ICS Threats and Detection
RCCE students will learn Industrial Control System security including PLC programming security, DCS architecture protection, safety instrumented system integrity, industrial protocol analysis, and ICS-specific incident response. RCCE students will learn to assess ICS environments for cybersecurity vulnerabilities, implement defense-in-depth for industrial control networks, monitor ICS communications for unauthorized commands, detect and respond to attacks targeting programmable logic controllers and distributed control systems, maintain safety system integrity during cyber incidents, apply ICS security standards including IEC 62443 and NIST SP 800-82, and bridge the gap between IT security teams and OT operations staff. This threat-focused course teaches students to think like adversaries while building robust defenses. Building on core knowledge, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing ICS Threats and Detection
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for advanced cyber defense mastery
- Explain Executive Overview fundamentals
- Execute hands-on tasks for course mission — covering Secure PLC, DCS, and SIS environments.
- Execute hands-on tasks for safety impact
- Execute hands-on tasks for operational impact
- Execute hands-on tasks for national security — covering Physical harm to personnel.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for security focus
- Execute hands-on tasks for enterprise network
- Execute hands-on tasks for business planning
| Module 01 | ICS Threats and Detection |
| Module 02 | Advanced Cyber Defense Mastery |
| Module 03 | Executive Overview |
| Module 04 | Course Mission |
| Module 05 | Safety Impact |
| Module 06 | Operational Impact |
| Module 07 | National Security |
| Module 08 | Core Definitions: ICS Architecture Components |
| Module 09 | Security Focus |
| Module 10 | ICS Architecture: Purdue Reference Model |
| Module 11 | Enterprise Network |
| Module 12 | Business Planning |
| Module 13 | ICS Threat Landscape |
| Module 14 | Ransomware in OT |
All hands-on labs run on Rocheston Rose X OS. Students practice ics threats and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Build detections and response workflows for privilege escalation
- Lab 2: Execute hands-on tasks for advanced cyber defense mastery
- Lab 3: Explain Executive Overview fundamentals
- Lab 4: Execute hands-on tasks for course mission
- Lab 5: Execute hands-on tasks for safety impact
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for ICS Threats and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI