ISSP successfully completes ICS Laboratory project

The ICS Laboratory training program on industrial control systems cybersecurity for critical infrastructure operators (CIOs) in Ukraine has completed its first training cycle.

ICS/SCADA industrial systems are the foundation of energy, transportation, and other critical sectors. Their protection is a matter of national security, especially amid growing cyber threats. However, Ukrainian specialists lacked specialized knowledge and practical skills in operational technology (OT) protection. ISSP's ICS Laboratory is one of three such laboratories in Ukraine, aimed at developing and building such skills.

A total of 97 unique participants successfully completed the full course. Among them were representatives from 53 companies and organizations, including Energoatom, Ukrenergo, Naftogaz, Ukrzaliznytsia, Gas Transmission System Operator of Ukraine, and the State Service of Special Communications and Information Protection of Ukraine.

The program included 6 theoretical modules totaling 48 hours and 7 practical workshops – 126 hours of hands-on practice. For participants, 31 hours of video materials and over 1,400 slides and additional training materials were created.

The practical component involved working with actual equipment from seven international vendors: Tetrade, Crypto FoxIT, CISCO, SSH, Microsoft, Ericsson, ABB, Cynalytica, SEL, and Fortinet.

Participants mastered the following key skills: ICS network protection using the Purdue Model, working with industrial protocols (Modbus, DNP3, OPC), configuring firewalls and VPNs for OT environments, risk and incident management in industrial systems, digital forensics for operational technologies, and implementing international security standards (IEC 62443, NIST SP 800-82, ISO 31000).

Separate modules were dedicated to data diodes, intrusion detection systems, software-defined networking (SDN) in ICS, industrial network monitoring, and 5G device integration into critical infrastructure.

For many companies, participation in the program became the starting point for building an operational technology protection system. This is particularly relevant for enterprises that are just establishing specialized information security units.

"We just created an information security unit within the automation department. We had experience with production systems, but information security was a new challenge. We were looking for knowledge, courses, experts, and when we were invited to ICS Laboratory – this was exactly what we needed. We had both the need and the desire to learn," – Mykola Leshchenko, project participant.

Participants particularly value modules that provide not only theoretical knowledge but also practical tools for daily work. Certain topics opened completely new directions for teams that will become critically important in the near future.

"The risk management modules were especially useful for me. I'm responsible for this area in the company, and now I have not just formal duties, but real tools for work. Digital forensics was a completely new topic for us. We understood that this is the future, and we must lay the foundation today so as not to fall behind tomorrow," – Ihor Hlavatskyi, participant of the ICS Laboratory.

Energy sector representatives emphasize the complexity of threats facing industrial systems and the importance of a systematic approach to their protection. The program helped structure knowledge and define priorities.

"All attacks on operational technologies are complex. There are no amateur attempts here. To protect a system, you need years of experience working with protocols and processes. ICS Laboratory helped us understand where to start and what to focus on," – Andriy Vynyarskyi, participant of the project.

Importantly, the knowledge didn't remain "on paper." Many companies are already using the obtained materials for internal staff training and building their own security systems.

"We're already sharing this knowledge with colleagues. This wasn't just a course that ended – it's a foundation for developing our internal security system," – adds Mykola Leshchenko.

As part of the project, a demonstration testbed was also created that replicates real industrial processes and allows modeling scenarios for critical infrastructure. The testbed integrates key operational technology components with modern network solutions and cybersecurity components. Developed with the participation of experts in automation, technological monitoring, and hybrid cyber-kinetic threats, it provides a practical training environment adapted to the needs of the energy sector and other critical infrastructure industries.

ISSP plans to launch a new laboratory that will become a comprehensive hub for developing competencies, innovation, and resilience in OT/ICS cybersecurity. The program will include advanced courses and certifications, a research testing ground for solution validation, a platform for startups, advisory support for regulators in cybersecurity policy formation, as well as expertise in incident investigation and digital forensics for OT/IoT environments.

We thank all participants and partners for their trust and cooperation in strengthening Ukraine's critical infrastructure cyber defense.

The ICS laboratory was established at the ISSP Training Center with support from US Cybersecurity Activity in Ukraine.

#ICSLaboratory #CyberResilience #SEL #IndustrialSecurity #UkraineCyberDefense #OTsecurity #ICS #ResilientInfrastructure #ISSP