ICS security is a security framework that protects these systems against accidental or intentional risks. The SANS ICS Curricula provides hands-on training courses focused on Attacking and Defending ICS environments. These courses equip both security professionals and control system engineers with the knowledge and skills they need to safeguard our critical infrastructures.

ICS Security Analyst

Acquires and manages resources, supports, and performs key industrial security protection while adhering to safety and engineering goals.
  • ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

    Certification:  Global Industrial Cyber Security Professional (GICSP)

  • The ICS456: Essentials for NERC Critical Infrastructure Protection course empowers students with knowledge of the what and the how of the version 5/6/7 standards. The course addresses the role of the Federal Energy Regulatory Commission (FERC), North American Electric Reliability Corporation (NERC), and Regional Entities, provides multiple approaches for identifying and categorizing BES Cyber Systems, and helps asset owners determine the requirements applicable to specific implementations.


    Certification: 
    GIAC Critical Infrastructure Protection (GCIP)

    • ICS515: ICS Visibility, Detection, and Response will help you gain visibility and asset identification in your Industrial Control System (ICS)/Operational Technology (OT) networks, monitor for and detect cyber threats, deconstruct ICS cyber attacks to extract lessons learned, perform incident response, and take an intelligence-driven approach to executing a world-leading ICS cybersecurity program to ensure safe and reliable operations. Note: This class was previously named ICS515: ICS Active Defense and Incident Response. The course has gone through a significant update changing much of the content, most of the labs, and adding a day in course length.

      Certification: 
      GIAC Response and Industrial Defense (GRID)

    • ICS612 is an in-classroom lab setup that move students through a variety of exercises that demonstrate how an adversary can attack a poorly architected ICS and how defenders can secure and manage the environment. Representative of a real ICS environment, the classroom setup includes a connection to the enterprise, allowing for data transfer (i.e., Historian), remote access, and other typical corporate functions.

    ICS Security Architect

    Ensures control system network security compliance and best practises for control networks.
    • ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

      Certification: Global Industrial Cyber Security Professional (GICSP)
    • ICS612 is an in-classroom lab setup that move students through a variety of exercises that demonstrate how an adversary can attack a poorly architected ICS and how defenders can secure and manage the environment. Representative of a real ICS environment, the classroom setup includes a connection to the enterprise, allowing for data transfer (i.e., Historian), remote access, and other typical corporate functions.

    ICS Security Incident Responder

    Executes specific industrial incident response for incidents that threaten or impact control system networks and assets, while maintaining the safety and reliability of operations.
    • ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

      Certification: Global Industrial Cyber Security Professional (GICSP)
    • The ICS418: ICS Security Essentials for Managers course empowers leaders responsible for securing critical infrastructure and operational technology environments. The course addresses the need for dedicated ICS security programs, the teams that run them, and the skills required to map industrial cyber risk to business objectives to prioritize safety. ICS418 will help you manage the people, processes, and technologies necessary to create and sustain lasting ICS cyber risk programs while promoting a culture of safety, reliability, and security.

    • The ICS456: Essentials for NERC Critical Infrastructure Protection course empowers students with knowledge of the what and the how of the version 5/6/7 standards. The course addresses the role of the Federal Energy Regulatory Commission (FERC), North American Electric Reliability Corporation (NERC), and Regional Entities, provides multiple approaches for identifying and categorizing BES Cyber Systems, and helps asset owners determine the requirements applicable to specific implementations.


      Certification:
      GIAC Critical Infrastructure Protection (GCIP)
    • ICS515: ICS Visibility, Detection, and Response will help you gain visibility and asset identification in your Industrial Control System (ICS)/Operational Technology (OT) networks, monitor for and detect cyber threats, deconstruct ICS cyber attacks to extract lessons learned, perform incident response, and take an intelligence-driven approach to executing a world-leading ICS cybersecurity program to ensure safe and reliable operations. Note: This class was previously named ICS515: ICS Active Defense and Incident Response. The course has gone through a significant update changing much of the content, most of the labs, and adding a day in course length.

      Certification:
      GIAC Response and Industrial Defense (GRID)

    • ICS612 is an in-classroom lab setup that move students through a variety of exercises that demonstrate how an adversary can attack a poorly architected ICS and how defenders can secure and manage the environment. Representative of a real ICS environment, the classroom setup includes a connection to the enterprise, allowing for data transfer (i.e., Historian), remote access, and other typical corporate functions.

    ICS Security Manager

    Builds and maintains business relationships with engineering staff and C-suite stakeholders by communicating and managing cyber-to- physical risks while reducing security risk to engineering operations and simultaneously prioritising safety.
    • The ICS418: ICS Security Essentials for Managers course empowers leaders responsible for securing critical infrastructure and operational technology environments. The course addresses the need for dedicated ICS security programs, the teams that run them, and the skills required to map industrial cyber risk to business objectives to prioritize safety. ICS418 will help you manage the people, processes, and technologies necessary to create and sustain lasting ICS cyber risk programs while promoting a culture of safety, reliability, and security.

    • The ICS456: Essentials for NERC Critical Infrastructure Protection course empowers students with knowledge of the what and the how of the version 5/6/7 standards. The course addresses the role of the Federal Energy Regulatory Commission (FERC), North American Electric Reliability Corporation (NERC), and Regional Entities, provides multiple approaches for identifying and categorizing BES Cyber Systems, and helps asset owners determine the requirements applicable to specific implementations.

      Certification: GIAC Critical Infrastructure Protection (GCIP)

    Process Control Engineering

    Tests, programs, troubleshoots, and oversees changes of existing processes or implements new engineering processes through the deployment and operations of engineering systems and automation devices.
    • ICS410: ICS/SCADA Security Essentials provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

      Certification: Global Industrial Cyber Security Professional (GICSP)
    • ICS612 is an in-classroom lab setup that move students through a variety of exercises that demonstrate how an adversary can attack a poorly architected ICS and how defenders can secure and manage the environment. Representative of a real ICS environment, the classroom setup includes a connection to the enterprise, allowing for data transfer (i.e., Historian), remote access, and other typical corporate functions.