Expanding ICS Security Awareness: Part 2 - New Modules, New Risks, Same Mission

From the Control Room to the Boardroom—Cybersecurity is Everyone’s Job.

With ICS/OT systems more interconnected than ever, managing human risk is critical—especially as over 80% of breaches involve human factors. Traditional IT-focused awareness programs must be augmented for protecting ICS environments, as safety, legacy systems, and unique threat vectors must be considered.

In Part 1 of this blog series, we explored why dedicated ICS/OT security awareness is a foundational layer in industrial cybersecurity defense, applied to end users, practitioners, and leadership. We showcased the SANS ICS Cybersecurity Awareness training series, a set of 21 role-based, short-form modules built specifically for ICS/OT organizations. These modules, led by certified instructors (Tim Conway and Dean Parsons), include live-action instruction, animations, real-world threat examples, and knowledge checks. They’re designed for diverse roles across ICS operations—from field technicians and process engineers to executives and safety teams.

Each training module supports safety, risk reduction, and alignment with industry-recognized models like the SANS Security Awareness Maturity Model. The goal: empower every person in an ICS environment to become a line of defense.

What’s New: Expanded Module Lineup for 2025

Every year the SANS ICS SSA Engineering modules are updated, driven by new evolving threats, defense measures, technology, and new approaches that can be directly applied to reduce safety risk to industrial sites and people.

To reflect the constantly evolving threat landscape, the SANS ICS Security Awareness program has again just expanded with new, high-impact modules that address the latest technologies and risks facing modern control system environments, in all ICS/OT sectors! These additions build on the foundation of the series and extend its reach, giving organizations new tools to manage human risk even more effectively.

With the six newest modules added recently, the complete lineup now consists of 27 total modules—each focused on a specific aspect of ICS risk and response. From the newest cases studies, ICS/OT and cloud, control system penetration testing, AI governance in OT and, the Five ICS Cybersecurity Critical Controls, leadership-level ICS/OT incident response tabletop exercises, and more, these modules offer new focused practical knowledge that empowers personnel at all levels.

The six modules are outlined below:

1. ICS Malware & Cyber to Physical Attacks

Covers new ICS/OT scalable malware attack frameworks that can impact physical operations and safety. Helps teams understand the risks of cyber-attacks crossing into safety-critical systems.

2. The Five ICS Cybersecurity Critical Controls

Focuses on the top five practical threat-informed controls that reduce ICS/OT cyber risk, immediately, based on the current ICS/OT cyberthreat landscape, to be considered for any control system sector. Aligns IT, OT, and leadership on shared priorities for risk reduction.

3. Cloud Services for ICS & OT

Explains how cloud technologies are being adopted in ICS, the benefits they offer, and the risks they introduce. Navigate ICS/OT and cloud services, safer with informed approaches for cloud integration in OT environments.

4. ICS Penetration Testing Considerations

Outlines safe, effective approaches to ICS pen testing. Emphasizes coordination, timing, and risk management in live or replica environments for findings, safely.

5. ICS and Artificial Intelligence (AI)

Explores the role of AI in ICS operations, from automation to analytics. Highlights both opportunities and emerging cyber risks tied to AI adoption.

6. ICS Tabletops for Leadership

Prepares senior leaders through ICS-specific tabletop exercises that simulate real-world attacks on ICS/OT. It sharpens strategic thinking, communication, and decision-making under pressure, ensuring leaders are ready to respond effectively during incidents.

There are now 27 separate role-based ICS/OT short courses that can be assigned to the roles in your organization that support your ICS/OT environment. They are as follows:

1. ICS Security Awareness Introduction
2. ICS Security Awareness Overview
3. Overview of Attacks in ICS
4. ICS/OT Attack Surfaces
5. ICS/OT Network Security
6. ICS/OT Server Security
7. ICS/OT System Maintenance
8. ICS/OT Information Assurance
9. ICS/OT Incident Response
10. ICS/OT Attack Scenario
11. Ukraine Attack Scenario
12. Phishing Scenario
13. Ransomware in ICS/OT
14. ICS Security Awareness and Reporting
15. ICS Removeable Media
16. Cyber Engineering Oldsmar Event
17. ICS Transient Cyber Assets
18. Operating Through a Ransomware Attack in ICS/OT
19. ICS/OT Perimeter Attack
20. ICS/OT Supply Chain Attack
21. ICS/OT Tabletops for Leadership
22. ICS/OT Malware, Cyber to Physical Attacks
23. The Five ICS/OT Cybersecurity Critical Controls
24. Cloud Services for ICS/OT
25. ICS/OT Penetration Testing Considerations
26. ICS/OT and Artificial Intelligence (AI)
27. ICS/OT Security Awareness Modules Conclusion

Role-Based & Why It Matters

Whether you're an engineer responsible for real-time operations or a leader shaping organizational risk strategy, ICS/OT-specific security awareness is an essential part of the strategy. These modules offer a clear path to improved safety, reduced downtime, and enhanced cyber resilience.

Each training module is:

• Delivered by certified ICS instructors with real-world experience
• Designed for measurable participation and comprehension
• Built to be SCORM- and 508-compliant for integration into LMS platforms
• Continuously updated to match the latest industry threats and defense strategies

Your ICS security awareness training should be role-specific to maximize impact across End Users, Practitioners, and Leaders. Key roles include Process Engineers, Field Technicians, ICS/OT Programmers, and Network Architects. Engineering Operators and Owners also play critical roles. Security awareness must extend to ICS/OT and IT Security Teams, Vendors, Integrators, Contractors, Safety Teams (all who use and interact with or is responsible for ICS/OT), including leadership such as ICS/OT Security Leaders, VPs of Engineering, and CSOs. Each group needs tailored content based on their function and risk exposure.

Conclusion

As industrial control systems evolve with more connectivity, the risk to critical infrastructure from cyber adversaries grows in parallel. Security awareness in ICS/OT environments is no longer optional—it’s essential. By promoting a strong cybersecurity culture that supports safety, following proven practices, and encouraging cross-sector and cross-departmental collaboration, we can enhance resilience and safeguard critical operations. Purpose-built ICS/OT security awareness modules make it possible to deliver effective training, reduce human error, and track participation through quick, measurable knowledge checks—core components of any modern ICS/OT cybersecurity defense strategy.

Don’t wait for an incident to drive change—equip your ICS/OT teams now with the latest role-based awareness training. Explore the full program and lead your organization into a safer, more resilient future.

Related Training & Courses

• Learn more about the NEW SANS ICS Security Awareness Training content and modules.
• Learn more about the ICS418: ICS Security Essentials for Leaders course.
• Learn more about the ICS515: ICS Visibility, Detection, and Response course.