ICS310: ICS Cybersecurity Foundations

ICS310 is a foundational course for those new to ICS/OT. This section explains who the course is for, how it fits into a broader ICS cybersecurity training program, its development by multiple experts, and its role as a starting point for advanced SANS ICS Security courses.

Section two introduces the basic building blocks of industrial control systems, their purpose, and their key design concepts. We explore how ICS/OT systems connect and depend on each other, emphasizing the need for thoughtful design and reliable operations.

Section three focuses on cybersecurity, exploring challenges faced by offensive and defensive teams in ICS/OT. Students examine security considerations across critical sectors and understand key differences between IT and OT systems, terms, and trends.

Section four uses real-world case studies and events to highlight key lessons for improving operational security. Even if the cases are not from your sector, understanding shared devices, threats, and responses will help defenders focus on actions that truly matter.

Section five introduces common ICS/OT security regulations, guidelines, and standards commonly encountered across systems and sectors worldwide. This section provides a broad overview to build familiarity and serve as a reference point, equipping students with fundamental knowledge that they might later deepen with courses on specific standards.

Section six provides guidance on the SANS Five ICS Cybersecurity Critical Controls to help students prioritize actions in their organizations’ ICS/OT security programs. Modeled after IT controls but tailored for OT, these threat-informed controls focus on practical, proven steps to strengthen ICS/OT cybersecurity.