Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Control Systems

Training available through CSSP

Web-based format
Cyber Security for Control Systems Engineers & Operators
OPSEC for Control Systems (NEW)

Instructor Led format - Introductory Level
Control Systems Cyber Security Who Needs It? (1 hour)
Control Systems Security for Managers (1 hour)

Instructor Led format - Intermediate Level
Solutions for Process Control Security (4 hours)
Introduction to Control Systems Security for the IT Professional (8 hours)

Hands-on format - Intermediate Technical Level
Intermediate Control Systems Security (8 hours)

Hands-on format - Advanced Technical Level
Control Systems Cyber Security Advanced Training and Workshop (2 to 4 days)

The Control Systems Security Program provides training courses and workshops at various industry association events. These courses are packed with up-to-date information on cyber threats and mitigations for vulnerabilities. If your organization would like to have any of these training opportunities presented at your event, please contact CSSP.

Web Based Format

Cyber Security for Control Systems Engineers & Operators is a web-based training package consisting of five lessons covering threats, risks, cyber attacks, risk assessments and mitigations for control systems. It can be completed in less than an hour. This course has been approved for North American Electric Reliabilty Corporation (NERC) continuing education credits.

OPSEC for Control Systems is a web-based training package consisting of seven lessons covering the definition of OPSEC, the five-step OPSEC process, common information-collection techniques, information protection, physical protection, appropriate and inappropriate use in the control system environment, and a summary. It can be completed in less than an hour. This course has been approved for North American Electric Reliabilty Corporation (NERC) continuing education credits. OPSEC for Control Systems won the 2007 Interagency OPSEC Support Staff (IOSS) National Award for Multimedia Achievement.

To connect to the training:

  1. Click here to access the training site and click on "create an account now"
  2. Enter registration information and click "Submit"
  3. Enter your newly created userid/password, which is your email address entered and the password you chose.
  4. Click on the desired course: "Cyber Security for Control Systems Engineers & Operators" or "OPSEC for Control Systems"
  5. You will be asked to complete a short demographic survey prior to beginning the training on the page titled "Please Tell Us About Yourself". It is near the bottom of this page where you enter your NERC number to receive NERC continuing education credits. You will be asked to complete the survey once prior to beginning each course.
  6. After clicking submit, you'll be taken to a "Your courses" page.
  7. Simply click on the desired course: "Cyber Security for Control Systems Engineers & Operators" or "OPSEC for Control Systems" to begin the training. The registration process occurs only once, but allows us to create an account that can be used multiple times (leave and return to the training as many times as you like) along with gathering information about those that access the training.
  8. After completing the course, you will be asked to complete a short survey evaluating the effectiveness of the training.
  9. Upon completing the survey, you will be given to opportunity to print a certificate of training. It should be printed it in landscape mode.

This training was developed through the Control Systems Security Program, established by the U.S. Department of Homeland Security National Cyber Security Division.

Top

Instructor Led format - Introductory Level

Control Systems Cyber Security Who Needs It? (1 hour)

This course turns on the proverbial light bulb for many people as they realize that cyber security is as important as physical security. Some say that seeing is believing, so this course goes through a cyber attack, step by step, that takes control of a process control system. A short video shows the process an attacker could take to compromise the control of a manufacturing process (without the operator knowing about it). The course focuses on solutions aimed at mitigating this type of attack while providing a general overview of the control systems environment. Common vulnerabilities that have been found in virtually every system that the Control Systems Security Program has assessed are discussed and solutions for preventing exploits and detecting intrusions are presented.


Top

Instructor Led format - Introductory Level

Control Systems Security for Managers (1 hour)

This course combines technical information with a discussion of the business case. The instructor first discusses the threat to process control and SCADA systems, then, through a demonstration video, shows that it is possible for a cyber attack to cause physical problems. The class then moves on to identify mitigations to common vulnerabilities and ways to prevent and detect intrusions to process control and SCADA systems. This course concludes with a discussion about the business case and how cyber security affects the bottom line.


Top

Instructor Led format - Intermediate Level

Solutions for Process Control Security (4 hours)

The Solutions for Process Control Security training is a fast-paced course covering general control systems cyber security challenges. The training objectives include helping participants understand how attacks against control systems can be launched, identifying targets of opportunity, and providing mitigation strategies. Participants will gain an understanding on how to increase the cyber security posture of their control systems networks.


Top


Instructor Led format - Intermediate Level

Introduction to Control Systems Security for the IT Professional (8 hours)

This course is directed to those with IT Security responsibilities or background but have no previous experience in critical infrastructure control systems and their relationship to modern IT networks.

Four training sessions will guide attendees from basic definitions, components, and protocols to the major applications and architectures within critical infrastructure (CI) and key resources (KR). Control system network architectures, cyber threats and vulnerabilities, and mitigations will be presented. Current and emerging government and industry activities that are addressing the issue of risk reduction will be discussed.


Top

Hands-on format - Intermediate Technical Level

Intermediate Control Systems Security (8 hours)

This hands-on course is structured to help students understand exactly how attacks against process control systems could be launched and why they work and to provide mitigation strategies to increase the cyber security posture of their control systems networks.

Because this course is hands-on, students will get a deeper understanding of how the various tools work. Accompanying this course is a sample process control network that demonstrates exploits used for unauthorized control of the equipment and mitigation solutions. This network is also used during the course for the many hands-on exercises that will help the students develop control systems cyber-security skills they can apply when they return to their jobs.

Every student attending this course must have a laptop computer that they can configure and bring to the class. All students in the class should have basic coding skills and a fairly deep understanding of network details, from UDP to TCP, from MAC to IP.


Top

Hands-on format - Advanced Technical Level

Control Systems Cyber Security Advanced Training and Workshop (2 to 4 days)

The purpose of this workshop is to share information and provide intensive hands-on training and collaboration among colleagues who are working toward a common goal of securing critical infrastructure. This workshop can be coupled with one day of hands-on training to provide students with deeper understanding of how various tools work. A sample process control network will be used to demonstrate exploits and to give the student actual hands-on experience. The following day a red team / blue team exercise will provide friendly competition as the red team tries to attack the control system and the blue team works to defend against the cyber attacks. The workshop and interactions will allow for building cooperative working relationships, leverage experience and prior successful achievements, and minimize redundant or nonproductive efforts.


Top