Region 4 (Kentucky) ICS Cybersecurity Training

Actions Panel

Registrations are closed

Thank You! Your registration has been received. Your registration is not a guarantee of approval. Your application will be reviewed and if you are approved you will be notified via email. Your approval or denial email will be sent from

Region 4 (Kentucky) ICS Cybersecurity Training

Training on understanding, protecting, and securing Industrial Control Systems (ICS) from cyber-attacks.

When and where

Date and time


Kentucky Transportation Cabinet 200 Mero Street Frankfort, KY 40622

Map and directions

How to get there

About this event

Please Note: We will do everything possible to allow this training to proceed. However please be aware that due to Covid-19 or other circumstances beyond our control we may be forced to cancel this scheduled training. Please plan accordingly. There is no fee for attending the course. All other costs associated with transportation, food, lodging, etc. are the responsibility of the attendee..

Current Covid Restrictions:

  • Masks are required
  • Vaccinations are encouraged
  • Note that social distancing will not always be possible due to the nature of the classroom environment

Course Descriptions:

This course provides training on understanding, protecting, and securing Industrial Control Systems (ICS) from cyber-attacks. In order to understand how to best defend a system, trainees will learn about common vulnerabilities and the importance of understanding the environment they are tasked to protect. Learning the weaknesses of a system will enable trainees to implement the mitigation strategies and institute policies and programs that will provide the defense-in-depth needed to ensure a more secure ICS environment.

Prerequisite: Every student attending the courses must bring a laptop computer (no tablets) with wireless capability (to connect to the exercise networks) and a minimum of 8GB of RAM. A modified Kali distribution and a modified Security Onion VM containing additions to support classroom exercises will be used during the course. Each student must arrive with a VMware® software virtualization package (Workstation, Player, or Fusion) installed on their laptop. You must have administrator privileges to install the VM player.

Tuesday, February 22nd , 8:00 am – 12:00 pm

Introduction to Control Systems Cybersecurity (101): The purpose of this course is to introduce students to the basics of industrial control systems security. This includes a comparative analysis of IT and control system architecture, security vulnerabilities, and mitigation strategies unique to the control system domain.

Tuesday, February 22nd , 1:00 pm - 5:00pm

Cybersecurity Security Evaluation Tool (CSET): This exercise will demonstrate the primary functionality of CSET. Participants will walk through short examples on how to use the tool to perform a self-evaluation of a system. CSET is useful to self-evaluate against a number of industry standards. It can be very helpful in benchmarking how a company currently meets the selected standards and then tracking improvements, through the aid of scoring, customizable graphs, and charts. This tool includes a Visio-like drawing capability to create a network diagram with digital components to aid in documentation.

CSET is available for free download.

Wednesday, February 23rd , 8:00 am – 5:00 pm

Intermediate Cybersecurity for Industrial Control Systems, Lecture Part 1 (201): This course provides technical instruction on the protection of industrial control systems using offensive and defensive methods. Students will understand how cyber-attacks could be launched, why they work, and mitigation strategies to increase the cybersecurity posture of their control system. Demonstrations will include the use of software tools to establish a baseline of your network(s), and to monitor and analyze its traffic.

Thursday, February 24th and Friday February 25th 8:00 am – 5:00 pm

*Two courses will be presented alternately on Wednesday and Thursday, with 50 seats available for each class. Students will have the option to select which day they would prefer to take each course.

Intermediate Cybersecurity for Industrial Control Systems, Part 2 (202) Hands-on: Because this course is hands-on, students will get a deeper understanding of how the various tools work. Accompanying this course is a sample process control network that demonstrates exploits used for unauthorized control of the equipment and mitigation solutions. This network is also used during the course for the many hands-on exercises that will help the students develop control systems cybersecurity skills they can apply when they return to their jobs.

Thursday, February 24th and Friday February 25th 8:00 am – 5:00 pm

CyberStrike: Hands-on workshop for defending against an OT cyber attack :[No laptop required] This course offers a hands-on, simulated demonstration of a cyberattack, drawing form elements of the 2015 and 2016 cyber incidents in Ukraine. The instruction platform challenges course participants to defend against a cyberattack on the equipment they routinely encounter within their industrial control systems.

A certificate of completion and CEUs will be offered to those who complete each session of the course.

Note: This course is not a deep dive into training on specific tools, Control System protocols, Control System vulnerability details or exploits against Control System devices. The 101,201,202 designation is simply a course number and has no reference to a “100 or 200 level” course.

Who Should attend:

Members of the industrial control systems community associated with IT and process control network operations and security (Operations Technology, OT), operations or management of critical infrastructure (CI) assets and facilities, as well as those who provide CI components and software development.

Questions: For additional information please contact

Colin Glover

Cybersecurity Advisor

Region 4 – Kentucky

Cybersecurity and Infrastructure Security Agency (CISA)

In effort to help reach our intended audience, registrations using public email domains such as gmail, hotmail, yahoo, icloud, etc. may NOT be accepted. Please register using a work, government, or military email account. Registration is subject to review by CISA and does not guarantee participation with the training event.