Intro to ICS/SCADA
BT222
Table of Contents
Description
The Intro to ICS/SCADA program was constructed primarily for the security industry and was meant to equip participants with understanding the world of ICS. Energy companies, telecommunications, transportation, healthcare, and many other such industries are perceived as critical infrastructure for the continual maintenance of the state.
SCADA (Supervisory Control and Data Acquisition) systems are considered the “weak link” in the defense chain, for reasons you will discover throughout the training.
How to make the most of this course?
In order to succeed in the course, the following requirements must be met:
- Participation in all practical laboratories
Self-work at home between lessons; - Repetition of materials, self-learning, performing tasks, etc …
In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
The participant will also need a good personal computer suitable for running virtual machines, with a broadband Internet connection.
Target audience
- OT
- Incident responders
- Cyber forensics investigators
Objectives
- Getting familiar with the Industrial Control System world
- Expand ICS knowledge in both methodologies and techniques
Pre-requisites
- ThinkCyber Level-2 Courses
Syllabus
Description
During this module, participants will get an overview of the ICS/SCADA and learn the basics and structure of Industrial Control Systems.
Technical content
IT vs. OT
- Types of ICS Systems
o DCS vs. SCADA - SCADA components
o Human Machine Interface (HMI)
o Supervisory System
o Remote Terminal Units (RTUs)
o Programmable Logic Controller (PLCs) - ICS security overview
o Basic Security Concepts
o Physical Security
o Digital Security
o ICS Lifecycle Challenges - ICS Network Architectures
- Known ICS Protocols
o Modbus
o DNP3
o How to Approach Protocols Research
o ICS Protocol Fuzzing
Labs
The following labs are part of the actual BT222 course:
- Lab 1 Scanning for ICS
- Lab 2 Modbus
- Lab 3 Registers
- Lab 4 DNP3
- Lab 5 Honeypot
- Lab 6 ICS Simple Attacks
Real cases studies
Course type
This course is delivered in the following ways:
- Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
- In situe classroom with proctored labs and scenarios executed in our Cyberium Arena
All sessions are recorded and attendees can replay them during 30 days. All course material is electronically made available to the participant.
Course Group:
ICS SCADA
Hands-on / Theory MiX
The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.
Certification
This course prepares the participant to the following certification:
- CSSA (INFOSEC)
- GICSP (SANS)
Required EqUIPMENT
Network connection
As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.
BYOD – Bring Your Own Device
As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:
- Audio and Video
- 8 GB RAM
- 200 GB Disk Space
- Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)
And also a Good Headset with Mic
