Training Available Through CISA

July 07, 2022 | Admin |

An official website of the United States government Here's how you know

Web - Based Training available on the CISA Virtual Learning Portal

We offer several online training courses via the CISA Training Virtual Learning Portal (VLP). Topics include:

Operational Security (OPSEC) for Control Systems (100W) - 1 hour Differences in Deployments of ICS (210W-1) – 1.5 hours Influence of Common IT Components on ICS (210W-2) – 1.5 hours Common ICS Components (210W-3) – 1.5 hours Cybersecurity within IT & ICS Domains (210W-4) – 1.5 hours Cybersecurity Risk (210W-5) – 1.5 hours Current Trends (Threat) (210W-6) – 1.5 hours Current Trends (Vulnerabilities) (210W-7) – 1.5 hours Determining the Impacts of a Cybersecurity Incident (210W-8) – 1.5 hours Attack Methodologies in IT & ICS (210W-9) – 1.5 hours Mapping IT Defense-in-Depth Security Solutions to ICS - Part 1 (210W-10) – 1.5 hours Mapping IT Defense-in-Depth Security Solutions to ICS - Part 2 (210W-11) – 1.5 hours Industrial Control Systems Cybersecurity Landscape for Managers (FRE2115) - 1 hour

Access the CISA VLP for more information and to register for and complete the courses. There are no tuition costs for these courses.

Instructor Led Training

Introduction to Control Systems Cybersecurity (101) - 4 hrs Intermediate Cybersecurity for Industrial Control Systems (201) - 8 hrs Intermediate Cybersecurity for Industrial Control Systems (202) - 8 hrs ICS Cybersecurity (301V) ICS Cybersecurity (301L) - 4 days ICS Evaluation (401) - 4 days ICS Evaluation (401V)

CISA program training events consist of 'regional' training courses and workshops at venues in various locations in addition to the 4-day training events held in Idaho Falls, Idaho. Refer to the CISA calendar for a schedule of these training options. Note that all CISA training courses are presented with no tuition cost to the attendee.

Scheduled training is on the CISA Calendar

Note: Training personnel do not possess proprietary interest in any product, instrument, device, service or material discussed in these courses or in any course materials.

This course introduces students to the basics of Industrial Control Systems (ICS) cybersecurity. This includes a comparative analysis of IT and ICS architectures, understanding risk in terms of consequence, security vulnerabilities within ICS environments, and effective cyber risk mitigation strategies for the Control System domain.

After attending this course, you will be able to:

A Certificate of Completion will be provided at the conclusion of the course. This course is IACET accredited, awarding attendees Continuing Education Units (CEUs) upon completion.

This course is presented at regional venues in various locations throughout the year. If the course has an open enrollment, it will be posted to the CISA calendar. There is no tuition cost to the attendee for this training.

This course builds on the concepts learned in the Introduction to ICS Cybersecurity (101) course. This course provides technical instruction on the protection of Industrial Control Systems using offensive and defensive methods. Attendees will recognize how cyber attacks are launched, why they work, and mitigation strategies to increase the cybersecurity posture of their Control System networks. In addition, this course acts as a prerequisite for the next course, Intermediate Cybersecurity for Industrial Control Systems (202), which offers hands-on application of concepts presented.

After attending this course, you will be able to:

A Certificate of Completion will be provided at the conclusion of the course. This course is IACET accredited, awarding attendees Continuing Education Units (CEUs) upon completion.

This hands-on course is structured to help students recognize how attacks against Process Control Systems can be launched, why they work, and provides mitigation strategies to increase the cyber security posture of their Control Systems networks.

This course provides a brief review of Industrial Control Systems security. This includes a comparative analysis of IT and control system architectures, security vulnerabilities, and mitigation strategies unique to the Control System domain. Because this course is hands-on, students will get a deeper understanding of how the various tools work. Accompanying this course is a sample Process Control network that demonstrates exploits used for unauthorized control of the equipment and mitigation solutions. This network is also used during the course for the hands-on exercises that will help the students develop Control Systems cybersecurity skills they can apply in their work environment.

Note that this course is not a deep dive into training on specific tools, Control System protocols, Control System vulnerability details or exploits against Control System devices.

This course is split into five sessions: (1) Industrial Control System Overview, (2) Network Discovery and Mapping, (3) Exploitation and Using Metasploit, (4) Network Attacks and Exploits, (5) Network Defense, Detection, and Analysis

After attending this course, you will be able to:

A Certificate of Completion will be provided at the conclusion of the course. This course is IACET accredited, awarding attendees Continuing Education Units (CEUs) upon completion.

IMPORTANT CHANGES TO THE 301 COURSE: In an effort to make the 301 course more accessible to industry professionals, it has been divided into two offerings; 301V and 301L. The 301V is a self-paced online course that is accessed through the CISA Virtual Learning Portal (VLP). The 301V contains approximately 12 hours of instructional material and is a prerequisite to the 301L. The 301L is a four-day instructor-led hands-on lab that is taught at a training facility in Idaho Falls, Idaho, USA. This course has a full day capstone activity dedicated to a Red Team versus Blue Team exercise. More information on each course can be found below.

This course provides an online virtual training based on understanding, protecting, and securing Industrial Control Systems (ICS) from cyber-attacks. In order to understand how to defend IT and OT systems, trainees will learn about common cyber vulnerabilities and the importance of understanding the environment they are tasked to protect. Learning the weaknesses of systems will enable trainees to identify mitigation strategies, policies, and programs that will provide the defense-in-depth needed to ensure a more secure ICS environment.

The online course consists of pre-recorded videos compiled into five main learning sessions:

Note that this course is not a deep dive into training on specific tools, Control System protocols, Control System vulnerability details, or exploits against Control System devices. The 301V designation is simply a course number and has no reference to a “300 level” college course.

This course serves as a primer and is a mandatory prerequisite course to the in-person 301L class. A comprehensive exam with questions from each section will test the learners understanding of the principles taught. A passing score of at least 80% is required to be considered as an attendee in the 301L class. Although completion of the 301V course, along with a passing score on the associated assessment, is required to attend the in-person 301L it does not guarantee attendance. Acceptance to the 301L is subject to review.

The 301V course is IACET accredited, and attendees will be awarded Continuing Education Units (CEUs) and receive a certificate upon completion of the sessions and a passing score of 80% or above on the end of course exam.

Prerequisites:

Refer to the CISA calendar for a schedule of this training option.There is no tuition cost to the attendee for this training.

The 301L is an instructor-led companion course to the 301V. This course provides hands-on training for understanding, protecting, and securing Industrial Control Systems (ICS) from cyber-attacks and includes a red team versus blue team exercise conducted within an actual Control Systems environment. Attendees will get an instructor-led hands-on experience with open-source operating systems and security tools such as Kali Linux and Security Onion. Attendees will also use their cyber skills along with tools covered in the 301V to solve a series of cyber escape rooms. In addition, the training provides the opportunity to network and collaborate with other colleagues involved in operating and protecting Control System networks.

Note that this course is not a deep dive into training on specific tools, Control System protocols, Control System vulnerability details or exploits against Control System devices. The 301L designation is simply a course number and has no reference to a “300 level” course.

This course consists of hands-on activities correlated with the five sessions covered in the 301V, followed by a red team versus blue team exercise and a brief discussion of the lessons learned.

Prerequisites:

This course is presented at a facility in Idaho Falls, Idaho, USA configured specifically for the aspects of the course.

The 301L course is IACET accredited and attendees will be awarded Continuing Education Units (CEUs) and receive a certificate upon completion.

Refer to the CISA calendar for a schedule of this training option. There is no tuition cost to the attendee for this training.

This instructor-led 5-day course provides hands-on training on how to analyze, evaluate, and document the cybersecurity posture of an organization’s Industrial Control Systems (ICS) for the purpose of identifying recommended changes. Specifically, the course will utilize a multi-step repeatable process, within a simulated ICS environment, that teaches how to analyze cybersecurity weaknesses and threats, evaluate and map findings, document potential mitigations, and provide ongoing resolutions to strengthen the cybersecurity posture.

This course is also intended to increase awareness of how a threat related to the Industrial Control System translates into a threat to business operations, either directly through the ICS or indirectly via network connections. Attendees will come to more fully appreciate that most businesses have numerous support processes and systems controlled by, or otherwise dependent on, an Industrial Control System.

At the completion of this course attendees will have the basic skills necessary to conduct a self-evaluation of their organization’s ICS, develop mitigation strategies for vulnerabilities, and a tool to create new or update existing cybersecurity plans. Attendees will leave with a template that can be used for evaluating the cybersecurity posture at their workplace.

At the end of this course, attendees will be able to:

Prerequisites:

A certificate of completion will be provided at the conclusion of the course. This course is IACET accredited, awarding attendees Continuing Education Units (CEUs) upon completion.

This course may be presented at regional venues in various locations throughout the year. Refer to the CISA calendar for a schedule of this training option. There is no tuition cost to the attendee for this training.

Completion of 301/301V is NOT a prerequisite for this course.

The 401V course provides training on analyzing and doing a self-evaluation on an Industrial Control Systems (ICS) network to determine its defense status and what changes need to be made.

The purpose of the course is to provide hands-on training analyzing, evaluating, and documenting the cybersecurity posture of an ICS system for internal and/or external recommended changes. Specifically, this course will utilize a repeatable process within a simulated ICS environment to analyze cybersecurity weaknesses and threats, evaluate and map findings, and document potential mitigations. Trainees will leave with a template that can be used for evaluations at their workplace.

The online course consists of pre-recorded videos and hands-on activities compiled into sessions by our instructional staff:

Plan on dedicating around 15-20 hours over the two-week period to complete the online course. Hands-on activities may be additional time. Participants can go through the sessions at their own pace during the week, but the sessions must be completed in order. In other words, each session must be completed before the next session will be available for viewing. Hands-on activities using NetLab can be completed at any time. All videos and hands-on activities must be completed by the closing date. If you do not or cannot complete the course in the allotted time frame, you may register for the next available 401 course to finish the videos and hands-on labs.

A certificate of completion and CEUs will be offered to those who complete all sessions of the course.

If at any time you have questions or input for the course, please email [email protected].

Who Should attend:

Individuals who are responsible for evaluating or influencing the cybersecurity posture of critical infrastructure. This could include any of a number of specific roles and responsibilities such as cybersecurity management, risk management personnel, IT and control system (OT) security personnel, network engineers, OT engineers and managers. This class is geared towards small to medium sized companies with no OT risk management personnel but personnel from large business are welcome also.

Refer to the CISA calendar for a schedule of this training option.There is no tuition cost to the attendee for this training.

(888)282-0870

Send us email

Download PGP/GPG keys

Receive security alerts, tips, and other updates.

CISA is part of the Department of Homeland Security