Control Systems Security Program (CSSP)
Training available through CSSP
Scheduled training is on the CSSP Calendar.
Web-based Training
The following summary level courses are available for on-line training:
OPSEC for Control Systems
Cyber Security for Control Systems Engineers & Operators
Instructor Led format - Introductory Level
Introduction to Control Systems Cybersecurity (101) - 1 day or 8 hrs
ICS Security for Management (111) - 1 - 2 hrs
Instructor Led format - Intermediate Level
Intermediate Cybersecurity for Industrial Control Systems (201) - lecture only - 1 day or 8 hrs
Hands-on format - Intermediate Technical Level
Intermediate Cybersecurity for Industrial Control Systems (202) - with lab/exercises - 1 day or 8 hrs
Hands-on format - Advanced Technical Level
ICS Advanced Cybersecurity (301) - 5 days
The Control Systems Security Program provides training courses and workshops at various industry association events. These courses are packed with up-to-date information on cyber threats and mitigations for vulnerabilities. If your organization would like to learn more about training opportunities, please contact cssp_training@hq.dhs.gov.
Instructor Led format - Introductory Level
Introduction to Control Systems Cybersecurity (101)
The purpose of this course is to introduce students to the basics of industrial control systems security. This includes a comparative analysis of IT and control system architecture, security vulnerabilities, and mitigation strategies unique to the control system domain.
This course is split into four sessions: (1) Cybersecurity Landscape: Understanding the Risks, (2) Industrial Control Systems Applications, (3) Current State of Cybersecurity in Industrial Control Systems, and (4) Practical Applications of Cybersecurity.
Instructor Led format - Introductory Level
ICS Security for Management (111)
Offers management the necessary background and basic understanding of the current ICS cyber security landscape. This includes an overview of the elements of the risk equation and how it applies to cyber security of an ICS, with an emphasis on threat and its components. The course is designed to introduce the managers to actual threats and vulnerability along with tools they can use to help mitigate the cyber security risk to their ICS.
Instructor Led format - Intermediate Level
Intermediate Cybersecurity for Industrial Control Systems (201) - lecture only
This course provides technical instruction on the protection of industrial control systems using offensive and defensive methods. Students will understand how cyber attacks could be launched, why they work, and mitigation strategies to increase the cybersecurity posture of their control system. In addition, this course acts as a prerequisite for the next course, Intermediate Control System Security-Part 2, which offers hands-on application of the concepts presented.
This course is split into four sessions: (1) Current Security in ICS, (2) Strategies Used Against ICS, (3) Defending the ICS, and (4) Preparation and Further Reading for Part 2.
Hands-on format - Intermediate Technical Level
Intermediate Cybersecurity for Industrial Control Systems (202) - with lab/exercises
This hands-on course is structured to help students understand exactly how attacks against process control systems could be launched and why they work and to provide mitigation strategies to increase the cyber security posture of their control systems networks.
This course provides a brief review of industrial control systems security. This includes a comparative analysis of IT and control system architecture, security vulnerabilities, and mitigation strategies unique to the control system domain. Because this course is hands-on, students will get a deeper understanding of how the various tools work. Accompanying this course is a sample process control network that demonstrates exploits used for unauthorized control of the equipment and mitigation solutions. This network is also used during the course for the many hands-on exercises that will help the students develop control systems cybersecurity skills they can apply when they return to their jobs.
This course is split into six sessions: (1) Supervisory Control and Data Acquisition (SCADA) and control system overview, (2) Risk to Industrial Control Systems, (3) Exploit demonstration, (4) Basic Control Security Considerations, (5) Network: Security, Identification, and Remediation, and (6) Network: Defense, Detection, and Analysis. The goal of our training today is to give you an understanding of some key issues in cybersecurity related to industrial control systems. Additionally, it will provide you with hands-on training applying the information learned.
Hands-on format - Advanced Technical Level
ICS Advanced Cybersecurity (301) - 5 days
This event will provide intensive hands-on training on protecting and securing industrial control systems from cyber attacks, including a Red Team/Blue Team exercise that will be conducted within an actual control systems environment. This exercise provides an opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks.
This event includes 5 days of intensive cybersecurity for industrial control systems training, and a Red Team / Blue Team exercise:
- Day 1 — Welcome, overview of the DHS Control Systems Security Program, a brief review of cybersecurity for Industrial Control Systems, a demonstration showing how a control system can be attacked from the internet, and hands-on classroom training on Network Discovery techniques and practices.
- Day 2 — Hands-on classroom training on Network Discovery, using Metasploit, and separating into Red and Blue Teams.
- Day 3 — Hands-on classroom training on Network Exploitation, Network Defense techniques and practices, and Red and Blue Team strategy meetings.
- Day 4 — A 12-hour exercise where participants are either attacking (Red Team) or defending (Blue Team). The Blue Team is tasked with providing the cyber defense for a corporate environment, and with maintaining operations to a batch mixing plant, and an electrical distribution SCADA system.
- Day 5 — Red Team/Blue Team exercise lessons learned and round-table discussion.
Prerequisites: Each attendee should have practical knowledge with ICS networks, software, and components, have basic coding skills, and a fairly deep understanding of IT network details, such as the difference between UDP & TCP protocols, and MAC & IP addresses. Every student attending this course should bring a laptop computer (with a DVD drive) that they have “administrator” privileges, allowing them to configure and load software.