homepage
Open menu

ICS418: ICS Security Essentials for Managers

Register Now
  • In Person (2 days)
  • Online
12 CPEs

The ICS418: ICS Security Essentials for Managers course empowers leaders responsible for securing critical infrastructure and operational technology environments. The course addresses the need for dedicated ICS security programs, the teams that run them, and the skills required to map industrial cyber risk to business objectives to prioritize safety. ICS418 will help you manage the people, processes, and technologies necessary to create and sustain lasting ICS cyber risk programs while promoting a culture of safety, reliability, and security.

Course Authors:
Dean Parsons
Dean Parsons
Certified Instructor
Jason D. Christopher
Jason D. Christopher
Certified Instructor
What You Will LearnSyllabusPrerequisitesLaptop RequirementsAuthor StatementTraining & Pricing

What You Will Learn

ICS security is an ever-changing field requiring practitioners to continually adapt defense strategies to meet new challenges and threats. To compound the issue, any security changes need to be thoroughly tested to maintain the safety and reliability of industrial operations.

Globally, "critical infrastructure" and "operators of essential services" represent hundreds of thousands - if not millions - of industrial organizations. Some of them are the lifelines to our modern society, like water, energy, food processing, and critical manufacturing - but every industrial facility deserves to know their process is secure and safe. With increased threats, new technology trends, and evolving workforce demands, it is vital for security managers in operational technology (OT) to be trained in techniques to defend their facilities and their teams.

The two-day ICS418 fills the identified gap amongst leaders working across critical infrastructure and OT environments. It equips new or existing managers responsible for OT/ICS, or converged IT/OT cybersecurity. The course provides the experience and tools to address industry pressures to manage cyber risk to prioritize the business - as well as the safety and reliability of operations. ICS leaders will leave the course with a firm understanding of the drivers and constraints that exist in these cyber-physical environments and will obtain a nuanced understanding of how to manage the people, processes, and technologies throughout their organizations.

You Will Be Able To:

  • Articulate the value of ICS security and tie cyber risk to business risk decisions
  • Trend current and future technology changes to address business needs
  • Measure successes in industrial cyber risk management, complete with metrics for executives and boards
  • Use best practices to enable ICS security incident detection and response for their teams
  • Leverage external information, including threat intelligence, to guide their ICS security program
  • Provide governance, oversight, execution, and support across industrial facilities for ICS security initiatives and projects
  • Apply the differences between IT and ICS security for an effective control system cyber security program
  • Develop their security workforce to address gaps in hiring, training, and retention
  • Apply advanced techniques to help shape and shift their organizations culture of security

This Course Will Prepare You To:

  • Develop ICS-specific cybersecurity programs and measure its impact across the organization
  • Use management and leadership skills to communicate your ICS security vision to executives and other leaders
  • Build (and keep) your ICS security team, using forecasting, capability modeling, and workforce planning
  • Assess the overall effectiveness of your organization's industrial cyber risk management program
  • Manage the various constraints across IT, OT, engineering, and physical security to improve your organization's culture

What You Will Receive

  • A SANS ICS418 Windows Virtual Machine which will be utilized during course labs to demonstrate various techniques in ICS cyber program assessments
  • Access to Cyber42: Industrial Edition for management-based skills development with applicable business oriented decision making
  • Editable leadership drills designed for students to build new strategy and program elements and continuing their development long after the course ends

Syllabus (12 CPEs)

Download PDF
  • Overview

    Industrial control systems (ICS) security managers must be able to create and sustain cybersecurity programs with challenging constraints. These leaders must be able to manage industrial cyber risks, plan for evolving technologies, and incorporate ICS-specific security standards. On the first day, students will learn the differences between traditional information technology (IT) and operational technology (OT) systems, as well as the associated threats, vulnerabilities, and potential impacts from ICS-specific cyber attacks. Once these elements of industrial cyber risk are established, students will explore using industry best practices, guidelines, and standards to assess and measure ICS security programs.

    Topics
    • Overview of ICS and Critical Infrastructure
    • Attack History & Modern Adversaries
    • Cybersecurity Risk, Impacts, Goals & Safety
    • ICS Technology Trends
    • IT and OT Security Differences
    • ICS Incident Response Management
    • Industrial Cyber Risk Management
    • ICS Policy, Frameworks, Regulations and Compliance
    • Strategy Planning & Tactical Priorities
  • Overview

    The second section of this course builds on the concepts around building an ICS security program and explores the workforce needs to manage the day-to-day tasks, planning, and reporting required to minimize cyber risk. Students will be equipped with a common understanding of the ICS security and safety culture, the skills required to perform various job functions, and both company-wide and team-specific security controls.

    Topics
    • Governance, Oversight, Execution, and Support
    • Dedicated ICS Security Efforts & Measuring Value
    • Organization Roles & Responsibilities
    • Key Performance Indicators
    • Building & Maturing Effective ICS Security Teams
    • Building & Maturing ICS Cyber Defense Programs
    • ICS Security Awareness & Safety Culture
    • Executive Metrics and Communications

Prerequisites

Students with backgrounds in IT, ICS, and/or management will do well with this course.

Students should also have:

  • A strong desire to lead people and manage processes to improve ICS security
  • Willingness to apply lab exercises and content to their unique industrial organization
  • The ability to stretch outside of their comfort zone

Laptop Requirements

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.

Host Operating System: Latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run VMware virtualization products described below. Note: Apple systems using the M1 processor cannot perform the necessary virtualization at this time and cannot be used for this course. It is necessary to fully update your host operating system prior to the class to ensure you have the right drivers and patches installed to utilize the latest USB 3.0 devices. Those who use a Linux host must also be able to access exFAT partitions using the appropriate kernel or FUSE modules. You also must have 8 GB of RAM or higher for the VM to function properly in the class, in addition to at least 60 gigabytes of free hard disk space.

Download and install either VMware Workstation Pro 15.5.x, VMware Player 15.5.x or Fusion 11.5.x or higher versions before class. If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their website.

Other virtualization software, such as VirtualBox and Hyper-V, are not appropriate because of compatibility and troubleshooting problems you might encounter during class.

VMware Workstation Pro and VMware Player on Windows 10 is not compatible with Windows 10 Credential Guard and Device Guard technologies. Please disable these capabilities for the duration of the class, if they're enabled on your system, by following instructions in this document.

Mandatory Laptop Hardware Requirements

  • x86- or x64-compatible 2.4 GHz CPU minimum or higher
  • USB Port
  • 8GB RAM or higher
  • 60 GB free hard drive space
  • Latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run VMware virtualization products described below.
  • VMWare Workstation, Fusion, or Player, as stated above
  • Wireless Ethernet 802.11 B/G/N/AC

Do not bring a laptop with sensitive data stored on it. SANS is not responsible if your laptop is stolen or compromised.

By bringing the right equipment and preparing in advance, you can maximize what you will learn and have a lot of fun.

Your course media will now be delivered via download. The media files for class can be large, some in the 10 - 20 GB range. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.

SANS has begun providing printed materials in PDF form. Additionally, certain classes are using an electronic workbook in addition to the PDFs. The number of classes using eWorkbooks will grow quickly. In this new environment, we have found that a second monitor and/or a tablet device can be useful by keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.

Author Statement

"Now, more than ever, it is important to train and equip ICS security leaders with the skills and knowledge they need to protect critical infrastructure. This course is the culmination of decades of experience in building and managing OT/ICS security teams - and it is the course we wish was available to us when we started on our ICS security journey. We've drawn across our roles in different industrial sectors and teams - as former company executives, team leads, incident responders, and managers - to create a course empowering leaders facing the greatest challenge of our time: industrial control system cybersecurity." - Jason D. Christopher & Dean C. Parsons

Ways to Learn

  • Live Online

The full SANS experience live at home! Get the ultimate in virtual, interactive SANS courses with leading SANS instructors via live stream. Following class, plan to kick back and enjoy a keynote from the couch.

  • In Person (2 days)

Did someone say ALL-ACCESS? On-site immersion via in-classroom course sessions led by world-class SANS instructors fill your day, while bonus receptions and workshops fill your evenings.

Who Should Attend ICS418?

ICS418 is aimed at managers of staff who are responsible for securing the day-to-day running of operational technology and industrial control system environments across an organization - this includes distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems. Managers of these teams often come from a diverse background with either a focus on management skills and minimal understanding of ICS environments, or technical individuals who rise in the ranks to a leader with minimal management skill development.

The course was designed to bridge the gap between those two skill sets, "raising the water level for all ships" when it comes to ICS security managers, including:

  • Manager asked to "Step-Over"

    • Traditional information technology (IT) security manager that must create, lead, or refine an ICS Security program

  • Practitioner to Manager: "Step-Up"

    • Industrial engineer, operator, or ICS security practitioner promoted to a manager position to create, lead, or refine an ICS security program

  • Manager Development: "In-Place"

    • An existing ICS security manager that is looking to further develop their leadership skills, specific to industrial security
See prerequisites

Related Programs

DoDD 8140
DoDD 8140 (0)
See how this and other SANS Courses and GIAC Certifications align with the Department of Defense Directive 8140.
Africa/Abidjan
Africa/Accra
Africa/Addis Ababa
Africa/Algiers
Africa/Asmara
Africa/Asmera
Africa/Bamako
Africa/Bangui
Africa/Banjul
Africa/Bissau
Africa/Blantyre
Africa/Brazzaville
Africa/Bujumbura
Africa/Cairo
Africa/Casablanca
Africa/Ceuta
Africa/Conakry
Africa/Dakar
Africa/Dar es Salaam
Africa/Djibouti
Africa/Douala
Africa/El Aaiun
Africa/Freetown
Africa/Gaborone
Africa/Harare
Africa/Johannesburg
Africa/Juba
Africa/Kampala
Africa/Khartoum
Africa/Kigali
Africa/Kinshasa
Africa/Lagos
Africa/Libreville
Africa/Lome
Africa/Luanda
Africa/Lubumbashi
Africa/Lusaka
Africa/Malabo
Africa/Maputo
Africa/Maseru
Africa/Mbabane
Africa/Mogadishu
Africa/Monrovia
Africa/Nairobi
Africa/Ndjamena
Africa/Niamey
Africa/Nouakchott
Africa/Ouagadougou
Africa/Porto-Novo
Africa/Sao Tome
Africa/Timbuktu
Africa/Tripoli
Africa/Tunis
Africa/Windhoek
America/Adak
America/Anchorage
America/Anguilla
America/Antigua
America/Araguaina
America/Argentina/Buenos Aires
America/Argentina/Catamarca
America/Argentina/ComodRivadavia
America/Argentina/Cordoba
America/Argentina/Jujuy
America/Argentina/La Rioja
America/Argentina/Mendoza
America/Argentina/Rio Gallegos
America/Argentina/Salta
America/Argentina/San Juan
America/Argentina/San Luis
America/Argentina/Tucuman
America/Argentina/Ushuaia
America/Aruba
America/Asuncion
America/Atikokan
America/Atka
America/Bahia
America/Bahia Banderas
America/Barbados
America/Belem
America/Belize
America/Blanc-Sablon
America/Boa Vista
America/Bogota
America/Boise
America/Buenos Aires
America/Cambridge Bay
America/Campo Grande
America/Cancun
America/Caracas
America/Catamarca
America/Cayenne
America/Cayman
America/Chicago
America/Chihuahua
America/Coral Harbour
America/Cordoba
America/Costa Rica
America/Creston
America/Cuiaba
America/Curacao
America/Danmarkshavn
America/Dawson
America/Dawson Creek
America/Denver
America/Detroit
America/Dominica
America/Edmonton
America/Eirunepe
America/El Salvador
America/Ensenada
America/Fort Nelson
America/Fort Wayne
America/Fortaleza
America/Glace Bay
America/Godthab
America/Goose Bay
America/Grand Turk
America/Grenada
America/Guadeloupe
America/Guatemala
America/Guayaquil
America/Guyana
America/Halifax
America/Havana
America/Hermosillo
America/Indiana/Indianapolis
America/Indiana/Knox
America/Indiana/Marengo
America/Indiana/Petersburg
America/Indiana/Tell City
America/Indiana/Vevay
America/Indiana/Vincennes
America/Indiana/Winamac
America/Indianapolis
America/Inuvik
America/Iqaluit
America/Jamaica
America/Jujuy
America/Juneau
America/Kentucky/Louisville
America/Kentucky/Monticello
America/Knox IN
America/Kralendijk
America/La Paz
America/Lima
America/Los Angeles
America/Louisville
America/Lower Princes
America/Maceio
America/Managua
America/Manaus
America/Marigot
America/Martinique
America/Matamoros
America/Mazatlan
America/Mendoza
America/Menominee
America/Merida
America/Metlakatla
America/Mexico City
America/Miquelon
America/Moncton
America/Monterrey
America/Montevideo
America/Montreal
America/Montserrat
America/Nassau
America/New York
America/Nipigon
America/Nome
America/Noronha
America/North Dakota/Beulah
America/North Dakota/Center
America/North Dakota/New Salem
America/Nuuk
America/Ojinaga
America/Panama
America/Pangnirtung
America/Paramaribo
America/Phoenix
America/Port-au-Prince
America/Port of Spain
America/Porto Acre
America/Porto Velho
America/Puerto Rico
America/Punta Arenas
America/Rainy River
America/Rankin Inlet
America/Recife
America/Regina
America/Resolute
America/Rio Branco
America/Rosario
America/Santa Isabel
America/Santarem
America/Santiago
America/Santo Domingo
America/Sao Paulo
America/Scoresbysund
America/Shiprock
America/Sitka
America/St Barthelemy
America/St Johns
America/St Kitts
America/St Lucia
America/St Thomas
America/St Vincent
America/Swift Current
America/Tegucigalpa
America/Thule
America/Thunder Bay
America/Tijuana
America/Toronto
America/Tortola
America/Vancouver
America/Virgin
America/Whitehorse
America/Winnipeg
America/Yakutat
America/Yellowknife
Antarctica/Casey
Antarctica/Davis
Antarctica/DumontDUrville
Antarctica/Macquarie
Antarctica/Mawson
Antarctica/McMurdo
Antarctica/Palmer
Antarctica/Rothera
Antarctica/South Pole
Antarctica/Syowa
Antarctica/Troll
Antarctica/Vostok
Arctic/Longyearbyen
Asia/Aden
Asia/Almaty
Asia/Amman
Asia/Anadyr
Asia/Aqtau
Asia/Aqtobe
Asia/Ashgabat
Asia/Ashkhabad
Asia/Atyrau
Asia/Baghdad
Asia/Bahrain
Asia/Baku
Asia/Bangkok
Asia/Barnaul
Asia/Beirut
Asia/Bishkek
Asia/Brunei
Asia/Calcutta
Asia/Chita
Asia/Choibalsan
Asia/Chongqing
Asia/Chungking
Asia/Colombo
Asia/Dacca
Asia/Damascus
Asia/Dhaka
Asia/Dili
Asia/Dubai
Asia/Dushanbe
Asia/Famagusta
Asia/Gaza
Asia/Harbin
Asia/Hebron
Asia/Ho Chi Minh
Asia/Hong Kong
Asia/Hovd
Asia/Irkutsk
Asia/Istanbul
Asia/Jakarta
Asia/Jayapura
Asia/Jerusalem
Asia/Kabul
Asia/Kamchatka
Asia/Karachi
Asia/Kashgar
Asia/Kathmandu
Asia/Katmandu
Asia/Khandyga
Asia/Kolkata
Asia/Krasnoyarsk
Asia/Kuala Lumpur
Asia/Kuching
Asia/Kuwait
Asia/Macao
Asia/Macau
Asia/Magadan
Asia/Makassar
Asia/Manila
Asia/Muscat
Asia/Nicosia
Asia/Novokuznetsk
Asia/Novosibirsk
Asia/Omsk
Asia/Oral
Asia/Phnom Penh
Asia/Pontianak
Asia/Pyongyang
Asia/Qatar
Asia/Qostanay
Asia/Qyzylorda
Asia/Rangoon
Asia/Riyadh
Asia/Saigon
Asia/Sakhalin
Asia/Samarkand
Asia/Seoul
Asia/Shanghai
Asia/Singapore
Asia/Srednekolymsk
Asia/Taipei
Asia/Tashkent
Asia/Tbilisi
Asia/Tehran
Asia/Tel Aviv
Asia/Thimbu
Asia/Thimphu
Asia/Tokyo
Asia/Tomsk
Asia/Ujung Pandang
Asia/Ulaanbaatar
Asia/Ulan Bator
Asia/Urumqi
Asia/Ust-Nera
Asia/Vientiane
Asia/Vladivostok
Asia/Yakutsk
Asia/Yangon
Asia/Yekaterinburg
Asia/Yerevan
Atlantic/Azores
Atlantic/Bermuda
Atlantic/Canary
Atlantic/Cape Verde
Atlantic/Faeroe
Atlantic/Faroe
Atlantic/Jan Mayen
Atlantic/Madeira
Atlantic/Reykjavik
Atlantic/South Georgia
Atlantic/St Helena
Atlantic/Stanley
Australia/ACT
Australia/Adelaide
Australia/Brisbane
Australia/Broken Hill
Australia/Canberra
Australia/Currie
Australia/Darwin
Australia/Eucla
Australia/Hobart
Australia/LHI
Australia/Lindeman
Australia/Lord Howe
Australia/Melbourne
Australia/NSW
Australia/North
Australia/Perth
Australia/Queensland
Australia/South
Australia/Sydney
Australia/Tasmania
Australia/Victoria
Australia/West
Australia/Yancowinna
Brazil/Acre
Brazil/DeNoronha
Brazil/East
Brazil/West
CET
CST6CDT
Canada/Atlantic
Canada/Central
Canada/Eastern
Canada/Mountain
Canada/Newfoundland
Canada/Pacific
Canada/Saskatchewan
Canada/Yukon
Chile/Continental
Chile/EasterIsland
Cuba
EET
EST
EST5EDT
Egypt
Eire
Etc/GMT
Etc/GMT+0
Etc/GMT+1
Etc/GMT+10
Etc/GMT+11
Etc/GMT+12
Etc/GMT+2
Etc/GMT+3
Etc/GMT+4
Etc/GMT+5
Etc/GMT+6
Etc/GMT+7
Etc/GMT+8
Etc/GMT+9
Etc/GMT-0
Etc/GMT-1
Etc/GMT-10
Etc/GMT-11
Etc/GMT-12
Etc/GMT-13
Etc/GMT-14
Etc/GMT-2
Etc/GMT-3
Etc/GMT-4
Etc/GMT-5
Etc/GMT-6
Etc/GMT-7
Etc/GMT-8
Etc/GMT-9
Etc/GMT0
Etc/Greenwich
Etc/UCT
Etc/UTC
Etc/Universal
Etc/Zulu
Europe/Amsterdam
Europe/Andorra
Europe/Astrakhan
Europe/Athens
Europe/Belfast
Europe/Belgrade
Europe/Berlin
Europe/Bratislava
Europe/Brussels
Europe/Bucharest
Europe/Budapest
Europe/Busingen
Europe/Chisinau
Europe/Copenhagen
Europe/Dublin
Europe/Gibraltar
Europe/Guernsey
Europe/Helsinki
Europe/Isle of Man
Europe/Istanbul
Europe/Jersey
Europe/Kaliningrad
Europe/Kiev
Europe/Kirov
Europe/Lisbon
Europe/Ljubljana
Europe/London
Europe/Luxembourg
Europe/Madrid
Europe/Malta
Europe/Mariehamn
Europe/Minsk
Europe/Monaco
Europe/Moscow
Europe/Nicosia
Europe/Oslo
Europe/Paris
Europe/Podgorica
Europe/Prague
Europe/Riga
Europe/Rome
Europe/Samara
Europe/San Marino
Europe/Sarajevo
Europe/Saratov
Europe/Simferopol
Europe/Skopje
Europe/Sofia
Europe/Stockholm
Europe/Tallinn
Europe/Tirane
Europe/Tiraspol
Europe/Ulyanovsk
Europe/Uzhgorod
Europe/Vaduz
Europe/Vatican
Europe/Vienna
Europe/Vilnius
Europe/Volgograd
Europe/Warsaw
Europe/Zagreb
Europe/Zaporozhye
Europe/Zurich
GB
GB-Eire
GMT
GMT+0
GMT-0
GMT0
Greenwich
HST
Hongkong
Iceland
Indian/Antananarivo
Indian/Chagos
Indian/Christmas
Indian/Cocos
Indian/Comoro
Indian/Kerguelen
Indian/Mahe
Indian/Maldives
Indian/Mauritius
Indian/Mayotte
Indian/Reunion
Iran
Israel
Jamaica
Japan
Kwajalein
Libya
MET
MST
MST7MDT
Mexico/BajaNorte
Mexico/BajaSur
Mexico/General
NZ
NZ-CHAT
Navajo
PRC
PST8PDT
Pacific/Apia
Pacific/Auckland
Pacific/Bougainville
Pacific/Chatham
Pacific/Chuuk
Pacific/Easter
Pacific/Efate
Pacific/Enderbury
Pacific/Fakaofo
Pacific/Fiji
Pacific/Funafuti
Pacific/Galapagos
Pacific/Gambier
Pacific/Guadalcanal
Pacific/Guam
Pacific/Honolulu
Pacific/Johnston
Pacific/Kiritimati
Pacific/Kosrae
Pacific/Kwajalein
Pacific/Majuro
Pacific/Marquesas
Pacific/Midway
Pacific/Nauru
Pacific/Niue
Pacific/Norfolk
Pacific/Noumea
Pacific/Pago Pago
Pacific/Palau
Pacific/Pitcairn
Pacific/Pohnpei
Pacific/Ponape
Pacific/Port Moresby
Pacific/Rarotonga
Pacific/Saipan
Pacific/Samoa
Pacific/Tahiti
Pacific/Tarawa
Pacific/Tongatapu
Pacific/Truk
Pacific/Wake
Pacific/Wallis
Pacific/Yap
Poland
Portugal
ROC
ROK
Singapore
Turkey
UCT
US/Alaska
US/Aleutian
US/Arizona
US/Central
US/East-Indiana
US/Eastern
US/Hawaii
US/Indiana-Starke
US/Michigan
US/Mountain
US/Pacific
US/Samoa
UTC
Universal
W-SU
WET
Zulu
Filters:
Training Formats
      Location
      Dates

      Register for ICS418

      Loading...