Intelligence Analysis in the Industrial Control Systems and Operational Technology Environments

This full week class is intended to train physical security, intelligence, cyber security, risk management, and others requiring a nuanced understanding of ICS/OT complexitites. Industrial control system environments have become increasingly digitized and connected to the internet. Unlike traditional cyber threat intelligence courses that focus on Enterprise IT (EIT), this course will consider the various complexities industrial control systems (ICS) and operational technology (OT) pose. The course will explore the ICS/OT architecture, the SANS branded 5 controls, ICS/OT protocols, as well as several relevant case-studies outlining how these complex environments require specialized training in terms of conducting comprehensive cyber threat intelligence analysis in ICS and OT environments. The course will cover exotic protocols, full-spectrum threat intelligence analysis (hunting, detection engineering, as well as intelligence production) using MITRE ATT&CK for ICS, the ICS Kill-Chain model and the Diamond Threat model. This course has been developed by a SME with a PhD, 30+ years in cyber/threat, and direct experience ICS/OT threat-hunting.