Limes Academy / Industrial Security Training / ICS.211 Technical OT Security

ICS.211 Industrial Security Advanced: Technical OT Security

Technicians and engineers in particular are increasingly required in industrial operations to make or prepare the right decisions concerning appropriate technical security measures and security technologies. This requires deeper security knowledge and a good understanding – be it of threats, current attack campaigns or the use of technical protection measures.

The training is particularly recommended for

System integrators, plant operators, planners and technicians, maintenance workers, production technicians, plant IT managers, future plant managers and production managers, employees who are responsible for the procurement, planning or operation of OT assets, IT employees with responsibility for OT assets, etc.

The training in a nutshell

  • Advanced training for OT Security with a technical focus
  • Duration: 3 days
  • Course language: German or English
  • Requirements: ICS.201 OT Security Foundation Training recommended, own notebook necessary
  • Completion with certification
  • Public and in-house training possible

Content of training

The participants can expect the following content for the selected training:

Day 1

  • Introduction
    • Procurement of a secure system
    • IEC 62443 risk analysis
  • ICS/OT protocols
    • Overview Wired and Wireless Protocols
    • Industrial Protocol Details
      • Profinet and Profibus
      • Modbus
      • IEC 60870-5-104
      • IEC 61850
      • IEC 62351
      • OPC and OPC UA
      • Hart and Wireless Hart
      • Bacnet
      • DNP3
      • CANbus
      • EtherNet/IP
      • S7comm
      • MQTT
    • Wireless Protocol Details
      • Bluetooth
      • Wifi
      • Cellular network
      • ZigBee
      • SATCOM
      • LoRa (Long Range) and LoRaWAN
    • Securing industrial protocols
    • Wireshark

Day 2

  • Network-based attacks
    • Denial of service attacks
    • Sniffing
    • Man in the middle attacks
    • SMB relay
    • Incident handling introduction
  • Advanced OT Network Security
    •  Network segmentation
      • Separation of IT and OT
      • Introducing a DMZ
      • Introducing zones with PERA (Purdue Enterprise Reference Architecture)
      • Implementing micro-segmentation
      • Pitfalls and benefits
    • ICS Firewall
      • Policies
      • Recommendations
      • ICS specific firewall topics
    • Honeypots
      • Examples for honeypots in OT
      • ICS honeypots and scanning
    • Concluding exercise

Day 3

  • Applying security measures in OT
    • Overview of security requirements and implementation
    • User Management
    • Credential Management
    • Host Hardening
    • System Monitoring and Network Detection
    • Remote Access
    • Backup and Recovery
    • IEC 62443 certification
  • Lockpicking Challenge and Q&A

After the training the participants should …

  • further consolidate and deepen existing knowledge in IT and OT security.
  • know how to technically implement security measures in the OT operation.
  • have a basic understanding of OT transmission technologies and protocols.
  • understand different network protection measures in the OT through the Purdue model.
  • know the procedure for partitioning and zoning of an architecture according to IEC 62443 including the security levels.
  • have gained insight into the use of honeypot systems against attackers.
  • understand the relationship between physical security and OT Security.


With certification


Training and exam to become a

Certified OT Security Technical Expert (COSTE) TÜV®

Without certification

€ 1.935,-

Training to become a

Certified OT Security Technical Expert (COSTE) TÜV®

Certification only 

€ 615,-

Exam to become a

Certified OT Security Technical Expert (COSTE) TÜV®

Dates and registration