Skip to Main Content U.S. Department of Energy
EIOC at PNNL

Online Control Systems Training

Training Essential for Protecting the Nation's Critical Infrastructure

The control system environment has unique challenges to applying traditional cyber security protection methods to its systems and networks. At the same time, control systems are at the heart of our critical infrastructures, which must be rigorously protected. The Pacific Northwest National Laboratory has developed two novel and engaging web-based e-Learning applications to help control system employees address the security challenges they face and to help raise employee awareness.

Both courses are accessed by hundreds of people around the globe each month, including people from the United Kingdom, France, and Germany, from numerous companies, including Areva, British Energy, Dairyland Power, and Exxon, to name a few. Government (including nuclear, homeland security, and military), water treatment, transportation, public health, and agriculture are just a few of the industries represented by people who have taken the training.

Both courses were developed using PNNL's Pachelbel© training technology for the Control Systems Security Program established by the U.S. Department of Homeland Security National Cyber Security Division.

Cyber Security for Control Systems Operators & Engineers

A screenshot from Cyber Security for Control Systems Operators & Engineers.
Cyber Security for Control Systems Operators & Engineers.
Click for a larger image.

Debuted at SANS SCADA Security Summit, Las Vegas, Nevada, September 2006.

This innovative, self-paced course enables control systems employees to immediately reduce the risk of cyber attacks against systems. It recognizes the control system environment's challenges in applying traditional cyber security techniques and provides realistic solutions and suggestions. Course lessons include Threats & Risks to Control Systems, The Cyber Attack Process, and Risk Mitigation. Knowledge gained is reinforced through interactive exercises, real-life examples, and lesson summaries.

The course takes 45-60 minutes for students to complete. It can be customized to meet individual organizations' particular needs and can provide unique, secure access and tracking of an organization's staff members. We are currently creating a customized course for a large global private company.

This course has been approved for North American Electric Reliabilty Corporation (NERC) continuing education credits.

A screenshot of an OPSEC for Control Systems interactive exercise.
Experience the interaction.

OPSEC for Control Systems

Debuted at the SANS SCADA Security Summit, New Orleans, LA, January 2008.

The most important component of operations security is people. Up-to-date virus definitions and state-of-the-art firewalls are virtually worthless if employees are providing information they shouldn't to those without a need to know or are not using due diligence in protecting assets. This course introduces control systems employees to the basic concepts of operations security (OPSEC) and applies these concepts to the control system environment.

Course lessons let learners check (and deepen) their understanding of the concepts with interactive exercises in which they explore different environments to discover problems. They even have the opportunity to play the “bad guy” and try to disrupt a competitor’s manufacturing process. Lessons are also reinforced with animations that illustrate key concepts and lesson summaries to refresh learners' memory.

The course takes 45-60 minutes for students to complete. Like the Cyber Security course, OPSEC for Control Systems can be customized to meet individual organizations' particular needs and can provide unique, secure access and tracking of staff memebers. It has been approved for NERC continuing education credits.

OPSEC for Control Systems won the 2007 Interagency OPSEC Support Staff (IOSS) National Award for Multimedia Achievement.

Possible Uses for This Interactive Training Approach

In addition to providing complete courses, this approach can be used in numerous other ways. The following are a few of the possibilities:

  • Pre-training – Prerequisite or baseline training can be provided to ensure all students come to the instructor with a similar level of knowledge. Validation of this understanding can be done with interactive exercises.
  • Supplementary training – Students can engage in interactive exercises with multiple outcomes during instructor-led training to generate discussion or after the classroom training to deepen understanding.
  • Virtual field trips – Renderings of equipment and buildings allow students to examine systems and facilities that are not accessible in the classroom environment.
  • Post-training – Once instructor-led training is complete, students can revisit information to refresh their memory or deepen and cement their understanding.

Benefits of Using This Interactive Training Approach

In addition to providing engaging, memorable training, this approach offers numerous benefits, including:

  • Consistent information – In a classroom environment, different instructors may emphasize different portions of the same material. Online training ensures that everyone receives the same information consistently.
  • Reduced overall cost – Travel costs for both the students and the instructors are eliminated. This also contributes to reduced instructor burnout.
  • Students set the pace – A student who needs to spend extra time understanding a concept is free to do so without slowing down the rest of the class. Similarly, students who grasp a concept quickly can move on to the next concept or lesson.
  • Unique experiences – Something that would otherwise prove dangerous, expensive, or difficult in a classroom can be simulated or shown online, such as hacking into a chemical plant (as is done in the Cyber Security for Control Systems Engineers and Operators training) or exploring a nuclear facility in another country.

Publications

Morgan MP and LR O'Neil. 2007. Presentation to the Control Systems Security Outreach Coordination Meeting, Arlington, VA, July 24, 2007. PNNL-SA-56299.

Greitzer, F.L. 2005. "Ingredients of effective and engaging online learning (or, Musings of a cognitive/e-Learning evangelist)." (pdf) Keynote address, InterLab 2005. Richland, WA. December 13-16, 2005.

More Information

CSSP Training - Contact Doug Rice.

OPSEC Security Interactive Exercise

Cyber Security for Control Systems Movie

Instructor-led training developed by PNNL and INL

Cognitive Informatics - PNNL's Cognitive Informatics Thrust Area includes two broad areas of research and development: Human-System Integration and Human Learning and Skill Development.

 

 

 

About the EIOC

Collaborations

Resources

Contacts

Additional Information

Research Areas

Deploying Technologies

Highlights

Website Contact