301V ICS Cybersecurity Training

Actions Panel

Registrations are closed

This offering of the course is currently full. Please check the CISA ICS Training Calendar (www.us-cert.gov/ics/calendar) for upcoming class dates.

301V ICS Cybersecurity Training

Training on understanding, protecting, and securing Industrial Control Systems (ICS) from cyber-attacks.

When and where

Date and time


To be announced

About this event

This course provides training on understanding, protecting, and securing Industrial Control Systems (ICS) from cyber-attacks. In order to understand how to best defend a system, trainees will learn about common vulnerabilities and the importance of understanding the environment they are tasked to protect. Learning the weaknesses of a system will enable trainees to implement the mitigation strategies and institute policies and programs that will provide the defense-in-depth needed to ensure a more secure ICS environment.

The online course consists of pre-recorded videos compiled into sessions by our instructional staff:

  • Session 1: Overview of Industrial Control Systems including an attack demonstration
  • Session 2: Network Discovery and Mapping
  • Session 3: Network Defense, Detection, and Analysis
  • Session 4: The Exploitation Process
  • Session 5: Network Attacks and Exploits

This online class is a prerequisite to the red vs. blue exercise, therefore participation in this online course is required for you to attend a live 301 in Idaho Falls in the future. Registration for the in-person sessions in Idaho Falls, Idaho will be announced on the CISA ICS cybersecurity training calendar as they become available. This course will include exam questions throughout the material to test your learning. A passing score of 80% or better is required for those planning on attending the in-person session in Idaho Falls, Idaho.

Participants should plan on dedicating around 8-12 hours over the two week time period to complete the course. Participants can go through the sessions at their own pace during the two weeks, but the sessions must be completed in order. In other words, each session must be completed before the next session will be available for viewing.

A certificate of completion and CEUs will be offered to those who complete all sessions of the course.

The course is delivered through the CISA Virtual Learning Portal (VLP). We recommend that prospective 301v students create an account on the VLP to help expedite access to the course materials. The VLP hosts additional online cybersecurity trainings that are available at any time. The VLP can be found at the following URL: (https://ics-training.inl.gov/learn).

Note: This course is not a deep dive into training on specific tools, Control System protocols, Control System vulnerability details or exploits against Control System devices. The 301 designation is simply a course number and has no reference to a “300 level” course. The online version of the class does not currently include the classroom hands-on exercises or the red team vs. blue team exercise.

Who Should attend:

Members of the industrial control systems community associated with IT and process control network operations and security (Operations Technology, OT), operations or management of critical infrastructure (CI) assets and facilities, as well as those who provide CI components and software development.

In effort to help reach our intended audience, registrations using public email domains such as gmail, hotmail, yahoo, icloud, etc. may NOT be accepted. Please register using a work, government, or military email account. Registration is subject to review by CISA and does not guarantee participation with the training event.