Training Scenarios
Industrial Control Systems
Dive into real-world ICS challenges with hands-on training scenarios designed to teach critical cybersecurity skills. Each scenario ransomware on a power grid, SSH attack on a vulnerable Linux server, and a sensitive data breach helps players understand, analyze, and defend against threats in industrial environments.
To download and print the ICS training scenarios for in-person use, click the ICS Scenarios button bellow. Each scenario includes setup instructions, objectives, and learning outcomes to bring your training sessions to life.
Enhance your gameplay and training with dynamic Attack and Defense Diagrams for each scenario. These visuals break down how real-world cyberattacks unfold step-by-step using the Cyber Kill Chain, and show how each card plays a role in building or blocking an attack. Click the Attacker button to download the Attack Chain Diagram, showing how threats escalate. Click the Defender button to download the Defense Diagram, highlighting how to detect, respond, and recover at each phase.
These diagrams are perfect for quick reference during gameplay, in-class training, or strategy planning.
Ransomware
An industrial plant's control systems, including SCADA (Supervisory Control and Data Acquisition) and PLC (Programmable Logic Controller), are targeted in a ransomware attack. The attacker exploits a vulnerability in the remote access system to infiltrate the plant’s network and deploy ransomware. The attacker encrypts critical files related to production, halting operations and demanding a ransom to decrypt them. The defender must respond quickly to prevent a shutdown of operations and safeguard industrial equipment.
SSH Attack
A Linux server with an exposed SSH service is vulnerable to a brute-force attack due to weak credentials, poor security configurations, and lack of proper monitoring. The attacker uses a series of tools to exploit these vulnerabilities, while the defender implements multi-layered security measures to prevent, detect, and respond to the attack.
Data Breach
A data breach occurs within an industrial control system (ICS) network, where sensitive industrial data, such as operational schematics, production schedules, and security protocols, is exfiltrated by an attacker. The attacker uses the breached data for malicious purposes, such as sabotage, espionage, or to orchestrate further attacks. The defender must detect and contain the breach, mitigate the damage to operations, and secure sensitive data to prevent future exploitation.