Control Systems Security Program (CSSP)
Training available through CSSP
For a list of upcoming training events see the CSSP Calendar.
Web-based Training
The following summary level courses are available for on-line training:
OPSEC for Control Systems
Cyber Security for Control Systems Engineers & Operators
Instructor Led format - Introductory Level
Control Systems Cyber Security Who Needs It? (1 hour)
Introduction to Control Systems Security for the IT Professional (8 hours)
Instructor Led format - Intermediate Level
Solutions for Process Control Security (4 hours)
Hands-on format - Intermediate Technical Level
Intermediate Control Systems Security (8 hours)
Hands-on format - Advanced Technical Level
Control Systems Cyber Security Advanced Training and Workshop (1 week)
The Control Systems Security Program provides training courses and workshops at various industry association events. These courses are packed with up-to-date information on cyber threats and mitigations for vulnerabilities. If your organization would like to learn more about training opportunities, please contact cssp_training@hq.dhs.gov.
Instructor Led format - Introductory Level
Control Systems Cyber Security Who Needs It? (1 hour)
This course turns on the proverbial light bulb for many people as they realize that cyber security is as important as physical security. Some say that seeing is believing, so this course goes through a cyber attack, step by step, that takes control of a process control system. A short video shows the process an attacker could take to compromise the control of a manufacturing process (without the operator knowing about it). The course focuses on solutions aimed at mitigating this type of attack while providing a general overview of the control systems environment. Common vulnerabilities that have been found in virtually every system that the Control Systems Security Program has assessed are discussed and solutions for preventing exploits and detecting intrusions are presented. Email cssp_training@hq.dhs.gov to request this training at your event or venue.
Instructor Led format - Introductory Level
Introduction to Control Systems Security for the IT Professional (8 hours)
This course is directed to those with IT Security responsibilities or background but have no previous experience in critical infrastructure control systems and their relationship to modern IT networks.
Four training sessions will guide attendees from basic definitions, components, and protocols to the major applications and architectures within critical infrastructure (CI) and key resources (KR). Control system network architectures, cyber threats and vulnerabilities, and mitigations will be presented. Current and emerging government and industry activities that are addressing the issue of risk reduction will be discussed. Email cssp_training@hq.dhs.gov to request this training at your event or venue.
Instructor Led format - Intermediate Level
Solutions for Process Control Security (4 hours)
The Solutions for Process Control Security training is a fast-paced course covering general control systems cyber security challenges. The training objectives include helping participants understand how attacks against control systems can be launched, identifying targets of opportunity, and providing mitigation strategies. Participants will gain an understanding on how to increase the cyber security posture of their control systems networks. Email cssp_training@hq.dhs.gov to request this training at your event or venue.
Hands-on format - Intermediate Technical Level
Intermediate Control Systems Security (8 hours)
This hands-on course is structured to help students understand exactly how attacks against process control systems could be launched and why they work and to provide mitigation strategies to increase the cyber security posture of their control systems networks.
Because this course is hands-on, students will get a deeper understanding of how the various tools work. Accompanying this course is a sample process control network that demonstrates exploits used for unauthorized control of the equipment and mitigation solutions. This network is also used during the course for the many hands-on exercises that will help the students develop control systems cyber-security skills they can apply when they return to their jobs.
Every student attending this course must have a laptop computer that they can configure and bring to the class. All students in the class should have basic coding skills and a fairly deep understanding of network details, from UDP to TCP, from MAC to IP. Email cssp_training@hq.dhs.gov to request this training at your event or venue.
Top
Hands-on format - Advanced Technical Level
Control Systems Cyber Security Advanced Training and Workshop (1 week)
This event provides intensive hands-on training on protecting and securing control systems from cyber attacks, including a very realistic Red Team / Blue Team exercise that is conducted within an actual control systems environment. It also provides an opportunity to network and collaborate with other colleagues involved in operating and protecting control systems networks. A sample process control network is used to demonstrate exploits and to give the student actual hands-on experience. The red team / blue team exercise provides a friendly competition as the red team tries to attack the control system and the blue team works to defend against the cyber attacks. Finally, a debriefing highlights lessons learned from the red team, the blue team, and an overall perspective provided by cyber security experts who monitor and score the activities of the red and blue teams.
Note: This training course is only available at the Control Systems Analysis Center in Idaho Falls, Idaho.
Email cssp_training@hq.dhs.gov for more information.