Close this search box.

Simulated Real-World Cybersecurity Event Training

In today’s technologically advanced environment, the motors, pumps, substations, switches and valves that control and operate our nation’s critical infrastructure systems are connected to the internet and vulnerable to cyberattacks. Hacking organizations around the world have already proven they can turn off the electricity to hundreds of thousands of homes by remotely accessing and changing the command settings of operational technology.

Control systems, or operational technology, are responsible for managing the flow of electricity, the distribution of clean water and the processing of telecommunication information, among many other critical commands. But these systems were designed and deployed before the internet existed, and they don’t always include updated and modern security features. With multimillion dollar price tags, long production lead times and lifespans that last several decades, replacing existing equipment is a difficult and costly endeavor.

To reduce the consequences of cyber-enabled sabotage, the U.S. Department of Energy’s Office of Cybersecurity, Energy Security and Emergency Response (CESER), in collaboration Idaho National Laboratory (INL), developed the CyberStrike training program. This program works to enhance the ability of energy sector owners and operators to prepare for a cyber incident impacting operational technology.


LIGHTS OUT (Electric Sector)

The CyberStrike LIGHTS OUT training workshop was designed to enhance the ability of energy sector owners and operators to prepare for a cyber incident impacting industrial control systems. This training offers participants a hands-on, simulated demonstration of a cyberattack, drawing from elements of the 2015 and 2016 cyber incidents in Ukraine.


The SHADOW VALVE workshop is a sister to the original LIGHTS OUT workshop that has been tailored to fit the oil and natural gas (ONG) sector. SHADOW VALVE participants engage in exercises that use a control program for an oil and gas separation process instead of an electric system process

NEMESIS (All Sectors)

The CyberStrike NEMESIS training workshop builds upon lessons learned in the CyberStrike LIGHTS OUT workshop by offering an in-depth look at the tactics, techniques, and procedures (TTP) used by the most sophisticated cyber adversary groups targeting industrial control systems (ICS).

STORMCLOUD (Renewable Energy Sector)

The CyberStrike STORMCLOUD training workshop was designed to enhance the ability of energy sector owners and operators to prepare for a cyber incident impacting control systems associated with renewable energy technologies. This training offers participants a hands-on, simulated demonstration of cyberattacks directed at wind, solar, and electric vehicles (EV).


FORENSIC ANALYSIS (Technical Analysts)

The FORENSIC ANALYSIS workshop engages participants in several cyberattack scenarios where they are asked to analyze firewall and Zeek logs, network traffic packet captures, malware signatures, and suspicious files. Using this information, participants puzzle out how different ICS cyberattacks occur, ultimately understanding how to better protect their assets, systems, and networks.

Continuing Education Units

CyberStrike is accredited to issue IACET Continuing Education Units (CEU). Trainees will be granted CEU credit upon completion of each of the CyberStrike training workshops.

Disclaimer: Training personnel do not discriminate based on race, color, religion, national origin, sexual orientation, physical or mental disability, or gender expression/identity. Additionally, they do not possess proprietary interest in any product, instrument, device, service or material discussed in this course.


Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today by improving energy infrastructure security and supporting the Department of Energy’s national security mission. CESER’s focus is preparedness and response activities to natural and man-made threats, while ensuring a stronger, more prosperous, and secure future for the nation.

Participating Organizations

Idaho National Laboratory is a world leader in providing industrial control system (ICS) cybersecurity workforce training and development. The laboratory’s distinctive history in protecting critical infrastructure systems puts the lab at the forefront of thought leadership and applied innovation in critical infrastructure cybersecurity education. INL uses a comprehensive approach to developing ICS cybersecurity training programs that can be tailored to meet the energy sector’s needs identified by the DOE, utilities, and other organizations.

Contact Information

Michelle Farrell

Contact Information

Cyberstrike Program

Idaho National Laboratory