CybersecurityTraining cybersecurity professionals to protect critical infrastructure

Published 5 June 2017

Idaho National Laboratory and the Department of Homeland Security (DHS) announce the successful completion of the 100th iteration of the Industrial Control Systems Cybersecurity (301) training course; a course tailored to defending systems used across the critical infrastructure sectors. Since April 2007, over 4,000 cybersecurity professionals have participated in the advanced course.

Idaho National Laboratory and the Department of Homeland Security (DHS) announce the successful completion of the 100th iteration of the Industrial Control Systems Cybersecurity (301) training course; a course tailored to defending systems used across the critical infrastructure sectors.

“This training milestone reflects an important collaboration between INL and DHS,” said Zach Tudor, associate laboratory director for National and Homeland Security. “I am proud of our team for enabling the security of the nation’s critical infrastructure through this unique course.”

INL says that since April 2007, over 4,000 cybersecurity professionals have participated in the advanced course. These professionals represent all fifty states, the international cyber community and all sixteen of the U.S. critical infrastructures. The training is conducted in Idaho Falls, Idaho, and is hosted by the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

“The success of this advanced training and our public-private partnership to secure critical infrastructure though the support of asset owners and operators is undeniable,” said Marty Edwards, the ICS-CERT director. “We rely on close partnerships with those who interact with critical infrastructure every day. We applaud industry for being a strategic partner in the protection of our national interests.”

The training provides a hands-on approach to understanding the network environment, identifying potential vulnerabilities and evaluating how those may be exploited, and using defensive and mitigation strategies to protect the control system networks.

The weeklong course concludes with a Red Team/Blue Team exercise that takes place within an actual control systems environment. During the eight-hour exercise conducted on the fourth day, participants are either attacking infrastructure (Red Team) or defending it (Blue Team). Instructors task Blue Team members with providing the cyber defense for a corporate environment and with maintaining corporate operations. It also provides the opportunity to network and collaborate with other colleagues involved in operating and protecting control system networks.

“For over a decade, DHS has provided industrial control system owners and operators practical solutions to improve their cybersecurity – such as the training, tools and information to make timely decisions to protect their systems,” said Edwards. “These solutions have been developed collaboratively with industry – and are showing good benefits – the challenge is how to scale them and implement them at cyber speed.”

“Cyberspace makes it possible for businesses and government to operate, facilitates emergency preparedness communications and aids critical control systems processes,” said Tudor. “Protecting these systems is essential to the resilience and reliability of the nation’s critical infrastructure and key resources and to our economic and national security.”

DHS is responsible for protecting the U.S. critical infrastructure from physical and cyber threats. The National Cybersecurity and Communications Integration Center (NCCIC), part of the DHS Office of Cybersecurity and Communications (CS&C), serves as a central location where a diverse set of partners involved in cybersecurity and communications protection coordinate and synchronize their efforts.