This one day introductory course provides valuable insight into the weaknesses and vulnerabilities within common Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) environments. We will discuss infamous and more recent critical infrastructure cyber-attack case studies and the vital lessons learnt. Identify systems that are discoverable and understand suitable countermeasures, threats and ICS technical controls.

Target Audience

This course is aimed at operational / engineering teams, IT staff and security practitioners working in public and private sectors who are looking to gain and insight and awareness of the security vulnerability exposure and defensive countermeasures for industrial control systems.


There are no prerequisites for this course, however, participants are expected to have a basic understanding of computers and the internet.

Learning Outcomes

  • Control systems – closed loop systems
  • ICS logic systems – relay, ladder, programmable systems
  • ICS security
  • Control system vulnerabilities and weaknesses
  • ICS technical security controls
  • Discoverable systems - countermeasures
  • Governance and standards

Course Outline

Module 1 – Introduction to ICS and SCADA

Introduce concepts and function of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA)

  • Control systems
    • Closed loop systems
  • ICS
    • Relay logic
    • Programmable logic controllers
    • PLC Programming
    • Sequential function charts
    • Ladder logic
    • ICS Network protocols
  • ICS Security

Module 2 – Introduction to Industrial Control Systems Security

  • When control systems go wrong
  • Critical national infrastructure (CNI)
    • Centre for the protection of national infrastructure (CPNI)
  • Vulnerable systems
  • Case study – STUXNET, Black Energy
  • Not all ICS systems are designed with security in mind
  • ICS common vulnerabilities
  • Visible & discoverable ICS systems
  • Risk management
  • Defence in depth modified Purdue Model
  • Typical ICS technical security controls
  • Governance regulations
  • Security standards

Cyber Security learning paths

Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.

= Required
= Certification
Cyber Management
Cyber Tech
Security Auditor
Intrusion Analyst
CompTIA Security Includes Security+, CySA+ and CASP
Industrial Control Systems & Operational Technology Technical
Industrial Control Systems & Operational Technology Management
AppSec Average salary: £67,250 (based on QA research)
CompTIA Security Average salary: £57,000 (based on QA research)

Please complete this form and we'll be in touch

Hide form
Please enter a date or timescale
Please type in a preferred location or region...