Intro to ICS/SCADA


Table of Contents


The Intro to ICS/SCADA program was constructed primarily for the security industry and was meant to equip participants with understanding the world of ICS. Energy companies, telecommunications, transportation, healthcare, and many other such industries are perceived as critical infrastructure for the continual maintenance of the state.

SCADA (Supervisory Control and Data Acquisition) systems are considered the “weak link” in the defense chain, for reasons you will discover throughout the training.

How to make the most of this course?

In order to succeed in the course, the following requirements must be met:

  • Participation in all practical laboratories
    Self-work at home between lessons;
  • Repetition of materials, self-learning, performing tasks, etc …

In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
The participant will also need a good personal computer suitable for running virtual machines, with a broadband Internet connection.

Target audience

  • OT
  • Incident responders
  • Cyber forensics investigators


  • Getting familiar with the Industrial Control System world
  • Expand ICS knowledge in both methodologies and techniques


  • ThinkCyber Level-2 Courses



During this module, participants will get an overview of the ICS/SCADA and learn the basics and structure of Industrial Control Systems.

Technical content

IT vs. OT

  • Types of ICS Systems
    o DCS vs. SCADA
  • SCADA components
    o Human Machine Interface (HMI)
    o Supervisory System
    o Remote Terminal Units (RTUs)
    o Programmable Logic Controller (PLCs)
  • ICS security overview
    o Basic Security Concepts
    o Physical Security
    o Digital Security
    o ICS Lifecycle Challenges
  • ICS Network Architectures
  • Known ICS Protocols
    o Modbus
    o DNP3
    o How to Approach Protocols Research
    o ICS Protocol Fuzzing


The following labs are part of the actual BT222 course:

  • Lab 1 Scanning for ICS
  • Lab 2 Modbus
  • Lab 3 Registers
  • Lab 4 DNP3
  • Lab 5 Honeypot
  • Lab 6 ICS Simple Attacks

Real cases studies

Case study #1 (ICS001)
Following the recent Corona outbreak, A new malware campaign has been found using coronavirus-themed lures to strike government sectors in Azerbaijan with remote access trojans (RAT) capable of exfiltrating sensitive information. A power plant, part of the energy sector, is suspected to be infected and compromised.
Case study #2 (ICS002)
BSides London Industrial control system is in the risk of a cyber-attack upon their SCADA systems. The system runs water supply, power grid, and gas distribution, so an attack like this can be disastrous. Your company has been hired to help with the situation.

 Course type

This course is delivered in the following ways:

  • Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
  • In situe classroom with proctored labs and scenarios executed in our Cyberium Arena

All sessions are recorded and attendees can replay them  during 30 days. All course material is electronically made available to the participant.

 Course Group:


 Hands-on / Theory MiX

The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.

1 %
Case studies


This course prepares the participant to the following certification:


Required EqUIPMENT

Network connection

As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.

BYOD – Bring Your Own Device

As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:

  • Audio and Video
  • 8 GB RAM
  • 200 GB Disk Space
  • Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)

And also a Good Headset with Mic

More Details