homepage
Open menu
Go one level top
  • Train and Certify
    • Overview
    • Get Started in Cyber
    • Courses
    • GIAC Certifications
    • Training Roadmap
    • OnDemand
    • Live Training
    • Summits
    • Cyber Ranges
    • College Degrees & Certificates
    • Scholarship Academies
    • NICE Framework
    • Specials
  • Manage Your Team
    • Overview
    • Group Purchasing
    • Why Work with SANS
    • Build Your Team
    • Hire Cyber Talent
    • Team Development
    • Private Training
    • Security Awareness Training
    • Leadership Training
    • Industries
  • Resources
    • Overview
    • Internet Storm Center
    • White Papers
    • Webcasts
    • Tools
    • Newsletters
    • Blog
    • Podcasts
    • Posters & Cheat Sheets
    • Summit Presentations
    • Security Policy Project
  • Focus Areas
    • Cyber Defense
    • Cloud Security
    • Digital Forensics & Incident Response
    • Industrial Control Systems
    • Cyber Security Leadership
    • Offensive Operations
  • Get Involved
    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    • About SANS
    • Our Founder
    • Instructors
    • Mission
    • Diversity
    • Awards
    • Contact
    • Frequently Asked Questions
    • Customer Reviews
    • Press
  • SANS Sites
    • GIAC Security Certifications
    • Internet Storm Center
    • SANS Technology Institute
    • Security Awareness Training
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Protect Control Systems and Critical Infrastructure with GRID
370x370_Dean-Parsons.jpg
Dean Parsons

Protect Control Systems and Critical Infrastructure with GRID

GIAC Response and Industrial Defense (GRID) is a must-have certification for ICS/SCADA/OT professionals.

September 3, 2021

GIAC_GRID.png

ICS515: Practical Experience and GRID Certification

One of our main goals as SANS Certified Instructors is to deliver course content in a way that ensures maximum retention of knowledge and inject as much real-world experience as possible. This makes the content even more applicable to what’s happening in the industry right now, providing practical security takeaways that are immediately actionable.

Beyond those core goals, it is critical to prepare students for the GIAC Certification associated with ICS515. This helps professionals demonstrate their knowledge and gives confidence to team supervisors that they have team members with the appropriate skillsets to carry out security and defensive tasks with confidence.

When teaching the Industrial Control Systems Security course ICS515: ICS Visibility, Detection, and Response, one of the most frequently asked questions I get is: “Should I take the GIAC exam and become GRID-certified?”

What Is the GRID? 

GIAC Response and Industrial Defense (GRID) is a must-have certification for ICS/SCADA/OT professionals who want to demonstrate their knowledge of Active Cyber Defense strategies specific to industrial control system (ICS) networks and environments. It is common for professionals working or looking to work or consult in these areas to earn their GRID certification. The graph below shows some of the critical roles supported by the GRID.

Image_1.png


ICS Incident Response Team Leads, Members - Those who know the control systems and directly execute the specific ICS incident response steps, which go beyond traditional IT cyber security incident response steps.

ICS and Operations Technology Security Personnel - Engineering or other staff who design control network architecture and integrate systems into the control environment for secure industrial protocol communications, with appropriate network segmentation and reliability.

IT Security Professionals - Those responsible for or contributing to the safety and reliability of control system operations through security efforts focusing on the traditional components of the industrial environment.

Security Operations Center (SOC) Team Leads and Analysts - Leaders and technical analysts in control system security operations that directly review, triage and respond to cyber threats within an industrial control system network.

ICS Red Team and Penetration Testers - Those who discover the ICS risk surface and attack vectors with the purpose of identification of vulnerabilities, attack paths, and providing solutions to minimizing those cyber risks, while supporting the safety and reliability of engineering system operations.

Active Defenders - Cyber security resources who are proactively involved with control system security who preempt attacks to control networks through various vectors by understanding the control systems, protocols, and threat vectors. These resources utilize cyber threat intelligence for control systems to make changes to the environment prior to an attack or work to reduce the impact of an attack by quickly changing the nature of a threat, or the systems during an incident.

Tools Used in ICS515: ICS Visibility, Detection, and Response

In ICS515, students will gain experience with a variety of tools specific to ICS environments, including Shodan, Security Onion, tcpdump, Wireshark, tshark, Snort, Bro, SGUIL, ELSA, Volatility, Redline, FTK Imager, PDF analyzers, and malware sandboxes, among others. Students will build a hardware Programmable Logic Controller (PLC) supplied in class, deconstruct Advanced Persistent Threat attacks through real-world scenarios from SANS Cyber City, and examine data from a Distributed Control System (DCS) environment infected with Malware. Students will be able to use the practical steps of ICS Active Cyber Defense Cycle they learn in the course as soon as they get back to work!

ICS515: ICS Visibility, Detection, and Response Outline

The class content will prepare students for the GRID exam. Once the course is completed, four months are allotted for additional study, including two practice exams provided through the SANS and GIAC portals. The main learning objectives of ICS515 include but are not limited to those highlighted in the graph below:

Image_2.png


Considerable time is devoted executing and applying the phases of the ICS ACDC (Active Cyber Defense Cycle) throughout the course:

  1. Threat Intelligence
  2. Asset Identification & Network Security Monitoring
  3. Industrial Incident Response
  4. Threat & Environment Manipulation

Picture3.png


Where to Use What You Learn by Taking ICS515 and Earning the GRID

The skills obtained through ICS515 and by earning the GRID certification prepare professionals to prioritize safety when implementing active cyber defense and industrial incident response across all industrial control system sectors, including critical infrastructure, as outlined below.

Critical Infrastructure and Control System Sectors

Chemical Sector

Commercial Facilities Sector

Communications Sector

Critical Manufacturing Sector

Dams Sector

Defense Industrial Base Sector

Emergency Services Sector

Energy Sector

Financial Services Sector

Food and Agriculture Sector

Government Facilities Sector

Healthcare and Public Health Sector

Information Technology Sector

Nuclear Reactors, Materials, and Waste

Transportation Systems

Water and Wastewater Systems


Why You Should Consider the GRID

Interacting with control systems is commonplace, whether by flipping on a light, pumping gas, or pouring water from a tap – all daily activities in the modern world that rely on industrial control and critical infrastructure systems. Increasingly, however, adversaries have been targeting these systems, with impacts that have serious safety and environmental risks.

If you are new to ICS/OT Security or already contributing to a program, the GRID certification is for you. In a world that is seeing increasingly sophisticated and impactful industrial incidents, the GRID helps level the playing field. 

GRID-certified professionals have demonstrated they have the skills to help protect this critical infrastructure that modern society now relies upon. GRID gives ICS defenders the technical and strategic skills for the Active Defense of industrial control systems.


Guidance to Prepare for Your GRID Certification

The GRID Certification requires students to complete a one on-book proctored exam with 75 multiply-choice questions within a two-hour time limit. The minimum passing score is 74 percent. More detailed information on the GRID can be found here: https://www.giac.org/certification/response-industrial-defense-grid

Join Me in Class for ICS515!

As a practitioner in the ICS security community, I enjoy helping people move forward with their careers and strengthen their skills and passion to protect ICS critical infrastructure. ICS515 features tons of hands-on and real-world technical exercises and scenarios. Students will collect data from an intrusion into SANS Cyber City as well as from a Distributed Control System infected with malware. And there’s more! Students will dissect network captures from a variety of ICS facilities, including a system they’ll build and run in the class. Spoiler alert – there will be attacks and malware affecting the ICS that will drive us to industrial incident response specific to ICS networks and systems.

Join me in class as I guide you through the content, help prepare you for your GRID Certification, and share key knowledge from the field drawing on experiences across electric power systems, oil & gas refining, storage, distribution, manufacturing, and ICS system assessments. We will deconstruct modern ICS cyber-attacks, identify and counter threats, and use ICS incident response procedures to maintain the safety and reliability of ICS operations.

I am a SANS Certified ICS Instructor and the sixth person in the world to earn the GIAC GRID – I am GRID Analyst #6.


REGISTER TO TAKE AN UPCOMING RUN OF ICS515 WITH DEAN
  • Dean will be teaching ICS515 at SANS Dallas: Virtual Edition 2021 in October.
MORE INFORMATION ON:
  • GIAC GRID 
  • Dean’s ICS Community Contributions and Bio
  • ICS515: ICS Visibility, Detection, and Response
  • Join the SANS ICS Community Forum - Tips, tricks, and Q & A to secure your ICS! 
Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kingdom of Saudi Arabia
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia (Slovak Republic)
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

Tags:
  • Industrial Control Systems Security

Related Content

Blog
340x340-Blog-8-Reasons_ICS-2022[46].jpg
Industrial Control Systems Security
May 5, 2022
8 Reasons You Don’t Want to Miss SANS ICS Security Summit & Training 2022
ICS Security Summit & Training kicks off June 1. Register today.
SANS ICS
read more
Blog
ICS_Blog_Series-_A_Look_into_ICS-Part_22.jpg
Industrial Control Systems Security
April 4, 2022
A Look Into ICS612: ICS Cybersecurity In-Depth: Part 2
In OT security, you'll eventually be placed in an environment where you'll face the pressures of dealing with a process that's not responding.
370x370_jeffrey-shearer.jpg
Jeffrey Shearer
read more
Blog
Untitled_design-43.png
Digital Forensics and Incident Response, Cybersecurity and IT Essentials, Industrial Control Systems Security, Purple Team, Open-Source Intelligence (OSINT), Penetration Testing and Ethical Hacking, Cyber Defense, Cloud Security, Security Management, Legal, and Audit
December 8, 2021
Good News: SANS Virtual Summits Will Remain FREE for the Community in 2022
They’re virtual. They’re global. They’re free.
Emily Blades
read more
  • Register to Learn
  • Courses
  • Certifications
  • Degree Programs
  • Cyber Ranges
  • Job Tools
  • Security Policy Project
  • Posters & Cheat Sheets
  • White Papers
  • Focus Areas
  • Cyber Defense
  • Cloud Security
  • Cyber Security Leadership
  • Digital Forensics
  • Industrial Control Systems
  • Offensive Operations
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kingdom of Saudi Arabia
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia (Slovak Republic)
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe
  • © 2022 SANS™ Institute
  • Privacy Policy
  • Contact
  • Careers
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn