Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32)

Master ISA/IEC 62443 Principles for Resilient IACS Defenses

Using the ISA/IEC 62443 Standards to Secure Your Industrial Control Systems (IC32) introduces the fundamentals of IACS cybersecurity through the ISA/IEC 62443 framework. This course explains how SCADA and plant-floor security priorities differ from traditional IT, and shows how wider adoption of Ethernet, TCP/IP and web technologies increases exposure to corporate-style cyber threats. Real-world case studies illustrate procedural and technical concepts, highlight roles across the automation lifecycle and present approaches to reducing cyber risk in operational technology environments.

IC32 provides an IACS cybersecurity training grounded in ISA/IEC 62443. Students gain structured knowledge of the 62443 series, practical familiarity with security levels, zone-and-conduit models, industrial protocols and patch management and improved confidence in communicating security requirements across engineering, operations and security teams. Employers benefit from a more security-aware workforce, tighter alignment between OT and security practices and clearer paths to applying standards-based approaches within existing programs. IC32 is suitable for engineers, operators, managers and automation professionals seeking practical skills for defending and planning industrial networks.

---

IC32 is first course in the ISA/IEC 62443 Cybersecurity Certificate Program. The course registration includes the exam fee. Pass the exam to earn the ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate. 
 

---

Who Should Attend IC32?

• Control systems engineers and managers
• System integrators
• IT engineers and managers in industrial facilities
• Plant managers
• Plant safety and risk management personnel

---

View Offerings by Format

Classroom (IC32) Length: 2 days  CEU Credits: 1.4 View IC32 Offerings

Virtual Classroom (IC32V) Length: 2 days  CEU Credits: 1.4 View IC32V Offerings

Instructor-Guided Online (IC32E) Length: 8 weeks  CEU Credits: 2.1 View IC32E Offerings

Self-Paced Modular (IC32M) Length: 15 sections* (25-65 minutes each) CEU Credits: 2.0 View IC32M Offering

*IC32M is not “modularized.” It is one scrolling, continuous course with the same 15 sections as the other formats.

Visit our course formats page for a detailed description of each format. 
 

---

Learning Objectives

• Describe the importance of security control systems.
• Describe the structure and content of the ISA/IEC 62443 series of documents.
• Explain the importance of awareness as an effective countermeasure.
• Define the principles behind creating an effective long-term security program.
• Discuss the basics of risk analysis, industrial networking and network security.
• Discuss the concepts that form the basis for the ISA/IEC 62443 standards (defense-in-depth and zones and conduits).
• Describe how to apply key risk mitigation techniques such as anti-virus, patch management and firewalls.
• Explain how secure software development strategies make systems inherently more secure.
• Describe how to validate or verify the security of systems.
• Describe how security profiles for ISA/IEC 62443 can be utilized.

---

Topics Covered

• Introduction to control systems security
• Awareness
• ISA/IEC 62443 series
• ISA/IEC 62443 models and security levels
• Introduction to IACS lifecycle
• Security program requirements for IACS asset owners
• Evolving security standards, practices and regulations
• Network security basics
• Industrial protocols
• Introduction to patch management
• Introduction to security risk assessment for system design
• Security program requirements for IACS service providers
• Developing secure products and systems
• Security profiles for ISA/IEC 62443
• IACS security protection scheme

---

Exercises

• Packet Capture (PCAP) Live Capture Analysis Demonstration
• Power Grid Cyberattack Case Study Activities 

---

Recommended Resources

• ANSI/ISA-62443-2-1-2024, Security for Industrial Automation and Control Systems – Part 2-1: Security Program Requirements for IACS Asset Owners ​(Standard)
• ANSI/ISA-62443-3‑2-2020, Security for Industrial Automation and Control Systems – Part 3‑2: Security Risk Assessment for System Design ​(Standard)
• ANSI/ISA-62443-3-3 (99.03.03)-2013, Security for Industrial Automation and Control Systems – Part 3-3: System Security Requirements and Security Levels ​(Standard)
• ISA-62443-1-1-2007, Security for Industrial Automation and Control Systems – Part 1-1: Terminology, Concepts and Models (Standard)
• Automation Network Selection: A Reference Manual, Third Edition, by Dick Caro
• Industrial Automation and Control System Security Principles: Protecting the Critical Infrastructure, Second Edition, by Ronald L. Krutz
• Industrial Cybersecurity Case Studies and Best Practices by Steve Mustard
• Industrial Data Communications, Fifth Edition, by Lawrence (Larry) M. Thompson | Tim Shaw  
• Industrial Ethernet, Third Edition, by John S. Rinaldi | Perry S. Marshall
• Industrial Network Security, Second Edition, by David J. Teumim
• Mission Critical Operations Primer by Steve Mustard
• Security PHA Review for Consequence-Based Cybersecurity by Edward M. Marszal | Jim McGlone

---

Recommended Prerequisites

There are no required prerequisites for taking this course; however, it is highly recommended that applicants meet one of the three recommended requirements to be successful in this course.

• A minimum of one to three years of experience in the cybersecurity field and some experience in an industrial setting
• Successful completion of ISA courses:
  • IT and OT Survival Basics for I&C Personnel (TS06)
  • IT and OT Advanced Skills for I&C Personnel (TS12)
• Knowledge and/or experience equivalent to that of the previous bullets is strongly recommended