronization security
Labs
- ICS NetWars-style challenge
- Four levels of questions
- Local process and share process
- Head end process environment
- Environment manipulation
Things You Need To Know
Relevant Job Roles
Threat Hunter
Digital Forensics and Incident ResponseThis expert applies new threat intelligence against existing evidence to identify attackers that have slipped through real-time detection mechanisms. The practice of threat hunting requires several skill sets, including threat intelligence, system and network forensics, and investigative development processes. This role transitions incident response from a purely reactive investigative process to a proactive one, uncovering adversaries or their footprints based on developing intelligence.
Explore learning pathProcess Control Engineering
Industrial Control SystemsTests, programs, troubleshoots, and oversees changes of existing processes or implements new engineering processes through the deployment and operations of engineering systems and automation devices.
Explore learning pathICS Security Architect
Industrial Control SystemsEnsures control system network security compliance and best practises for control networks.
Explore learning pathICS Security Incident Responder
Industrial Control SystemsExecutes specific industrial incident response for incidents that threaten or impact control system networks and assets, while maintaining the safety and reliability of operations.
Explore learning pathICS Security Analyst
Industrial Control SystemsAcquires and manages resources, supports, and performs key industrial security protection while adhering to safety and engineering goals.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchasing Options?Contact Us
Filter by:
Location & instructorDate & TimeCourse priceEnrollment options
- Location & instructor
Canberra, ACT, AU & Virtual (live)
Instructed by Michael HoffmanDate & TimeFetching schedule..View event detailsCourse priceA$14,045 AUD*Prices exclude applicable local taxesEnrollment options - Location & instructor
London, GB & Virtual (live)
Instructed by Michael HoffmanDate & TimeFetching schedule..View event detailsCourse price£7,505 GBP*Prices exclude applicable taxes | EUR price available during checkoutEnrollment options - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by Jason DelyDate & TimeFetching schedule..View event detailsCourse price$9,230 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Singapore, SG & Virtual (live)
Instructed by Michael HoffmanDate & TimeFetching schedule..View event detailsCourse price$9,365 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Amsterdam, NL & Virtual (live)
Instructed by Jason DelyDate & TimeFetching schedule..View event detailsCourse price€8,630 EUR*Prices exclude applicable local taxesEnrollment options - Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by Jason DelyDate & TimeFetching schedule..View event detailsCourse price$9,230 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Houston, TX, US & Virtual (live)
Instructed by Jason DelyDate & TimeFetching schedule..View event detailsCourse price$9,230 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Khobar, SA & Virtual (live)
Instructed by Michael HoffmanDate & TimeFetching schedule..View event detailsCourse price$9,365 USD*Prices exclude applicable local taxesEnrollment options
Showing 8 of 13
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 2Course content was great. I really enjoyed the hands-on experience with the large amount of labs offered.
- Slide 2 of 2I loved that this course was lab heavy. I feel 100% more comfortable around OT equipment now. That’s saying a lot since my background and experience has been strictly IT.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources