SCADA/ICS Security Training Boot Camp

Learn the best practices for securing SCADA networks and systems. This boot camp teaches you how to defend against both internal and external attackers to provide holistic security for critical industrial automation systems.

★★★★☆

4.3

(365 ratings)

93% exam pass rate

View Pricing

Earn your CSSA, guaranteed!

Exam Pass Guarantee (online students)
100% Satisfaction Guarantee
Certified SCADA Security Architect (CSSA) exam voucher
Five days live, expert CSSA instruction (available online or in-person)
Immediate access to Infosec Skills — including a bonus CSSA boot camp prep course — from the minute you enroll to 90 days after your boot camp
90-day extended access to all boot camp video replays and materials
Knowledge Transfer Guarantee

Hands-on labs

Dozens of exercises in the SCADA Cyber Range bring you up to speed with the latest threats. Take the knowledge you learn and apply it to real-world scenarios to build your SCADA security skills.

View full course schedule

Training overview

From the power grid to water treatment facilities, SCADA controls our nation’s mission-critical infrastructure. Infosec’s ICS/SCADA Boot Camp builds your homeland security skills by teaching you how to assess and secure SCADA systems — and you’ll gain hands-on experience on the latest threats via our SCADA Cyber Range.

You’ll learn everything from field-based attacks to automated vulnerability assessments for SCADA networks. The boot camp also prepares you to pass the CSSA certification exam and become a Certified SCADA Security Architect.

What you'll learn

SCADA security policy development
SCADA security standards and best practices
Access control
SCADA protocol security issues
Securing field communications
User authentication and authorization
Detecting cyber-attacks on SCADA systems
Vulnerability assessment

Who should attend

SCADA system operators
SCADA analysts
Control systems engineers
ICS and SCADA consultants
IT and security professionals with a desire to learn how to protect critical infrastructure

Prerequisites

Understanding of computer hardware and operating systems
Basic knowledge of SCADA systems

Everything you need to earn your CSSA

Exam Pass Guarantee (online students)
100% Satisfaction Guarantee
Certified SCADA Security Architect (CSSA) exam voucher
5 days live, expert CSSA instruction (available online or in-person)
CSSA Boot Camp prep course
90-day extended access to all boot camp video replays and materials
Knowledge Transfer Guarantee

View Pricing

Exam Pass Guarantee

We guarantee you’ll pass your exam on the first attempt. Learn more.

CSSA training schedule

Infosec’s CSSA materials are always up to date and synchronized with the latest IACRB exam objectives. Our industry-leading curriculum and expert instructors have led to the highest pass rates in the industry. More than 93% of Infosec students pass their certification exams on their first attempt.

Before your boot camp
- Start learning now. You’ll get immediate access to all the content in Infosec Skills, including an in-depth CSSA prep course, the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
During your boot camp
- Part 1
  SCADA/ICS Overview
  
  Introduction to CSSA
  
  Industrial Control Systems (ICS)
  
  Types of ICS
  
  ICS components
  
  BPCS & SIS
  
  Control system strengths and weaknesses
  
  ICS PCN & protocols
  
  PCN evolution
  
  Modbus / DNP3 / HART
  
  Lab: Modbus PLC
  
  IT vs. ICS
  
  RS-232 and RS-485
  
  TASE 2.0 / ICCP
  
  CIP
  
  PROFIBUS / PROFINET
  
  FOUNDATION fieldbus
  
  Open vs. proprietary protocols
  
  HMI applications
  
  HMI/OIT implementations
  
  OPC and OPC UA
  
  Data historians
  
  Integration software (ERP/MES)
  
  Part 2
  SCADA security governance
  
  Threat to SCADA
  
  SCADA attacks and threats case studies
  
  Lab: Attacking the infrastructure
  
  SCADA security challenge
  
  Security frameworks, strategy, policies
  
  Standards, procedures and guidelines
  
  SCADA security standards bodies (NIST / ISA / CFATS / NERC CIP)
  
  Risk management process
  
  Lab: “Theoretical” assessment with CSET
  
  SCADA security assessment methodology
  
  NESCOR guide to vulnerability assessment
  
  Part 3
  Pentesting SCADA systems
  
  Security assessment strategy
  
  Pentesting steps
  
  Safety and security considerations
  
  Information gathering
  
  Architecture analysis
  
  Host, application and platform fingerprinting
  
  DNS and SNMP recon
  
  Lab: SNMP recon
  
  Host and port scanning
  
  Security considerations
  
  Scanning tools and techniques
  
  Lab: Scanning ICS/SCADA networks
  
  Network communications capture and analysis
  
  RF signal capture
  
  Sniffing network traffic
  
  Device functionality analysis
  
  Lab: Datasheet analysis
  
  Vulnerability identification
  
  Common SCADA vulnerabilities
  
  Finding vulnerabilities
  
  Physical access
  
  Vulnerability scanning
  
  Server OS testing
  
  Patch levels
  
  Default and insecure configurations
  
  Authentication and remote access
  
  Firmware analysis
  
  Attacking ICS
  
  Attacking standard services (HTTP, FTP)
  
  Attacking server OS
  
  Lab: Exploiting OS-level vulnerabilities (Shellshock exploit)
  
  Attacking ISC Protocols
  
  Lab: Capturing and manipulating protocol data
  
  Attacking wireless communications
  
  Lab: Recovering ZigBee network keys
  
  Lab: WEP/WPA2 password cracking
  
  Part 4
  SCADA security controls
  
  Categorization of system controls
  
  Physical security & safety
  
  Identification, Authentication & Authorization (IA&A)
  
  IA&A and access control
  
  Remote access security
  
  Encryption
  
  Logical security
  
  Lab: Firewall rule design
  
  Monitoring, detection and protection
  
  Secure SCADA architecture
  
  Lab: Security architecture (group discussion)
  
  IDS/IPS (Introduction to Snort)
  
  Log monitoring and management
  
  Lab: SCADA honeypot (Conpot)
  
  Lab: Snort SCADA rules (Quickdraw)
  
  Incident response
  
  Anti-malware
  
  Application whitelisting
  
  Patch management
  
  Active Directory and group policy
  
  Summary of good security practices
After your boot camp
- Your Infosec Skills access extends 90 days past your boot camp, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.

Free CSSA training resources

ICS/SCADA security overview

This article will provide a high-level overview of SCADA overview, environments and much more!

Learn More

Infosec alum Val Vask stays current on pentesting & SCADA standards

The course not only met my expectations, but exceeded them. I was surprised how interactive the course was. It was the most engaging online training I’ve ever had.

Read Now

Protecting customer data at contact centers

Ben Rafferty, chief innovation officer at Semafone, discusses how contact centers and the person-to-person interaction involved are a prime target for cybercriminals and what can be done to better protect sensitive customer information from insider and external threats.

Listen Now

Find your boot camp

See additional dates