Security Training ▸ ICS/SCADA

ICS/SCADA Training

Get your hands on real devices that are used in the industrial settings

#ICS/OTvulnerabilities

#PLC&HMI

#RF

#BadUSB

#BadDNS

What is ICS/SCADA Training?

As internet and automation is adapted in the industrial world, ICS/SCADA systems are mandatory nowadays. Daily-used automation systems such as elevator, automated doors and big facilities such as nuclear powerplants and dams are all vulnerable to hacking, and it may result in economical loss.

As if Iran experienced Stuxnet incident, which Uranium facility was attacked, industrial systems and automated machines are open to the hackers. In this course, you can simulate various hacking scenarios on the testbed and may understand how hackers attack the industrial systems. By doing so, you will be able to secure your own ICS/SCADA system!

Who should take this course?

OT Engineers

Automated Facility
Security Manager

ICS/SCADA system
managers

Network Managers

Security Professionals

IT Technicians

Why ICS/SCADA Training?

Security Threats on ICS/SCADA facilities

Increasing importance of safety and security design for industrial facilities

Understanding vulnerabilities of ICS/OT Systems

Tracking hackers and unauthorized user’s attack paths

Preventing automated machines from getting hacked

Strengthening IT & OT Security in facilities

Curriculum

Day 1

[ICS/SCADA Overview]

1. OT/ICS Security Trends
– Introducing Various cyber attacks and attack paths

2. Intro. To ICS/SCADA
– Looking into ICS/SCADA in Cyber Security perspective

3. Comparing with IT Security
– New technologies, new threats

[The ICS/OT Reconnaissance]

1. Introduction
– OSINT Approach

2. Case Studies

3. OSINT Methodologies for ICS/OT

1. Finding attack paths using OSINT tools (e.g. Censys & Shodan)
2. OSINT Monitoring with DarkTracer

Lab

[IEC 62443 Standards]

1. Introducing International Standards for OT cybersecurity
– Understanding OT cybersecurity standardization
– Case studies

2. Overview of IEC 62443 Standards
– Components of IEC 62443 and its application to the real world

3. Details of IEC 62443 3-3 Standards
– Understanding Intentions, Requirement and Expectations of IEC 62443

[Advanced Attacks on ICS Vulnerabilities] - Part 1

1. Fuzzing & Exploit Overview
– Vulnerabilities of current systems and software
– Understanding fuzzing and exploits
– Real life Scenarios and Attack Cases Studies

Day2

[PLC/HMI Programming - Basic] - Part 1

1. Overview of PLC Simulation
– Intro. to PLC
– Intro. to HMI

2. PLC/HMI Attack Scenarios
– Understanding normal behavior of PLC/HMI operation
– Understanding the causes of accidents of the automation device

3. Ladder Logic Programming
– intro. To Runway control system scenario

1. PLC/HMI Configuration
2. PLC Ladder Logic Programming

Lab

[PLC/HMI Programming - Basic] - Part 2

1. Runway HMI Configuration
– Understanding the components of Runway control system HMI

1. PLC/HMI Simulation
2. Connecting HMI Simulation and PLC

Lab

[PLC/HMI Programming - Basic] – Part 3

1. Runway HMI Configuration
– Understanding the components of Runway control system HMI

2. Attacking the program to resimulate the accident
– Understanding attacker’s intention and cause of the accident

1. Ladder Logic Programming
2. Downloading HMI Screen
3. Runway Operation and attack

Lab

[PLC/HMI Programming - Advanced] – Part 1

1. Overview of ICS Protocols
– Understanding how PLC works (Advanced)
– Application to ICS Network

2. ICS Network – Basics

3. PLC ↔️ HMI Packet Analysis
– How to capture Packet
– Understanding how Packet communication works (Advanced)

[PLC/HMI Programming - Advanced] – Part 2

1. Analyzing ICS Protocols
– Introducing various ICS Protocols

2. Modulation Attacks on ICS Protocols
– The vulnerabilities of ICS Protocols
– ICS Protocols Attack Methodology

3. Malware Injection
– Understanding attack scenarios
– Different types of tools for Malware Injection

1. Analyzing S7 Comm Plus packet and attacking vulnerabilities
2. Tempering ICS Protocols

Lab

Day3

[Air Gap Bypass Techniques] – Part 1

1. Airgap Bypassing Overview
– Intro. To Closed Network
– Understanding Airgap Bypassing of IoT Devices

2. Intro. to Bad USB
– Vulnerabilities, attack path, attack methodology, Real-life cases

1. Creating Bad USB
2. Attacking the target device using Bad USB

Lab

[Air Gap Bypass Techniques] – Part 2

1. Intro, to Bad DNS
– Understanding how DNS works
– DNS Tunneling

2. Bad DNS attack scenarios
– Bad DNS attack and defense

[Radio Frequency Attack] - Part 1

1. RF Attack Overview
– Case Studies
– Preparation for RF attack

2. Tools for RF Attack
– Introducing various tools for RF attack

[Radio Frequency Attack] - Part 2

1. RF Signal Detection, Regeneration, Tampering, Resending
– Radio Frequency Wireless Signal
– Capturing and analyzing the wireless signal from the remote controller

2. Attacks on Model Cranes
– Various scenarios

1. Capturing wireless signals using HackRF
2. Replay Attack
3. Jamming Signals
4. Analyzing the signal

Lab

Tools

Simulations, TestBed, Hardware
RA-T Runway, RA-T Crane, RA-T SFPCS, RA-T SmartCity, HackRF, P4wnP1, Teensy

Programs and Software
VMWare Workstation, Siemens TIA Portal, Shodan, Censys, DarkTracer, Python, WireShark

Prerequisites

Basic knowledge on cyber security

Linux OS & Kali Linux

Python Basics

Network Vulnerability Analysis

Instructors

Louis Hur

CEO

Ocean Moon

Head of RedAlert Lab

JunYong Park

Researcher

SunHo Lee

Chief Researcher

SungHun Do

Researcher

DongHyun Kim

Researcher

Rana Jose

Researcher

Louis Hur

CEO

Ocean Moon

Head of RedAlert Lab

JunYong Park

Researcher

SungHun Do

Researcher

SunHo Lee

Chief Researcher

DongHyun Kim

Researcher

Rana Jose

Researcher

Training Kit

Airport Runway Simulations

RA-T RUNWAY V1.0

Runway simulation is equipped with Siemens PLC and HMI units. The operation of runway guidance lights is inserted into the units via Siemens Tia Portal program.

Crane

RA-T Crane

This model of industrial crane operates with radio frequency, which can demonstrate related mock attack and incident situation.

SmartCity

RA-T SmartCity

Railway system, power plants, airport runways, digital billboards and such infrastructures with different systems and protocols are installed in the Smart City diorama.

SFPCS

RA-T SFPCS

Spent Fuel Pool Cooling System, a.k.a SFPCS, visualizes the neutralization incident of cooling system in a nuclear power plant.

Reviews

Corporate Trainee (South Korea)

ICS/SCADA (Offline)

I finally got a chance to work on the devices such as PLC/HMI that I couldn’t encounter before. And especially the TA were a great help. Thank you so much for the wonderful experience.

Government Trainee (South Korea)

ICS/SCADA (Offline)

Frankly speaking, It was the best training that I have ever had! I think I got a really good understanding of ICS/SCADA security through the training, and the training kit was very helpful, too.

Government Trainee (Japan)

ICS/SCADA (Online)

I had no problem with Hands-on training even though it was an online training. I really enjoyed the training overall, but one thing that I liked the most is that all the hands-on scenarios were based on the real-life cases. I was able to experience the ICS/SCADA through this training.

Corporate Trainee (Singapore)

ICS/SCADA (Online)

This training became a good introduction to the ICS for me. And I loved every activity I had during the training. The instructors and staffs were very passionate, and they never hesitated to help when I am in need.

Videos

Notice

NSHC provides following items for your convenience.

1) Laptop
We provide laptop with software that you will need for hands-on training.

2) Textbook
All the learning materials will be provided in form of a textbook.

3) Training fee
Lunches and snacks are included in your training fee.
Transportation, accommodation, and dinner are excluded.

4) Certificate of Completion
We give the certificate of completion to those who finish the training.

Location

18th ICS/SCADA Training (Singapore)

<Park Avenue Rochester> 31 Rochester Dr, Singapore 138637

19th ICS/SCADA Training (Republic of Korea)

<SKY31> 300, Olympic-ro, Songpa-gu, Seoul, Republic of Korea

Registration and Payment

There are two ways to pay the training fee: PayPal or bank transfer.

You may select preferred payment method when submitting the registration form.
We will assist you after your registration form is received.

If you have any question regarding the payment, please contact us at training@nshc.net.

Refund Policy

You may receive a full refund without a penalty if you make cancellation a week prior to the training.
Or, you will be charged for 10% cancellation fee.

Cancellation made until [8 days] before the training : fully refundable
Cancellation made within [7 days ~ the day of training]: 10% cancellation fee is charged.
Refund policy may be changed without a notice.

Security Training ▸ ICS/SCADA