Register now for SANS Cyber Defense Initiative 2016 and save $400.

RSA Conference 2015

San Francisco, CA | Sun, Apr 19 - Wed, Apr 22, 2015

ICS Cybersecurity Overview with Hands-on Lab

The ICS RSAC course has been designed by ICS security experts to orient students to industrial control systems and provide a foundation for applying cyber security controls, practices, and technology. The course is designed to introduce students to the unique requirements of real-time systems and provide a model for defending industrial control systems in a manner that keeps the operational environment safe, secure, and resilient against current and emerging cyber threats.

Course Syllabus
Course Contents
  Section 1: ICS Overview, ICS Incident Handling

CPE/CMU Credits: 6

 
  Section 2: ICS Attack Surfaces

CPE/CMU Credits: 6

 
Additional Information
 
  Laptop Required

The ICS RSAC course consists of instruction and hands-on sessions. The lab sessions are designed to allow students to utilize the knowledge gained throughout the course in an instructor-led environment. Students will have the opportunity to install, configure, and use the tools and techniques that they have learned.

  • Laptop with available USB ports.
  • Laptop with DVD Reader.
  • Latest VMware Player, VMware Workstation, VWware Fusion installed. Other virtualization software such as Parallels or VirtualBox will probably work if the attendee is familiar with its functionality; however VMware Player should be prepared as a backup just in case.
  • Ability to disable all security software on their laptop such as Antivirus and/or firewalls
  • At least twenty (20) GB of hard drive space

At least four (4) GB of RAM

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

 
  Who Should Attend

The course is designed for the range of individuals who work in, interact with, or can affect industrial control system environments, including asset owners, vendors, integrators, and other third parties. These personnel primarily come from two domains:

  • IT (includes operational technology support)
  • IT security (includes operational technology security)
 
  Prerequisites
  • Course participants need to have a basic understanding of networking and system administration, TCP/IP, networking design/architecture, vulnerability assessment, and risk methodologies. ICS RSAC covers many of the core areas of security and assumes a basic understanding of technology, networks, and security. For those who are brand new to the field and have no background knowledge, SEC301: Intro to Information Security would be the recommended starting point. While SEC301 is not a prerequisite, it provides introductory knowledge that will help maximize a student's experience.
 
  Hands-on Training
  • Design and architect a secure industrial control system
  • Reconnaissance tactics
  • Authentication attacks
  • Spoofing control signals
  • Wireshark analysis
  • Incident response