ICS Operations Playbook
RCCE students will learn Industrial Control System security including PLC programming security, DCS architecture protection, safety instrumented system integrity, industrial protocol analysis, and ICS-specific incident response. RCCE students will learn to assess ICS environments for cybersecurity vulnerabilities, implement defense-in-depth for industrial control networks, monitor ICS communications for unauthorized commands, detect and respond to attacks targeting programmable logic controllers and distributed control systems, maintain safety system integrity during cyber incidents, apply ICS security standards including IEC 62443 and NIST SP 800-82, and bridge the gap between IT security teams and OT operations staff. This operations-focused course delivers production-ready playbooks, checklists, and standard operating procedures. Building on core knowledge, RCCE students will learn to build repeatable day-to-day operational workflows that ensure consistency and quality. Students receive templates and frameworks they can customize and deploy immediately in their security operations, reducing time to operational effectiveness.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing ICS Operations Playbook
- Execute hands-on tasks for ics operations playbook
- Execute hands-on tasks for assess & identify — covering ICS environments for, Classify OT assets by criticality.
- Execute hands-on tasks for defend & protect — covering defense-in-depth for ICS.
- Monitor and audit privilege usage; detect escalation attempts, including ICS communications for.
- Execute hands-on tasks for operate & sustain — covering Build repeatable day-to-day OT.
- Explain ICS Fundamentals Overview fundamentals — covering Supervisory control for distributed, Centralized control of complex.
- Design a scalable privilege management architecture with policy and enforcement, including Supervisory control for distributed, Centralized control of complex, and Programmable logic for discrete.
- Execute hands-on tasks for plc controllers — covering Supervisory control for distributed.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for enterprise network
- Execute hands-on tasks for business planning
- Execute hands-on tasks for plc programming languages — covering Ladder Logic (LD) — relay-based, Function Block Diagram (FBD).
| Module 01 | ICS Operations Playbook |
| Module 02 | Assess & Identify |
| Module 03 | Defend & Protect |
| Module 04 | Monitor & Respond |
| Module 05 | Operate & Sustain |
| Module 06 | ICS Fundamentals Overview |
| Module 07 | DCS Architecture |
| Module 08 | PLC Controllers |
| Module 09 | Purdue Model Reference Architecture |
| Module 10 | Enterprise Network |
| Module 11 | Business Planning |
| Module 12 | PLC Programming Languages |
| Module 13 | Ladder Logic (LD) — relay-based |
| Module 14 | Security Concerns |
All hands-on labs run on Rocheston Rose X OS. Students practice ics operations playbook by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for ics operations playbook
- Lab 2: Execute hands-on tasks for assess & identify
- Lab 3: Execute hands-on tasks for defend & protect
- Lab 4: Monitor and audit privilege usage; detect escalation attempts
- Lab 5: Execute hands-on tasks for operate & sustain
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for ICS Operations Playbook, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI