Become a Certified Industrial Cybersecurity Professional (CICP)

This is the best ICS Security course that you can find anywhere

    • Self paced, modular online e-learning course that you can start now
    • Free exam and certification when you take the course and pass. Earn the CICP title that you can display against your name.
    • Easy to understand with graphics, animations and exercises- it is not just a video of some guy talking.
    • Covers IEC 62443 standards
    • Highly Cost Effective for professionals as compared to similar certification programs by other providers

Demo will open in new window. Please allow Autoplay in your browser.

Learn all about ICS Cyber Security and become a Certified Industrial Cybersecurity Professional

Take this Abhisam online course now and learn all about ensuring Industrial Control System security, SCADA security and Safety Instrumented System security.

After completing the course and passing the exam and assignment, you can become a Certified Industrial Cybersecurity Professional (CICP).

Industrial Control Systems, known as ICS for short, include control systems such as DCS, PLC, SCADA based systems, as well as Safety Instrumented Systems (SIS). They are the crucial systems that control industrial plants & machinery and keep them safe. They do not include IT (Information Technology) systems such as ERP or MIS.

Where are Industrial Control Systems (ICS) used?

These ICS are used in many industries. Manufacturing plants, critical infrastructure  (such as the Electrical Grid, pipelines, power generation , water distribution and  other utilities), marine  (ships & other vessels), railways, nuclear power plants, thermal power plants, renewable power generation plants all make extensive use of Industrial automation and safety systems. These are also known as Industrial Automation Control Systems (IACS) or as OT (Operational Technology). Protecting these systems from cyber attacks is known as OT security.

This is distinct from IT security, which is the technology used to protect Information Technology systems such as Banking, Stock Market systems, currency trading systems or corporate ERP systems.

Why is OT Security important?

Today the threat environment has changed. Typically many manufacturing plants and critical infrastructure that exists today was built many years ago. At that time a typical control system was not built for resilience against malicious attacks and even today many of these ICS environments, use older operating systems for their Human Machine interface (Operator and Engineering stations). Industrial Control Systems in older plants, may run on a very old operating systems and software, which may be difficult to upgrade and patch.

For Asset owners, this is a huge problem because an attack on an IACS may result in an accident that causes damage to assets, people and the environment, which is not  affordable because of stringent laws and regulations. On the other hand, malicious actors can easily attack plant assets (not just computer hardware but actual process equipment), via the industrial networks that monitor and control them, because a lot of data about vulnerabilities of DCS, PLC, SCADA and similar systems is easily available online.

When malicious entities target and attack your control system then you may not only

      • Lose your Intellectual Property  (data) such as batch recipes, setpoints, process data, production figures, yield ratios) that are stored in the ICS environments.

      • Put your Assets at risk (the breached Industrial Control systems may execute unwanted actions that can cause fires, explosions and environmental damage)

      • Drop Ransomware on your IT networks due to interconnection with Industrial networks
      • Damage your organization’s reputation and market capitalization
      • Run afoul of the law

The asset owners may need to prepare an incident response protocol along with other professional support services that will take these above into account.

Key Benefits of the Course

Earn Certificates and Badges

Industrial Cybersecurity Professional badge
Certified Industrial Cybersecurity Professional

Testimonial

 

“I am working in one of the world’s leading EPC company , engaged in the Cement and Mining industry. We purchased the ICS CYBER SECURITY TRAINING & CERTIFICATION e-learning courses. I found this course to be very informative and easy to understand. I and my colleagues completed the course successfully and got the certificates and badges. I personally recommend this course whoever interested to learn about Industrial Control System Cybersecurity.

I wish success for Abhisam team for their great work.”

D. Anbudurai , FLSmidth

Free Industrial Cybersecurity Report

Download the Abhisam Industrial Cybersecurity report now. No sign up required. Industrial Cybersecurity Report

Who should take this course?

This course can be taken by anybody wishing to learn about OT Security. You need to know the basics of computer system networks.  The following roles will find this especially useful:

    1. Instrument, Control Systems or Automation Engineers with experience in industry.
    2.  IT security professionals who wish to expand their domain into OT security.
    3. IT professionals who wish to know about OT security.

Choose from any of the versions.

Scroll below to see complete contents.

Standard

For one learner
$ 595
  • Course Duration: 60 hours of self paced learning (Earn 60 PDH)
  • Access the course online 24/7 via any device for one year
  • Exam & Certification as CICP for one learner
  • Course Completion Certificate for one learner

Professional

For one learner
$ 795
  • Everything in Standard plus
  • Includes additional Advanced modules such as IEC 62443-2-4 compliance & Supply chain security
  • Earn 70 PDH when you complete Advanced Module 2
  • Access the course for 3 years with all updates

Professional (Payment Plan)

For one learner
$ 205 X 4
  • Monthly affordable Installments
  • Pay in 4 installments of $205 each
  • Everything in Professional

Get Trial Access to all Abhisam courses, including this Industrial Cybersecurity course for $7. You will NOT be billed automatically after trial ends.

Table of Contents

Please expand the + sign to show what is inside each module.

This module is to introduce you to the subject of Industrial Cybersecurity.

Overview of Industrial Automation & Control Systems (DCS/PLC/SCADA/SIS)

  • Introduction to Industrial Control Systems

  • Industrial Control Systems Application Areas

  • Cyber physical systems

  • Evolution of Industrial Control Systems

  • Pneumatic Controllers

  • Single Loop Controller architecture

  • Control Rooms

  • Control Room & Field

  • Analog Electronic Signals

  • Traditional Controls

  • Point to Point Architecture

  • DDC to DCS

  • DCS

  • DCS as a group of controllers

  • DCS Connection to field devices

  • Fieldbus

  • MODBUS

  • Programmable Logic Controllers

  • PLC HMI

  • SCADA

  • PLC-SCADA

  • Safety Instrumented Systems

  • SIS Cybersecurity

  • Typical Industrial Control System Architecture

  • Automation Hierarchy

  • Conclusion

Basic Concepts of Cybersecurity

  • Cybersecurity Basics

  • Cybersecurity Policy

  • Authorized Access

  • Unauthorized Access

  • Brute Force Attacks

  • Secure Communication

  • Authentication

  • Non Repudiation

  • Encryption

  • Public and Private Keys

  • Locking and Unlocking

  • Public Key Cryptography

  • Digital Signature

  • Defense in Depth

  • Privileges

  • Role of Malware

  • Understanding malware delivery

  • Attack Surface

  • Threats & Vulnerabilities

  • Viruses

  • Worms

  • Trojans

  • Types of Trojans

  • Ransomware

  • Scareware

    Spyware

  • Command & Control

  • Firewalls

  • Firewall Basic Working

  • Classes of Firewalls

  • Deep Packet Inspection Firewalls

  • Intrusion Detection Systems

  • Denial of Service

  • Distributed Denial of Service

  • Telephonic Denial of Service

  • Penetration Testing

  • Backdoors

  • Backdoor Example

  • Demilitarized Zone

  • Privilege Escalation

  • Network Hardening

Threats to IACS

  • Introduction

  • Threats to IACS

  • IACS Threat Severity

  • Vulnerability Causes

  • Increased Connectivity

  • Insecure by design

  • Use of COTS

  • Shodan

  • Skill Levels needed

  • Lack of awareness

  • Predisposing Conditions

  • Four Steps to an Attack

  • Vectors

  • Phishing

  • Spear Phishing

  • Social Engineering

  • Fake Profiles

  • Insecure Connections & Firewalls

  • Malicious Websites

  • Waterholing

  • Fake Updates and Pirated Software

  • USB Drives

  • Devices and Software with Vulnerabilities

  • Buffer Overflow

  • SQL Injection

  • APT

  • Port Scanning

  • Cross Site Scripting

  • Packet Sniffing

  • Zero Day Exploits

  • Exploit Markets

  • IACS Attack Categories

  • ICS Targeted attacks

  • Attack Sequence of Events

  • Man in the middle attack

  • MITM in ICS

  • Denial of Service

  • Replay attack

  • Spoofing

  • Blended Attacks

  • More Information

IACS  & OT Security Standards

  • Introduction

  • ISA99- Purdue Model

  • IEC 62443 Standard

  • Overview of IEC 62443

  • Foundational Requirements of IEC 62443
  • ANSI/ISA/IEC 62443 Standard Organization

  • Zones, Conduits and Security Levels

  • Zone partitioning Case Study

  • Security Level Types

  • Security Levels

  • IEC 62443-2

  • IEC 62443-3

  • IEC 62443-4

  • Cybersecurity Management System & Incident Response
  • ISA Secure Scheme

  • ISO 31000

  • ISO 27000

  • IEC 61508

  • IEC 61508 implementations

  • IEC 61511

  • IEC 61511- More clauses

  • SIS Implications

Risk Assessment & Risk Management

  • Introduction

  • ABC Industries Risk Assessment

  • Risk Assessment & Mitigation

  • Non Safety Consequences

  • Risk Assessment Process

  • Security Vulnerability Analysis

  • IACS Evaluation

  • Initial Risk Assessment

  • Threat Assessment

  • IACS Vulnerabiility

  • Consequence Analysis

  • Example Calculation

  • Tolerable Risk

  • Modification-Small Site

  • Modification-Medium Site

  • Modification-Large Site

  • Modification-Remote Site

  • Seven Steps

  • Second Risk Assessment

  • Periodic Assessment

  • Cyberattack Mitigation

This module explains the IACS cybersecurity lifecycle. It has 10 sections as below:

1.People, Policies, Procedures & Standards.

    • Roles & Responsibilities
    • Use Least Privilege
    • Privilege Escalation
    • Standards
    • Recommended Practices
    • Technical Reports
    • Which Standards to use
    • IEC 62443, NIST 800-82 and NERC CIP


2. Hazard and Risk Assessment

    • Example
    • Overfill Prevention System
    • OPS Vulnerability
    • Risk Assessment Techniques
    • Consequences
    • Risk Matrix based techniques
    • Types of Risk Matrices
    • Security Vulnerability Analysis


3. Asset Inventory Management

    • What are IACS Assets
    • Other IACS related systems
    • Software tools
    • Asset Monitoring
    • Sample format


4. Training & Competency Management

    • Introduction
    • Training IACS related personnel
    • Types of training
    • Competency Management


5. Secure Architecture, Devices, Configuration and Software coding practices

    • Introduction
    • Secure Architecture
    • Firewalls and Unidirectional Gateways-1
    • Firewalls & UGWs-2
    • How unidirectional gateways work
    • Internet facing devices
    • Portable IACS Devices
    • Vendor brought portable IACS devices
    • Secure configuration
    • Secure software
    • Top 20 coding practices for PLCs


6. Intrusion Detection & Prevention

    • Intrusions
    • Intrusion Detection Methods
    • Intrusion Detection System (IDS)
    • Anomaly detection
    • Hybrid detection technique
    • Example IDS working
    • Other signs of intrusion
    • Perimeter security


7. Event Logging & Analysis

    • What is event logging in IACS
    • Importance of ICS event logs
    • Trigger events
    • Clocks and Time stamping systems
    • Time synchronization and Network Time Protocol (NTP)
    • Time servers
    • IACS Event logging coverage
    •  Log access Permissions
    • Data Historians


8. Incident Response

    • Incident Response capability
    • Incident Response Planning
    • Incident Response organization
    • Integration with site Emergency Plan
    • Incident Response Team composition
    • Incident Response Team Roles and Responsibilities
    • Incident Response Policy
    • Incident Response Procedures
    • Incident Recognition
    • Containment
    • Remediation
    • Recovery


9. Backup & Restore

    • Why separate IACS Backup and Recovery
    • IACS Backup and Recovery Plan
    • Disaster Management
    • Automated backups
    • Backup Testing
    • Backup before patching
    • Backup after patching
    • Backup services from IACS vendors
    • Backup locations
    • Vulnerabilities in automatic backup systems
    • Case Study- Automatic Backup System vulnerability


10. Patch Management & Testing

    • History of IACS patching
    • Current state of IACS patching
    • Patching Vulnerabilities
    • Patch creation
    • Why patch management?
    • IEC 62443-2-3 patch management
    • Setting up an organization
    • Which devices to patch
    • Tracking new patches
    • Support lifecycle
    • Patch applicability
    • Patch authenticity verification
    • Patch deployment
    • Rollbacks
    • IACS Vendor supported automated patch management
    • Testing the patch deployment
    • When patches cannot be applied
    • Compensating Controls

Case Study

Learn in detail about Stuxnet, the most infamous Industrial Cyberattack till date. This is a must know module for security professionals.

In this module, we will view a demo of an attack on an Industry leading PLC using freely available tools.

Advanced Industrial Cybersecurity Modules-1

These are essential to know for security professionals and are in Standard as well as Professional versions

  • Understanding the Cyber Kill Chain for ICS security

  • Understanding the MITRE ATT&CK Matrix

  • ICS Honeypots

  • Other ICS device search engines like Shodan

  • Self Assessment for Advanced Module

The Advanced Module 2 is only available in the Professional version. This consists of the following modules:

  1. Understanding IEC 62443-2-4
    In this module, understand every detail of the IEC standard 62443-2-4. This is very useful for IACS vendors and system integrators to know how to comply with various aspects of this part of the standard. It is also useful for Asset Owners to know what to expect from a vendor when they follow this standard. Also, OT security auditors can understand how to check compliance to this part of the standard.
  2. IACS Supply Chain Cybersecurity (Coming Soon)

Be part of the Abhisam Cybersecurity Thriller!

Be part of the Red Team or Blue Team in this exercise that involves a manufacturing process and a control system.

(Coming Soon )

Before you take the Certification Exam you can take this mock test for practice.

After completing all the modules, you can take the exam. On passing, earn the title of CICP-Certified Industrial Cybersecurity Professional.

Still Have Questions? No Problem, Here's A List Of Our Most Frequently Asked Questions (FAQ).

What is this? Is it just a power point presentation?

No, it is NOT a power point presentation at all! It is a full fledged, comprehensive e-learning course that we call as an XPRTU. It has text, graphics, animations, videos, exercises that form a complete learning course.

 

How do I get  Certified as a CICP?

Simply take the Abhisam online exam within the validity of the license period and complete the assignment. On passing the exam and on acceptance of the assignment, you get an Electronic Certificate (pdf) as well as a Badge  that you can display online on places such as LinkedIn or Facebook.

Do I have to take the exam and assignment?

Only if you wish to qualify as a CICP. If you do not wish, you can always opt to receive a Certificate of Course completion.

 

What does the $7 trial include?

The $7 trial includes trial access to ALL the courses in the Abhisam Catalog for a limited time.

After the trial is over you can choose to either buy an individual course OR subscribe to the GOLD or PLATINUM membership plans.

Your card will not be billed automatically.

 

Which versions are available?

This course is available as either  Standard version,   Professional version, or as part of the Abhisam GOLD membership level.

The Standard version allows you to access the course online from any device (PC/tablet/smartphone) that has an internet connection and a browser that supports HTML 5 (such as Mozilla Firefox, Google Chrome, Internet Explorer, Microsoft Edge, Opera, etc). You can access the course for a period of one year, within which you need to take the exam and complete the assignment to earn a Certificate (electronic) and the designation of CICP. You will also earn an electronic badge that can be displayed online on LinkedIn and similar portals.

The Professional version allows you to  access the course for a period of 3 years. Additionally, you also get access to some more advanced modules.

The content in the Standard and Professional versions is the same, except that the Professional version has some additional advanced modules.

 

What is the Enterprise version?

This is meant for organizations with 10 or more learners. Contact Us for pricing.

What is the Abhisam GOLD membership?

When you subscribe to the Abhisam GOLD membership, you get access to all the courses in the Abhisam Catalog, by paying just one low monthly subscription. You can also get a free certification exam every month. If you are interested in taking a bunch of courses, then the GOLD membership gives you an affordable plan to do this. This is available to individuals only.

What is the Abhisam Platinum membership?

This is meant for organizations with multiple learners. When you subscribe to the Abhisam Platinum membership, your learners get access to all the courses in the Abhisam Catalog, by paying just one low Enterprise yearly subscription. You can also get a free certification exam every month.  Additionally you also get a Dashboard where your Training Manager can see the progress of the learners, such as learner module completion, login times, test scores, etc.

What is the ordering process?

When you click on the Buy Now button, you will be taken to the Fast Spring  secured payment site. Ordering is completely secure. You can pay online by either Credit Card or wire transfer/manual order. Note that you will get the license key to activate only after payment is approved.

Still Have Questions?

No Problem. Contact Us by filling the form below and we will get back to you.

Free Industrial Cybersecurity White Papers

IEC 62443 Training

IEC 62443 is one of the main Industrial Cybersecurity standards today. It is officially known as ANSI/ISA/IEC 62443. It is not one single document, but a set of standards and practices, technical publications directed at various stakeholders such as Asset Owners, IACS vendors, IACS system integrators and other entities who are involved in the design, installation, commissioning and maintenance of Operational Technology (OT) systems.

Questions?

Contact Us by filling the form below OR call us OR email

Contact Form Demo (#2)