Become a Certified Industrial Cybersecurity Professional (CICP)
This is the best ICS Security course that you can find anywhere
- Self paced, modular online e-learning course that you can start now
- Free exam and certification when you take the course and pass. Earn the CICP title that you can display against your name.
- Easy to understand with graphics, animations and exercises- it is not just a video of some guy talking.
- Covers IEC 62443 standards
- Cost Effective
Learn all about ICS Cyber Security and become a Certified Industrial Cybersecurity Professional
Take this this Abhisam online course now and learn all about ensuring Industrial Control System security, SCADA security and Safety Instrumented System security.
After completing the course and passing the exam and assignment, you can become a Certified Industrial Cybersecurity Professional (CICP).
Industrial Control Systems, referred to as ICS for short, include control systems such as DCS, PLC, SCADA based systems as well as Safety Instrumented Systems (SIS). They are the crucial systems that control industrial plants & machinery and keep them safe.
Where are Industrial Control Systems (ICS) used?
Not only manufacturing plants, but also critical infrastructure (such as the Electrical Grid, pipelines, power generation , water distribution and other utilities) as well as control and automation systems used in the Marine industry (such as on ships and inside ports), railways, nuclear power, thermal power, renewable power generation and many more places make extensive use of automation and safety systems which are collectively known as Industrial Automation Control Systems (IACS). They are also referred to as OT (Operational Technology). Protecting these systems from cyber attacks is known as OT security.
This is distinct from IT security, which is the technology used to protect Information Technology systems such as Banking, Stock Market systems, currency trading systems or corporate ERP systems.
ICS network and control systems also include Building automation systems, Transportation related control systems (for example Railway signaling systems, ship control systems and so on) as well as Defense related installations.
Why is OT Security important?
Today the biggest threats facing a control system is from the cyber domain. Typically many manufacturing plants and critical infrastructure that exists today was built many years ago. At that time a typical control system was not built for resilience against malicious attacks and even today many of these ICS environments, use older operating systems for their Human Machine interface (Operator and Engineering stations). Many times the Industrial Control System in an older plant, may run on a very old operating system, which may be difficult to upgrade and patch.
When malicious entities target and attack your control system then you may not only
Lose your Intellectual Property (stealing batch recipes, setpoints, process data, production figures, yield ratios) that are stored in the ICS environments.
Put your Assets at risk (the breached Industrial Control systems may execute unwanted actions that can cause fires, explosions and environmental damage)
- Damage your organization’s reputation and market capitalization
Run afoul of the law
You may need to prepare an incident response protocol that will take these above into account.
Key Benefits of the Course
Earn Certificates and Badges
“I am working in one of the world’s leading EPC company , engaged in the Cement and Mining industry. We purchased the ICS CYBER SECURITY TRAINING & CERTIFICATION e-learning courses. I found this course to be very informative and easy to understand. I and my colleagues completed the course successfully and got the certificates and badges. I personally recommend this course whoever interested to learn about Industrial Control System Cybersecurity.
I wish success for Abhisam team for their great work.”
D. Anbudurai , FLSmidth
Free Industrial Cybersecurity Report
Download the Abhisam Industrial Cybersecurity report now. No sign up required.
Who should take this course?
This course can be taken by anybody wishing to learn about OT Security. You need to know the basics of computer system networks. The following roles will find this especially useful:
- Instrument, Control Systems or Automation Engineers with experience in industry.
- IT security professionals who wish to expand their domain into OT security.
- IT professionals who wish to know about OT security.
Take a look below at the small sample of an animation from the course that explains automation of manual operations.
Choose from any of the versions. Scroll below to see complete contents.
StandardFor one learner
- Course Duration: 60 hours of self paced learning (Earn 60 PDH)
- Access the course online 24/7 via any device for one year
- Exam & Certification as CICP for one learner
- Course Completion Certificate for one learner
ProfessionalFor one learner
- Everything in Standard plus
- Includes additional Advanced modules such as IEC 62443-2-4 compliance & Supply chain security
- Access the course for 3 years.
Get Trial Access to all Abhisam courses, including this Industrial Cybersecurity course for $7. You will NOT be billed automatically after trial ends.
Table of Contents
Overview of Industrial Automation & Control Systems (DCS/PLC/SCADA/SIS)
Introduction to Industrial Control Systems
Industrial Control Systems Application Areas
Cyber physical systems
Evolution of Industrial Control Systems
Single Loop Controller architecture
Control Room & Field
Analog Electronic Signals
Point to Point Architecture
DDC to DCS
DCS as a group of controllers
DCS Connection to field devices
Programmable Logic Controllers
Safety Instrumented Systems
Typical Industrial Control System Architecture
Basic Concepts of Cybersecurity
Brute Force Attacks
Public and Private Keys
Locking and Unlocking
Public Key Cryptography
Defense in Depth
Role of Malware
Understanding malware delivery
Threats & Vulnerabilities
Types of Trojans
Command & Control
Firewall Basic Working
Classes of Firewalls
Deep Packet Inspection Firewalls
Intrusion Detection Systems
Denial of Service
Distributed Denial of Service
Telephonic Denial of Service
Threats to IACS
Threats to IACS
IACS Threat Severity
Insecure by design
Use of COTS
Skill Levels needed
Lack of awareness
Four Steps to an Attack
Insecure Connections & Firewalls
Fake Updates and Pirated Software
Devices and Software with Vulnerabilities
Cross Site Scripting
Zero Day Exploits
IACS Attack Categories
ICS Targeted attacks
Attack Sequence of Events
Man in the middle attack
MITM in ICS
Denial of Service
IACS Security Standards
ISA99- Purdue Model
IEC 62443 Standard
Zones, Conduits and Security Levels
Chlorine Loading Example
Security Level Types
Cybersecurity Management System & Incident Response
ISA Secure Scheme
IEC 61508 implementations
IEC 61511- More clauses
Risk Assessment & Risk Management
ABC Industries Risk Assessment
Risk Assessment & Mitigation
Non Safety Consequences
Risk Assessment Process
Security Vulnerability Analysis
Initial Risk Assessment
Second Risk Assessment
Learn in detail about Stuxnet, the most infamous Industrial Cyberattack till date. This is a must know module for security professionals.
Implementing IACS Security
This module will have several parts that form the Abhisam IACS Security Lifecycle as below:
1.People, Policies, Procedures & Standards.
- Roles & Responsibilities
- Use Least Privilege
- Privilege Escalation
- Recommended Practices
- Technical Reports
- Which Standards to use
- IEC 62443, NIST 800-82 and NERC CIP
2. Hazard and Risk Assessment
- Overfill Prevention System
- OPS Vulnerability
- Risk Assessment Techniques
- Risk Matrix based techniques
- Types of Risk Matrices
- Security Vulnerability Analysis
3. Asset Inventory Management
- What are IACS Assets
- Other IACS related systems
- Software tools
- Asset Monitoring
- Sample format
4. Training & Competency Management
- Training IACS related personnel
- Types of training
- Competency Management
5. Secure Architecture, Devices, Configuration and Software coding practices
- Secure Architecture
- Firewalls and Unidirectional Gateways-1
- Firewalls & UGWs-2
- How unidirectional gateways work
- Internet facing devices
- Portable IACS Devices
- Vendor brought portable IACS devices
- Secure configuration
- Secure software
- Top 20 coding practices for PLCs
6. Intrusion Detection & Prevention
- Intrusion Detection Methods
- Intrusion Detection System (IDS)
- Anomaly detection
- Hybrid detection technique
- Example IDS working
- Other signs of intrusion
- Perimeter security
7. Event Logging & Analysis
- What is event logging in IACS
- Importance of ICS event logs
- Trigger events
- Clocks and Time stamping systems
- Time synchronization and Network Time Protocol (NTP)
- Time servers
- IACS Event logging coverage
- Log access Permissions
- Data Historians
8. Incident Response
- Incident Response capability
- Incident Response Planning
- Incident Response organization
- Integration with site Emergency Plan
- Incident Response Team composition
- Incident Response Team Roles and Responsibilities
- Incident Response Policy
- Incident Response Procedures
- Incident Recognition
9. Backup & Restore
- Why separate IACS Backup and Recovery
- IACS Backup and Recovery Plan
- Disaster Management
- Automated backups
- Backup Testing
- Backup before patching
- Backup after patching
- Backup services from IACS vendors
- Backup locations
- Vulnerabilities in automatic backup systems
- Case Study- Automatic Backup System vulnerability
10. Patch Management & Testing
- History of IACS patching
- Current state of IACS patching
- Patching Vulnerabilities
- Patch creation
- Why patch management?
- IEC 62443-2-3 patch management
- Setting up an organization
- Which devices to patch
- Tracking new patches
- Support lifecycle
- Patch applicability
- Patch authenticity verification
- Patch deployment
- IACS Vendor supported automated patch management
- Testing the patch deployment
- When patches cannot be applied
- Compensating Controls
Advanced Industrial Cybersecurity Modules-1
These are essential to know for security professionals and are in Standard as well as Professional versions
Understanding the Cyber Kill Chain for ICS security
Understanding the MITRE ATT&CK Matrix
Other ICS device search engines like Shodan
Self Assessment for Advanced Module
Advanced Industrial Cybersecurity Modules-2
These are available only in the Professional version
- IEC 62443-2-4 compliance- A How To module for Automation vendors, system integrators & asset owners
- Supply Chain Cybersecurity (Coming Soon)
- CHAZOP as a Risk Assessment tool for ICS Security (Coming Soon)
Be part of the Abhisam Cybersecurity Thriller!
Be part of the Red Team or Blue Team in this exercise that involves a manufacturing process and a control system.
(Coming Soon )
Before you take the Certification Exam you can take this mock test for practice.
Still Have Questions? No Problem, Here's A List Of Our Most Frequently Asked Questions (FAQ).
What is this? Is it just a power point presentation?
No, it is NOT a power point presentation at all! It is a full fledged, comprehensive e-learning course that we call as an XPRTU. It has text, graphics, animations, videos, exercises that form a complete learning course.
How do I get Certified as a CICP?
Simply take the Abhisam online exam within the validity of the license period and complete the assignment. On passing the exam and on acceptance of the assignment, you get an Electronic Certificate (pdf) as well as a Badge that you can display online on places such as LinkedIn or Facebook.
Do I have to take the exam and assignment?
Only if you wish to qualify as a CICP. If you do not wish, you can always opt to receive a Certificate of Course completion.
What does the $7 trial include?
The $7 trial includes trial access to ALL the courses in the Abhisam Catalog for a limited time.
After the trial is over you can choose to either buy an individual course OR subscribe to the GOLD or PLATINUM membership plans.
Your card will not be billed automatically.
Which versions are available?
This course is available as either Standard version, Professional version, or as part of the Abhisam GOLD membership level.
The Standard version allows you to access the course online from any device (PC/tablet/smartphone) that has an internet connection and a browser that supports HTML 5 (such as Mozilla Firefox, Google Chrome, Internet Explorer, Microsoft Edge, Opera, etc). You can access the course for a period of one year, within which you need to take the exam and complete the assignment to earn a Certificate (electronic) and the designation of CICP. You will also earn an electronic badge that can be displayed online on LinkedIn and similar portals.
The Professional version allows you to access the course for a period of 3 years. Additionally, you also get access to some more advanced modules.
The content in the Standard and Professional versions is the same, except that the Professional version has some additional advanced modules.
What is the Enterprise version?
This is meant for organizations with 10 or more learners. Contact Us for pricing.
What is the Abhisam GOLD membership?
When you subscribe to the Abhisam GOLD membership, you get access to all the courses in the Abhisam Catalog, by paying just one low monthly subscription. You can also get a free certification exam every month. If you are interested in taking a bunch of courses, then the GOLD membership gives you an affordable plan to do this. This is available to individuals only.
What is the Abhisam Platinum membership?
This is meant for organizations with multiple learners. When you subscribe to the Abhisam Platinum membership, your learners get access to all the courses in the Abhisam Catalog, by paying just one low Enterprise yearly subscription. You can also get a free certification exam every month. Additionally you also get a Dashboard where your Training Manager can see the progress of the learners, such as learner module completion, login times, test scores, etc.
What is the ordering process?
When you click on the Buy Now button, you will be taken to the Fast Spring secured payment site. Ordering is completely secure. You can pay online by either Credit Card or wire transfer/manual order. Note that you will get the license key to activate only after payment is approved.
Still Have Questions?
No Problem. Contact Us by filling the form below and we will get back to you.
Free Industrial Cybersecurity White Papers
What is ICS Security?
Over the past few years there has been a growing interest in the subject of ICS Security. ICS stands for Industrial Control Systems. These systems are of various types such as DCS (Distributed Control Systems), SCADA (Supervisory Control and Data Acquisition Systems), PLCs (Programmable Logic Controllers) and SIS (Safety Instrumented Systems). Sometimes ICS security is also referred to as SCADA Security or Industrial Control System security.
Contact Us by filling the form below OR call us OR email