Image

Introduction to ICS/SCADA Cybersecurity Workshop by EC-Council

Monday, June 2, 2025

Location: Chicago Conference Center
205 West Wacker Drive
Chicago, Illinois, 60605

Kevin Cardwell
Instructor
Kevin Cardwell
President
Cyber2Labs
profile

Workshop Agenda

Note: Subject to change

Overview of ICS/SCADA Systems
 What are ICS/SCADA systems?
 Common components: PLCs, RTUs, HMIs, etc.
 Industrial protocols: Modbus, DNP3, IEC 61850
 Differences between IT and OT environments
 Standards & Regulations (NIST 800-82, IEC 62443, NERC CIP)

Hands-On:
 Network scanning & asset discovery in a simulated ICS environment

Cybersecurity Challenges in ICS/SCADA
 Unique vulnerabilities and attack vectors
 Consequences of cyberattacks on critical infrastructure
 Attack techniques (MITRE ATT&CK for ICS)
 Case studies: Stuxnet, Triton, Industroyer

Hands-On:
 Traffic capture & analysis using Wireshark

ICS Network Security & Segmentation
 Implementing DMZs and security zones best practices
 Configuring firewalls
 Intrusion Detection & Prevention in ICS/SCADA

Hands-On:
 Configuring an ICS firewall & network segmentation
  Setting up and configuring IDS/IPS for ICS protocols
  Analyzing network traffic for anomalies
  Demonstrating the detection of common ICS attacks

Hands-On:
 Log analysis & detecting unauthorized Modbus commands

Protocol Analysis and Monitoring
 Using Wireshark or similar tools to capture and analyze ICS protocol traffic
 Identifying suspicious communication patterns
 Setting up alerts for specific protocol events
 Intrusion Detection & Prevention in ICS/SCADA
 Defending against unauthorized access

Hands-On:
 Deploying Snort/Suricata for ICS network monitoring

Securing ICS/SCADA Environments
 Hardening ICS devices & protocols
 Securing PLCs
 Risk assessment & resilience planning

Hands-On:
 Securing ICS endpoints

Incident Response and Recovery
 Developing incident response procedures
 Communication and coordination
 Incident response framework for ICS breaches
 Log analysis & anomaly detection

Hands-On:
 Investigating an ICS breach scenario

Register