SCADA/ICS Security Training Boot Camp

This class is primarily targeted towards Information Technology Professionals, Information Security Professionals, Control Systems Engineers, and SCADA System Operators with a background in computer hardware and operating systems.

Exam Pass Guarantee

We offer peace of mind with our Exam Pass Guarantee for Flex Pro students.

Analysts Recommended

IDC lists Infosec as Major Player in their Security Training Vendor Assessment.

Award Winning Training

For 17 years InfoSec has been one of the most awarded and trusted information security training vendors — 40+ industry awards!

Course Description

SCADA controls our nation’s mission critical infrastructure, everything from the power grid to water treatment facilities Gain homeland security skills, by learning to assess and secure SCADA systems. This course covers everything from field based attacks to automated vulnerability assessments for SCADA networks.

Learn the best practices for security SCADA networks and systems inside and out. Infosec shows you how to defend against both internal and external attackers to provide holistic security for critical industrial automation systems.

Infosec’s instructors have real world hands on experience securing some of the most high profile energy delivery, water treatment and mission critical SCADA system.

Dozens of exercises in Infosec’s Hands On Labs bring you up to speed with the latest threats to your SCADA systems. Learn subjects not found in books, on the Internet, or taught anywhere else in any other information security class.

SCADA Security Boot Camp

Award-winning training that you can trust.

High Performer

Technical Skills Development Software

Outstanding Partnership Award

Gold Winner

Best Cybersecurity Education Provider

Publisher's Choice

Security Training for Infosec Professionals

Top 20 Company

IT Training

The Most Flexible Training — Guaranteed

Exam Pass Guarantee — If you don’t pass your exam on the first attempt, get a second attempt for free; includes the ability to re-sit the course for free for up to one year

100% Satisfaction Guarantee — If you’re not 100% satisfied with your training at the end of the first day, you may enroll in a different Flex Pro or Flex Classroom course

Knowledge Transfer Guarantee — If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year

Learn How To Pen Test Real SCADA PLCs

In the Infosec SCADA/ICS Security Boot Camp, you will learn how to assess, attack and defend real PLCs. You will intercept and modify traffic that is sent to and from an Allen-Bradley MicroLogix 1100. You will also learn how to alter data that is reported from the Allen-Bradley device to an HMI, as well as surreptitiously change settings on the PLC. Finally, your instructor will show you how to defend against such attacks and improve the security posture of your organization.

View Pricing

We will never share any of your information, spam you or annoy you with pushy sales pitches.

Course Syllabus

Part 1: SCADA/ICS Overview

  • Introduction to CSSA
  • Industrial Control Systems (ICS)
    • Types of ICS
    • ICS Components
    • BPCS & SIS
    • Control System Strengths and Weaknesses
      • Lab: Ladder Logic Lab
  • ICS PCN & Protocols
    • PCN Evolution
    • Modbus / DNP3 / HART
      • Lab: Modbus PLC Lab
      • Lab: DNP3 Poll and Control Lab
    • IT vs. ICS
    • RS-232 and RS-485
    • TASE 2.0 / ICCP
    • CIP
    • FOUNDATION Fieldbus
    • Open vs. Proprietary Protocols
  • HMI Applications
    • HMI/OIT Implementations
      • Lab: HMI Exploration Lab
    • OPC and OPC UA
      • Lab: OPC Server Configuration Lab
  • Data Historians
  • Integration Software (ERP/MES)

Part 2: SCADA Security Governance

  • Threat to SCADA
    • SCADA Attacks and Threats Case Studies
      • Lab: Attacking the Infrastructure “BlackEnergy – Sandworm Attack” Lab
    • SCADA Security Challenge
  • Security Frameworks, Strategy, Policies
  • Standards, Procedures, and Guidelines
  • SCADA Security Standards Bodies (NIST / ISA / CFATS / NERC CIP)
  • Risk Management Process
    • Lab: “Theoretical” Assessment with CSET Lab
  • SCADA Security Assessment Methodology
    • NESCOR Guide to Vulnerability Assessment

Part 3: Pen Testing SCADA Systems

  • Security Assessment Strategy
    • Pen Testing Steps
    • Safety and Security Considerations
  • Information Gathering
    • Lab: Google Hacking and Shodun
  • Architecture Analysis
    • Host, Application and Platform Fingerprinting
      • DNS and SNMP Recon
      • Host and Port Scanning
        • Security Considerations
        • Scanning Tools and Techniques
          • Lab: Scanning Lab – Nmap (can be dangerous — optimal settings for ICS) and plcscan, modscan, metasploit auxiliary modules (modbus_findunitid and modbusclient)
    • Network Communications Capture and Analysis
      • RF Signal Capture
      • Sniffing Network Traffic
        • Lab: Passive Reconnaissance – sniffing and analyzing traffic with Wireshark
    • Device Functionality Analysis
      • Lab: Datasheet Analysis
  • Vulnerability Identification
  • Common SCADA Vulnerabilities
  • Finding Vulnerabilities
    • Physical Access
    • Vulnerability Scanning
      • Lab: Nessus scanning with Bandolier Security Audit Files
    • Server OS Testing
      • Patch Levels
      • Default and Insecure Configurations
    • Authentication and Remote Access
      • Lab: Metasploit auxiliary modules – bruteforcing
    • Firmware Analysis
      • Lab: Firmware Binary Code Analysis
  • Attacking ICS
    • Attacking Standard Services (HTTP, FTP)
      • Lab: Mutillidae / DVWA / WebGoat (SamuraiSTFU)
    • Attacking Server OS
      • Lab: Exploiting OS-Level Vulnerabilities (DoS Exploit)
    • Attacking ISC Protocols
      • Lab: Protocol fuzzing
      • Lab: Manipulating protocol data with mbtget
    • Attacking Wireless Communications
      • Lab: RF Signal demodulation with GNU Radio
      • (RF-Examples on SamuraiSTFU)
      • Lab: Recovering Zigbee network key from RAM dump (SamuraiSTFU)
      • Lab: Discovering wireless networks
      • Lab: WEP/WPA2 password cracking

Part 4: SCADA Security Controls

  • Categorization of System Controls
  • Physical Security & Safety
  • Identification, Authentication, & Authorization (IA&A)
    • IA&A and Access Control
    • Remote Access Security
  • Encryption
  • Logical Security
    • Lab: Firewall Rule Base Design
    • Lab: Firewall Management
  • Monitoring, Detection, & Protection
    • Secure SCADA Architecture
      • Lab: Security Architecture Lab (CSET Diagrams)
    • IDS/IPS (Introduction to Snort)
    • Log Monitoring and Management
      • Lab: SCADA Honeypot (conpot)
      • Lab: Snort SCADA Rules (Quickdraw)
      • Lab: SIEM (Splunk or AlienVault OSSIM)
  • Incident Response
  • Anti-Malware
  • Application Whitelisting
    • Lab: Microsoft Software Restriction Policies
  • Patch Management
  • Active Directory & Group Policy
  • Summary of Good Security Practices

Our Major Clients

Certifications & Compliance

IACRB CSSA (Certified SCADA Security Architect)

Infosec is an Accredited Training Center for the IACRB and will proctor the CSSA exam for you on the last day of class. The CSSA determines if a candidate possess adequate knowledge to properly secure a SCADA system. It is designed to be relevant for power transmission, oil and gas and water treatment industries.

The CSSA certification provides professionals with an objective measure of competence as well as a recognizable standard of achievement. The CSSA credential is ideal for industrial network administrators and their managers, as well as IT professionals and their managers. The CSSA certification encompasses the following domains:

  • SCADA security policy development
  • SCADA security standards and best practices
  • Access Control
  • SCADA protocol security issues
  • Securing field communications
  • User authentication and authorization
  • Detecting cyberattacks on SCADA systems
  • Vulnerability assessment

The exam is comprised of 100 randomly selected questions and is two hours in length.

Required Prerequisites

  • Understanding of a SCADA system
  • Attendees can be anyone involved with protection of a SCADA system: SCADA supervisors, analysts, system administrators as well as SCADA vendors.
  • Desire to learn how to protect the cyber critical infrastructure.

Book your course

    What Our Students Are Saying

    This class was awesome to say the least. The instructor is a highly knowledgeable individual and a great asset to the industry as a whole. If I could rate him as an 11 I would!! Course materials were great, they complimented and embellished skills that are vital to ICS Security.

    Mason McCorkle UpWind Solutions Inc.

    SCADA/ICS Security Training Boot Camp

    Career Tracks

    Ready to get started? Get instant pricing for this award-winning boot camp. View course pricing
    View instant course pricing