Industrial Control Systems Cybersecurity (301) Training

The United States Department of Homeland Security CISA (Cybersecurity and Infrastructure Security Agency) Program is pleased to sponsor ICS Cybersecurity (301) Training.

Conference Information


July 20 - July 24, 2020


Control Systems Analysis Center
765 Lindsay Boulevard Idaho Falls, Idaho

This event will provide hands-on training in discovering who and what is on the network, identifying vulnerabilities, learning how those vulnerabilities may be exploited, and learning defensive and mitigation strategies for ICS. The week includes a Red Team / Blue Team exercise that takes place within an actual control system environment. This training provides the opportunity to network and collaborate with other colleagues involved in operating and protecting control system networks.

Note that this course is not a deep dive into training on specific tools, control system protocols, control system vulnerability details or exploits against control system devices.

Who Should Attend?

Members of the industrial control systems community associated with IT and process control network operations and security (Operations Technology, OT), operations or management of critical infrastructure (CI) assets and facilities, as well as those who provide CI components and software development.

Structure and Agenda

This event consists of industrial control systems cybersecurity training and a Red Team / Blue Team exercise.

Monday, July 20th, 8:00 am - 5:00 pm

Welcome, overview of the DHS CISA Program, a brief review of cybersecurity for Industrial Control Systems, a demonstration showing how a control system can be attacked from the internet, and hands-on classroom training on Network Discovery techniques and practices.

Tuesday, July 21st, 8:00 am - 5:00 pm

Hands-on classroom training on Network Defense techniques and practices, and then separating into Red and Blue Teams.

Wednesday, July 22nd, 8:00 am - 5:00 pm

Hands-on classroom training on Metasploit and Network Exploitation, followed by Red and Blue Team strategy meetings.

Thursday, July 23rd, 7:00 am - 5:00 pm

An 8-hour exercise where participants are either attacking (Red Team) or defending (Blue Team) the control system environment. The Blue Team is tasked with providing the cyber defense for a corporate environment, while maintaining operations of a batch mixing plant, and an electrical distribution SCADA system.

Friday, July 24th, 8:00 am - 12:00 pm

Red Team / Blue Team exercise lessons learned and class room roundtable discussion.


Please register for this training at:

The class size is limited to approximately 40 people. Please note that priority is given to critical infrastructure asset owners, and operators. Every student attending this course should bring a laptop computer. A modified Kali distribution containing additions to support classroom exercises will be used during the week. Each student must arrive with a VMware® software virtualization package (Workstation, Player, or Fusion) installed on their laptop.

Cost to Attend

There is no cost to attend the training; however, travel expenses to and from and accommodations at Idaho Falls are the responsibility of each participant. Lunch will be provided at the training facility each day.

Handicap Access

This training will require attendees to climb a flight of stairs (~22 steps) to reach the second floor of the Control Systems Analysis Center where the classroom training and portions of the Red Team / Blue Team exercise are provided. The facility does not have an elevator or escalator.


For additional information and/or questions send an email to: