SCADA security Incident Handling
RCCE students will learn Supervisory Control and Data Acquisition system security including SCADA architecture, communication protocols (Modbus, DNP3, OPC), HMI security, historian database protection, and SCADA network monitoring. RCCE students will learn to identify SCADA-specific vulnerabilities, assess SCADA system security without disrupting operations, implement network segmentation between SCADA and enterprise networks, monitor SCADA communications for anomalous commands, detect unauthorized modifications to SCADA configurations, secure remote access to SCADA systems, and respond to SCADA security incidents while prioritizing operational safety and process continuity. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. Building on core knowledge, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing SCADA security Incident Handling
- Execute hands-on tasks for incident handling
- Explain Course Overview fundamentals
- Execute hands-on tasks for core knowledge areas
- Execute hands-on tasks for incident handling skills — covering SCADA architecture and components, Containment without process disruption.
- Explain SCADA Architecture Overview fundamentals
- Execute hands-on tasks for level 4: enterprise network
- Execute hands-on tasks for level 3: site operations
- Execute hands-on tasks for historian, engineering workstations
- Execute hands-on tasks for level 2: control system
- Execute hands-on tasks for level 1: field controllers
- Execute hands-on tasks for remote terminal unit (rtu) — covering Central SCADA server for monitoring.
- Execute hands-on tasks for interfaces with hmi displays — covering Field-deployed data acquisition.
| Module 01 | Incident Handling |
| Module 02 | Course Overview |
| Module 03 | Core Knowledge Areas |
| Module 04 | Incident Handling Skills |
| Module 05 | SCADA Architecture Overview |
| Module 06 | Level 4: Enterprise Network |
| Module 07 | Level 3: Site Operations |
| Module 08 | Historian, Engineering Workstations |
| Module 09 | Level 2: Control System |
| Module 10 | Level 1: Field Controllers |
| Module 11 | Remote Terminal Unit (RTU) |
| Module 12 | Interfaces with HMI displays |
| Module 13 | Human Machine Interface (HMI) |
| Module 14 | Modbus Protocol Security |
All hands-on labs run on Rocheston Rose X OS. Students practice scada security incident handling by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for incident handling
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for core knowledge areas
- Lab 4: Execute hands-on tasks for incident handling skills
- Lab 5: Explain SCADA Architecture Overview fundamentals
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for SCADA security Incident Handling, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI