Certificate Programs: Industrial Control Systems Security

Certificate Programs: Industrial Control Systems Security

As an independent offering, the graduate certificate in Industrial Control Systems Security is a highly technical, 12 credit hour program with a cohesive and progressive set of learning outcomes. These learning outcomes focused on teaching applied technologies used to defend and secure industrial control systems, operations technology, or cyber-physical systems. The Industrial Control Systems Security graduate certificate program provides a broad and integrated mechanism for students to learn the essential security awareness, work-specific knowledge, and hands-on technical skills needed to secure automation and control system technology.

The SANS Technology Institute's graduate certificate programs provide short, technically focused sets of courses that sharpen your skills and keep your knowledge current. Flexible scheduling and monthly admissions windows mean you can earn the graduate certificate in roughly two years. Credits earned in the certificate program may be applied directly towards the master's degree program should you later apply and be accepted.

Curriculum - 12 Credit Hours

Expand each course for a full description.

Core Courses (9 Credit Hours):
ISE 6515: ICS/SCADA Security Essentials   |   ICS 410, GICSP

Content: SANS ICS 410: ICS/SCADA Security Essentials
Assessment: GIAC GICSP Exam
3 Credit Hours

ISE 6515 ICS/SCADA Security Essentials is an introductory study of how information technologies and operational technologies have converged in today's industrial control system environments. This convergence has led to a greater need than ever for a common understanding between the various groups who support or rely on these systems. Students in ISE 6515 will learn the language, the underlying theory, and the basic tools for industrial control system security in settings across a wide range of industry sectors and applications.

ISE 6520: ICS Active Defense and Incident Response    |   ICS 515, GRID

Content: SANS ICS 515: ICS Active Defense and Incident Response
Assessment: GIAC GRID Exam
3 Credit Hours

ISE 6520 will empower students to understand their networked industrial control system environment, monitor it for threats, perform incident response against identified threats, and learn from interactions with the adversary to enhance network security.

ISE 6525: Essentials for NERC Critical Infrastructure Protection   |   ICS 456, GCIP

Content: SANS ICS 456: Essentials for NERC Critical Infrastructure Protection
Assessment: GIAC GCIP Exam
3 Credit Hours

ISE 6525 empowers students with knowledge of the "what" and the "how" of the version 5/6 standards. The course addresses the role of FERC, NERC and the Regional Entities, provides multiple approaches for identifying and categorizing BES Cyber Systems and helps asset owners determine the requirements applicable to specific implementations. Additionally, the course covers implementation strategies for the version 5/6 requirements with a balanced practitioner approach to both cybersecurity benefits, as well as regulatory compliance.

The NERC Critical Infrastructure Protection Essentials course was developed by SANS ICS team members with extensive electric industry experience including former Registered Entity Primary Contacts, a former NERC officer, and a Co-Chair of the NERC CIP Interpretation Drafting Team. Together the authors bring real-world, practitioner experience gained from developing and maintaining NERC CIP and NERC 693 compliance programs and actively participating in the standards development process.

Elective Course (3 Credit Hours):

Students choose one of the following.

Technical Elective Course    |   SANS Class, GIAC Exam

Content: SANS Class
Assessment: GIAC Exam
3 Credit Hours

Students may choose any 3-credit hour technical course from an approved list of elective courses.

Graduate Writing Practicum    |   Hosted Course, White Paper

Content: SANS Hosted Course
Course Assessment: White Paper
3 Credit Hours

Students will select one of the following hosted courses and topics. Hosted courses are only available in a live, in-person format.

ISE 6590 Assessing and Exploiting Control Systems

ISE 6590 is a graduate-level research course in which students will identify, investigate and analyze a problem related to the assessment and/or exploitation of controls systems. Specifically, this research will focus upon the penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications.

ISE 6595 Critical Infrastructure and Control System Cybersecurity

ISE 6595 is a graduate-level research course in which students will identify, investigate and analyze a problem related to control system cybersecurity vulnerabilities, threats and mitigating controls. This course will provide hands-on analysis of control system environments, allowing students to understand the environmental, operational and economic impacts of attacks like Stuxnet and supporting mitigating controls.

Learn How To

  1. Develop and reinforce a common language and understanding of Industrial Control System (ICS) cybersecurity as well as the important considerations that come with cyber-to-physical operations within these environments.
  2. Understand secure architecture design and defense in-depth strategies to secure ICS environments that are increasingly integrated with industrial Internet of things (IIoT) and traditional business systems.
  3. Deconstruct ICS targeting attacks and malware, understand normal ICS network baselines, and leverage active defense strategies that ensure safe and reliable operations.
  4. Explore multiple approaches to NERC CIP compliance and how these standards can be used as the model for establishing strong management and governance controls and examine a series of architectures, strategies, and difficult compliance questions in a way that highlights the reliability and cybersecurity strengths of particular approaches.
  5. Identify segmentation techniques that separate control traffic from other non-trusted traffic and methods to actively monitor ICS environments and respond to ICS incidents.

Quick Links:

Admissions Deadlines & Application Requirements
Tuition & Options for Funding