Cybersecurity Training for Industrial Control Systems

The United States Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) in cooperation with Lincoln Electric System is pleased to present Cybersecurity for Industrial Control Systems regional training sessions.

Conference Information


April 06 - April 09, 2020


Lincoln Electric System
2620 Fairfield Street
Lincoln, NE 68501

Who Should Attend?

This training is provided specifically for personnel responsible for the oversight, design and operation of control systems. This includes operators, engineers, IT personnel, supervisors, emergency managers, and managers.


Monday, April 6th, 8:00 am - 5:00 pm
Introduction to Control Systems Cybersecurity (Course 101)

The purpose of this course is to introduce students to the basics of industrial control systems security. This includes a comparative analysis of IT and control system architecture, security vulnerabilities, and mitigation strategies unique to the control system domain.

Tuesday, April 7th, 8:00 am - 5:00 pm
Intermediate Cybersecurity for Industrial Control Systems, Part 1 Lecture Only (Course 201)

This course provides technical instruction on the protection of industrial control systems using offensive and defensive methods. Students will understand how cyber-attacks could be launched, why they work, and mitigation strategies to increase the cybersecurity posture of their control system. Demonstrations will include the use of software tools to establish a baseline of your network(s), and to monitor and analyze its traffic.

Wednesday, April 8th OR Thursday, April 9th, 8:00 am - 5:00 pm, students will select 1 track or the other

DateTrack 1Track 2
Wednesday Intermediate Cybersecurity, Part 2 (202) Hands-on CyberStrike
Thursday CyberStrike Intermediate Cybersecurity, Part 2 (202) Hands-on

Intermediate Cybersecurity for Industrial Control Systems, Part 2 (202) Hands-on
Because this course is hands-on, students will get a deeper understanding of how the various tools work. Accompanying this course is a sample process control network that demonstrates exploits used for unauthorized control of the equipment and mitigation solutions. This network is also used during the course for the many hands-on exercises that will help the students develop control systems cybersecurity skills they can apply when they return to their jobs.

* Prerequisite: Every student attending the Intermediate Part 2 (202) course must bring a laptop computer (no tablets) with wireless capability (to connect to the exercise networks) and a minimum of 8GB of RAM.

A modified Kali distribution containing additions to support classroom exercises will be used during the course.

Each student must arrive with a VMware® software virtualization package (Workstation, Player, or Fusion) installed on their laptop. You must have administrator privileges to install the VM player.

CyberStrike: – Lessons learned and walkthrough of the Black Energy attack on the Ukraine [No laptop required]
This exercise is designed to provide the opportunity to address key issues through a series of interactive discussion-based activities. With focus on: policies, procedures, background checks, access controls, privilege levels, media protections, network defense in depth, and effective information sharing.


Please register for this training at:

There are no course fees; DHS CISA is sponsoring this training. Attendees are responsible for all travel, food, and lodging expenses.


For additional information please contact Greg Hollingsead, DHS/CISA, Protective Security Advisor, at 402-981-8970 or email