Cybersecurity Training for Industrial Control Systems

The United States Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) is pleased to present Cybersecurity for Industrial Control Systems regional training session.

Conference Information


September 09 - September 12, 2019


Deer Island Wastewater Treatment Facility
190 Tafts Ave.
Winthrop, MA 02152


Parking is available at no cost at the Venue. Access to the facility will require a valid driver’s license or other government issued photo identification.

Who Should Attend?

This training is provided specifically for personnel responsible for the oversight, design and operation of control systems. This includes operators, engineers, IT personnel, supervisors and managers.


Note: Please select only ONE of the 202 courses presented on Wednesday or Thursday, you will be auto-enrolled for the Table Top Exercise course on the alternate day.

Monday, September 9th, 8:00 am - 5:00 pm
Introduction to Control Systems Cybersecurity (Course 101)
Location – RT Class Room

This is an introductory course. The purpose of this course is to introduce students to the basics of industrial control systems security. This includes a comparative analysis of IT and control system architecture, security vulnerabilities, and mitigation strategies unique to the control system domain.

This course is split into four sections:
1. Cybersecurity Landscape: Understanding the Risks
2. Industrial Control Systems Applications
3. Current State of Cybersecurity in Industrial Control Systems
4. Practical Applications of Cybersecurity.

Tuesday, September 10th, 8:00 am - 5:00 pm
Intermediate Cybersecurity for Industrial Control Systems, Part 1 Lecture Only (Course 201)
Location – RT Class Room

This course provides technical instruction on the protection of industrial control systems using offensive and defensive methods. In addition, this course is a prerequisite for the next course, Intermediate Control System Security-Part 2, which offers hands-on application of the concepts presented.

This course is split into four sections:
1. How to “Control a Motor” Ladder Logic Demonstration
2. Network Discovery and Mapping
3. Exploitation and Using Metasploit
4. Network: Defense, Detection, and Analysis.

The goal of our training today is to explain and demonstrate the use of the tools available on both Windows and Linux OSs and the Open Source, INL modified, Kali distribution.

Wednesday, September 11th, 8:00 am - 5:00 pm OR Thursday, September 12th, 8:00 am - 5:00 pm

Intermediate Cybersecurity for Industrial Control Systems, Part 2 with lab/exercises (Course 202) – RT Class Room
This hands-on course is structured to help students understand exactly how to quantify and qualify what devices are connected to the ICS network. How attacks against process control systems could be launched and why they work and to provide mitigation strategies to increase the cyber security posture of their control systems networks.

This course provides a brief review of industrial control systems security and a demonstration of how an attacker can penetrate a company's cyber defenses, take advantage of misconfigurations and cyber vulnerabilities within the networks, and finally control and operate an ICS process. Because this course is hands-on, students will get a deeper understanding of how the various tools work. Implemented within our networks are sample process control environments that allow students to demonstrate exploits used for unauthorized control of the equipment which will aid them in understanding the causes of these vulnerabilities and recommend possible mitigation solutions. This network is also used during the many hands-on exercises that will help the students develop control systems cybersecurity skills that can be used to protect their control system environments.

This course is split into four sections:
1. ICS exploit demonstration
2. Network Discovery and Mapping
3. Exploitation and Using Metasploit
4. Network: Defense, Detection, and Analysis.

The goal of our training today is to give you an understanding of some key issues in cybersecurity related to industrial control systems.

Table Top Exercise – Pump Room
This exercise is designed to provide the opportunity to address key issues through a series of interactive discussion based activities. With focus on; policies, procedures, background checks, access controls, privilege levels, media protections, network defense in depth, and effective information sharing.


Every student attending this Intermediate Part 2 course must bring a laptop computer (no tablets) with wireless capability and a minimum of 8GB of RAM.

A modified Kali distribution containing additions to support classroom exercises will be used during the course.

Each student must arrive with a VMware® software virtualization package (Workstation, Player, or Fusion) installed on their laptop.

You must have administrator privileges to install the VM player.


Please register for this training at:

There are no course fees; DHS ICS-CERT is sponsoring the training. Attendees are responsible for all travel, food, and lodging expenses.


For additional information please email us at