From Deployment to Daily Defense: Safeguard IACS Cybersecurity Operations
IACS Cybersecurity Operations & Maintenance (IC37) focuses on activities related to the ongoing operation and maintenance of IACS cybersecurity implemented during the Design & Implementation phase. This course trains engineers and operations teams to maintain and improve the security of industrial automation and control systems (IACS) after deployment, supporting long-term resilience and compliance with the ISA/IEC 62443 framework. It covers daily operational skills such as network diagnostics and troubleshooting; real-time intrusion detection, incident response and forensic investigation; and maintaining system integrity through hardening, patching, vulnerability management, backups, recovery and controlled change management. Based on the 62443 lifecycle approach, IC37 emphasizes aligning the system’s security posture with the organization’s security objectives.
For students, IC37 develops skills such as reading device logs, diagnosing network issues, managing patches and backups and supporting incident response and forensics. This enables successful graduates to confidently take on operational cybersecurity roles. For companies, IC37 enhances resilience, reduces downtime and safety risks by establishing repeatable practices for maintenance, change management, audit readiness and incident handling. These practices support ISA/IEC 62443 compliance and provide stronger, long-term protection for critical systems.
Prerequisite
Successful completion of Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32) and passing the ISA/IEC 62443 Cybersecurity Fundamentals Specialist certificate exam are mandatory prerequisites for this course.
Who Should Attend IC37?
- Control systems engineers and managers
- System integrators
- IT engineers and managers in industrial facilities
- Plant managers
- Plant safety and risk management personnel
View Offerings by Format
Classroom (IC37)Length: 3 days |
Virtual Classroom (IC37V)Length: 3 days |
Self-Paced Modular Course (IC37M)Length: 5 Modules |
Visit our course formats page for a detailed description of each format.
Learning Objectives
- Perform basic network diagnostics and troubleshooting
- Interpret the results of IACS device diagnostic alarms and event logs
- Implement IACS backup and restoration procedures
- Describe the IACS patch management lifecycle and procedure
- Apply an antivirus management procedure
- Define the basics of:
- application control and whitelisting tools
- network and host intrusion detection
- security incident and event monitoring tools
- Implement an:
- incident response plan
- IACS management of change procedure
- Conduct a basic ISCS cybersecurity audit
Topics Covered
- Introduction to the ICS Cybersecurity Lifecycle
- Identification & Assessment phase
- Design & Implementation phase
- Operations & Maintenance phase
- Network Diagnostics and Troubleshooting
- Interpreting device alarms and event logs
- Early indicators
- Network intrusion detection systems
- Network management tools
- Security Monitoring & Detection
- Interpreting OS and application alarms and event logs
- Early indicators
- Application management and whitelisting tools
- Antivirus and endpoint protection tools
- Security incident and event monitoring (SIEM) tools
- Security Management & Maintenance
- Develop and follow an IACS:
- Management of change (MoC) procedure
- Backup procedure
- Patch management procedure
- Antivirus management procedure
- Cybersecurity audit procedure
- IACS configuration management tools
- Patch management tools
- Antivirus and whitelisting tools
- Auditing tools
- IACS incident response and recovery
- Develop and follow an IACS incident response plan
- Incident investigation
- System recovery
- Develop and follow an IACS:
Classroom/Laboratory Exercises
Classroom formats only
- Build the board
- Allowlisting
- Patch management
- Snort intrusion detection system
- Monitoring
- Troubleshooting
- Incident recovery
- SIEM
Modular formats only
- Network diagnostics and troubleshooting
- Intrusion detection alarm
- Event monitoring
- Configuration management
- Patch management
- Anti-virus management
- Whitelisting
- Vulnerability scanning tools
- Incident response
- Backup and recovery
Recommended Resources
- ANSI/ISA-62443-2-1-2024, Security for Industrial Automation and Control Systems – Part 2-1: Security Program Requirements for IACS Asset Owners (Standard)
- ANSI/ISA-62443-3‑2-2020, Security for Industrial Automation and Control Systems – Part 3‑2: Security Risk Assessment for System Design (Standard)
- ANSI/ISA-62443-3-3 (99.03.03)-2013, Security for Industrial Automation and Control Systems – Part 3-3: System Security Requirements and Security Levels (Standard)
- ISA-62443-1-1-2007, Security for Industrial Automation and Control Systems – Part 1-1: Terminology, Concepts and Models (Standard)
- Automation Network Selection: A Reference Manual, Third Edition, by Dick Caro
- Industrial Automation and Control System Security Principles: Protecting the Critical Infrastructure, Second Edition, by Ronald L. Krutz
- Industrial Cybersecurity Case Studies and Best Practices by Steve Mustard
- Industrial Data Communications, Fifth Edition, by Lawrence (Larry) M. Thompson | Tim Shaw
- Industrial Ethernet, Third Edition, by John S. Rinaldi | Perry S. Marshall
- Industrial Network Security, Second Edition, by David J. Teumim
- Mission Critical Operations Primer by Steve Mustard
- Security PHA Review for Consequence-Based Cybersecurity by Edward M. Marszal | Jim McGlone