Cybersecurity Training for Industrial Control Systems

The United States Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (DHS ICS-CERT) Program is pleased to present a Cybersecurity for Industrial Control Systems regional training session at University of Akron campus.

Date: May 21 - 24, 2018

Venue:

University of Akron
School of Law
150 University Avenue
Akron, OH 44325

Maps

Venue and Parking

Who Should Attend?

This training is provided specifically for personnel responsible for the oversight, design and operation of control systems. This includes operators, engineers, IT personnel, supervisors and managers.

Course Descriptions:

*Note: Please select only ONE of the 202 courses presented on day 3 and day 4. If you live in town, please select day 4 if possible, to accommodate out-of-towners.

Monday, May 21, 2018, 8:00 am - 5:00 pm
Introduction to Control Systems Cybersecurity (Course 101):
Location - Brennan Courtroom - Room 180

This is an introductory course. The purpose of this course is to introduce students to the basics of industrial control systems security. This includes a comparative analysis of IT and control system architecture, security vulnerabilities, and mitigation strategies unique to the control system domain.

This course is split into four sections: (1) Cybersecurity Landscape: Understanding the Risks, (2) Industrial Control Systems Applications, (3) Current State of Cybersecurity in Industrial Control Systems, and (4) Practical Applications of Cybersecurity.

Tuesday, May 22, 2018, 8:00 am – 5:00 pm
Intermediate Cybersecurity for Industrial Control Systems, Part 1 Lecture Only (Course 201):
Location - Brennan Courtroom – Room 180

This course provides technical instruction on the protection of industrial control systems using offensive and defensive methods. In addition, this course is a prerequisite for the next course, Intermediate Control System Security-Part 2, which offers hands-on application of the concepts presented.

This course is split into four sections: (1) How to Control a Motor Ladder Logic Demonstration, (2) Network Discovery and Mapping, (3) Exploitation and Using Metasploit and (4) Network: Defense, Detection, and Analysis. The goal of our training today is to explain and demonstrate the use of the tools available on both Windows and Linux OSs and the Open Source Kali distribution.

Wednesday, May 23, 2018, 8:00 am - 5:00 pm
OR
Thursday, May 24, 2018, 8:00 am - 5:00 pm
Intermediate Cybersecurity for Industrial Control Systems, Part 2 with lab/exercises (Course 202):
Location – Room 280

This hands-on course is structured to help students understand exactly how to quantify and qualify what devices are connected to the ICS network. How attacks against process control systems could be launched and why they work and to provide mitigation strategies to increase the cyber security posture of their control systems networks.

This course provides a brief review of industrial control systems security and a demonstration of how an attacker can penetrate a company's cyber defenses, take advantage of misconfigurations and cyber vulnerabilities within the networks, and finally control and operate an ICS process. Because this course is hands-on, students will get a deeper understanding of how the various tools work. Implemented within our networks are sample process control environments that allow students to demonstrate exploits used for unauthorized control of the equipment which will aid them in understanding the causes of these vulnerabilities and recommend possible mitigation solutions. This network is also used during the many hands-on exercises that will help the students develop control systems cybersecurity skills that can be used to protect their control system environments.

This course is split into four sections: (1) ICS exploit demonstration, (2) Network Discovery and Mapping, (3) Exploitation and Using Metasploit and (4) Network: Defense, Detection, and Analysis. The goal of our training today is to give you an understanding of some key issues in cybersecurity related to industrial control systems.

Prerequisite: Every student attending this Intermediate Part 2 course must bring a laptop computer (no tablets) with wireless capability and a minimum of 8GB of RAM. A modified Kali distribution containing additions to support classroom exercises will be used during the course. Each student must arrive with a VMware® software virtualization package (Workstation, Player, or Fusion) installed on their laptop. You must have administrator privileges to install the VM player.

Registration

Please register for this training at: https://secure.inl.gov/REG0518/.

There are no course fees; DHS ICS-CERT is sponsoring the training. Attendees are responsible for all travel and lodging expenses.

Questions:

For additional information please email us at cssp_training@hq.dhs.gov