Critical Infrastructure Protection Training

N&HS develops and deploys training and exercises to enhance critical infrastructure security.

CCE Accelerate Training

Course duration: 2 days
Training location: Various locations / Idaho Falls

Description: Course will provide participants with a fundamental knowledge of the CCE methodology focused on securing the nation’s critical infrastructure systems. Participants should be critical infrastructure owners, operators, vendors, and manufacturers.

The following training is developed and conducted with support from the U.S. Department of Homeland Security (DHS):

Army ICS OT Assessment Training (DOD ONLY)

Official Course Name: Army Industrial Control Systems (ICS) Operational Technology (OT) Assessment Training
Course duration: 67 hours / 10 days
Location: Idaho National Laboratory (INL) / Idaho Falls
Army Cyber Command Contact: SFC Houtman /

DOD Only – Register Here

Course Description: This course is intended for U.S. military and/or Department of Defense personnel assigned to conduct cyber vulnerability evaluations of DOD critical infrastructure.

This course will provide the knowledge, skills, and abilities to complete NDAA 1650 2017 critical infrastructure assessments as follows:

  • ICS cybersecurity posture at the device, system, and/or architecture levels
  • Utilizing OT mission specific hardware and software tools in a Cyber Assessment Kit (CAK) to complete assessment objectives within the course
  • Cradle to grave ICS Assessment process including RFI fulfillment to on-site out-brief
  • Section capstone (mini) exercises, performed in teams, measuring training efficacy and retained skill. Mini-exercises scored on 20 specific objectives, per training section, based on progressive skill level as Beginner, Familiar, Proficient/Expert, and Mastery.
  • A final capstone assessment exercise formed in assessment-like size teams ‘mimicking’ a live assessment. Assessment scored and hot-washed against expected assessment products like those required for live assessment.


Training location: Online

Register online for the following ICS-CERT courses:


Training location: Various locations / Idaho Falls, ID
Contact for registration:

Introduction to Control Systems Cybersecurity | 101
Course duration: 1 day
Introduction to the basics of industrial control systems security. This includes a comparative analysis of IT and ICS architecture, understanding risk in terms of consequence, security vulnerabilities within ICS environments, and effective cyber risk mitigation strategies for the control system domain. Part of the 101/201/202 series.

After attending this course, you will be able to:

  • Describe ICS deployments, components, and information flow
  • Differentiate cybersecurity within IT and ICS domains
  • Explain a cyber exploit in an ICS architecture
  • Recognize sector dependencies
  • Identify cybersecurity resources available within NPPD

Intermediate Cybersecurity for Industrial Control Systems | 201-Part 1 
Course duration: 1 day
Continues technical instruction on the protection of industrial control systems using offensive and defensive methods. Trainees will recognize how cyberattacks are launched, why they work, and mitigation strategies to increase the cybersecurity posture of their control system networks. Prerequisite is 101. Part of a 101/201/202 series.

After attending this course, you will be able to:

  • Describe ladder logic
  • Describe network discovery
  • Discuss the three main stages of an attack
  • Create a baseline using CSET
  • Describe defense-in-depth strategies

Intermediate Cybersecurity for Industrial Control Systems | 202-Part 2
Course duration: 1 day
Hands-on course that provides a brief review of industrial control systems security and includes a comparative analysis of IT and control system architecture, security vulnerabilities, and mitigation strategies unique to the control systems domain. Students will get a deeper understanding of how the various tools work. Accompanying this course is a sample process control network that demonstrates exploits used for unauthorized control of the equipment and mitigation solutions. Use of this network during course exercises will help the students develop control systems cybersecurity skills they can apply in their work environment. Prerequisite is 201. Part of a 101/201/202 series.

After attending this course, you will be able to:

  • Identify risks in ICSs
  • Demonstrate a process control exploitation
  • Use passive discovery tools
  • Use active discovery tools
  • Describe Metasploit
  • Use the Metasploit Framework
  • Discuss basic web hacking techniques
  • Describe password security
  • Discuss wireless attacks and exploits
  • Describe packet analysis
  • Define intrusion detection and prevention systems

Industrial Control Systems Cybersecurity | 301
Course duration: 1 week
Extensive hands-on training on understanding, protecting, and securing industrial control systems (ICSs) from cyberattacks and includes a Red Team/Blue Team exercise conducted within an actual control systems environment. Trainees will learn about common vulnerabilities and the importance of understanding the environment they are tasked to protect. Learning the weaknesses of a system will enable trainees to implement the mitigation strategies and institute policies and programs that will provide the defense in depth needed to ensure a more secure ICS environment. The training offers the opportunity to network and collaborate with other colleagues involved in operating and protecting control system networks. Course consists of: six sessions, a Red Team/Blue Team exercise, and a discussion of the lessons learned.