OT Cybersecurity Fundamentals

Course Description & Learning Outcomes

Learning Objectives:

• Understand OT and ICS architecture and key components

• Identify current OT threat actors, attack vectors, and real-world consequences

• Distinguish IT and OT security principles and core differences

• Recognise OT defence strategies and key security standards including IEC 62443 and NIST SP 800-82

• Observe live OT operations and a simulated cyber attack on the iTrust digital twin

• Map real attack scenarios to the MITRE ATT&CK for ICS framework

• Apply basic risk assessment and incident response thinking to OT environments

Course Outline:

Welcome and Opening

• Registration and participant welcome

• TNS and iTrust introduction

Module 1: Introduction to OT and ICS

• What is OT? SCADA, DCS, PLC, RTU — key components explained

• The Purdue Model and OT network architecture

• Critical infrastructure sectors: water, energy, transport, manufacturing

• IT vs OT: core differences in availability, safety, and lifecycle

• Why OT cybersecurity matters — real-world incidents (Stuxnet, Colonial Pipeline, Oldsmar)

Module 2: OT Threat Landscape and Attack Vectors

• Threat actors: nation-states, cybercriminals, insiders, hacktivists

• Common OT attack vectors: spear-phishing, supply chain, remote access abuse

• MITRE ATT&CK for ICS framework overview

• Consequences unique to OT: physical damage, safety failures, operational disruption

Morning Break

Module 3: OT in Action: Digital Twin Introduction and Live Demo

• Introduction to the iTrust digital twin environment

• Overview of the water treatment process: what normal operations look like and why disruption matters

• Instructor-led live demonstration: normal OT operations vs. simulated cyber attack

• Participants observe HMI behaviour, sensor readings, and network anomalies

• Wireshark PCAP walkthrough: network traffic before and during the attack

• Discussion: what an operator would notice and what would go unseen

Lunch Break

Module 4: OT Security Principles and Defence Strategies

• Defence-in-depth for OT environments

• Network segmentation, DMZ, and air-gapping

• Asset inventory, patch management, and secure remote access

• OT-specific security controls vs. IT controls

• Introduction to IEC 62443 and NIST SP 800-82

Module 5: How OT Attacks Work: Concepts and Awareness

• Overview of the MITRE ATT&CK for ICS framework and how it is used in practice

• Key attack stages: initial access, discovery, lateral movement, and impact on physical processes

• Instructor launches attack scenarios on the digital twin: participants observe and analyse

• Groups map each observed attack step to the corresponding MITRE ATT&CK for ICS tactic

• Discussion: which stages were detectable, which were not, and what controls would help

Afternoon Break

Module 6: OT Risk Assessment and Incident Response

• OT risk assessment methodology: asset → threat → vulnerability → consequence

• Incident response in OT: unique challenges and priorities (safety first)

• Key elements of an OT incident response plan

• Communication between OT engineers, IT security, and management during an incident

Module 7: Case Study, Q&A and Wrap-up

• Group discussion: lessons from a real-world OT incident (Singapore context)

• Participant reflections: how does this apply to my organisation?

• Key takeaways, recommended resources, and further learning paths