Overview
This course introduces the fundamentals of Operational Technology (OT) and Industrial Control System (ICS) cybersecurity. Participants will gain a working knowledge of OT/ICS architecture and components, current threat actors and attack vectors, and the key differences between IT and OT security principles. The program covers core defence strategies and standards, including IEC 62443 and NIST SP 800-82. Through live demonstrations on the iTrust digital twin, learners will observe OT operations and simulated cyber attacks, map scenarios to the MITRE ATT&CK for ICS framework, and apply basic risk assessment and incident response concepts to OT environments.
=================
Three North Stars Pte. Ltd. (TNS) is a premier Singapore-based cybersecurity, Artificial Intelligence (AI), and deep tech innovation partner operating under the signature promise, "We deliver, no matter what". Specializing in the protection of critical Operational Technology (OT), Industrial Control Systems (ICS), and Cyber-Physical Systems (CPS), TNS plays a vital role in safeguarding Critical Information Infrastructure (CII) and critical infrastructure providers from highly disruptive cyber-physical threats. TNS delivers robust, end-to-end security services including Managed Detection and Response (MDR/SOC), proactive threat hunting, incident response, and advanced penetration testing and red teaming. Leveraging its deep technical roots in AI and game theory dating back to the 1990s, the firm also designs sophisticated computer vision solutions tailored for the Defence and Security sectors, alongside providing high-end security testing for automotive, hardware, and satellite systems.
As part of its commitment to ecosystem enablement, TNS collaborates closely with SGInnovate to deliver advanced technical workshops on proactive defense frameworks. This includes pioneering sessions on Continuous Threat Exposure Management (CTEM), such as a joint workshop with Claroty that provided hands-on training for securing OT/ICS environments through context-aware asset visibility and real-time anomaly detection. Additionally, TNS has conducted interactive sessions with XM Cyber, guiding cybersecurity professionals through hybrid attack path analysis and risk prioritization to neutralize critical operational "choke points" across their network infrastructure.
=================
The Singapore University of Technology and Design’s (SUTD) iTrust research center is globally recognized for its advanced critical infrastructure Cybersecurity capabilities, notably serving as a key partner and technical contributor to NATO's prestigious "Locked Shields" international cyber defense exercise.
Powered by world-class physical Operational Technology (OT) labs, including SWaT (Secure Water Treatment), WaDi (Water Distribution), and EPIC (Electric Power Intelligent Control), iTrust offers high-fidelity cyber-physical environments that are virtually absent from generic training programs run by mainstream commercial vendors.
Crucially, the "OT Cybersecurity Fundamentals" masterclass serves as the mandatory foundation to prepare participants for upcoming, highly specialized OT Red Teaming and Blue Teaming courses.
These subsequent, advanced courses which are rarely available through other high-profile training providers, will require participants to actively engage in offensive and defensive exercises within a real, live physical OT environment setup, making the baseline fundamentals course an essential prerequisite for operational readiness.
=================
Course Description & Learning Outcomes
Learning Objectives:
Understand OT and ICS architecture and key components
Identify current OT threat actors, attack vectors, and real-world consequences
Distinguish IT and OT security principles and core differences
Recognise OT defence strategies and key security standards including IEC 62443 and NIST SP 800-82
Observe live OT operations and a simulated cyber attack on the iTrust digital twin
Map real attack scenarios to the MITRE ATT&CK for ICS framework
Apply basic risk assessment and incident response thinking to OT environments
Course Outline:
Welcome and Opening
Registration and participant welcome
TNS and iTrust introduction
Module 1: Introduction to OT and ICS
What is OT? SCADA, DCS, PLC, RTU — key components explained
The Purdue Model and OT network architecture
Critical infrastructure sectors: water, energy, transport, manufacturing
IT vs OT: core differences in availability, safety, and lifecycle
Why OT cybersecurity matters — real-world incidents (Stuxnet, Colonial Pipeline, Oldsmar)
Module 2: OT Threat Landscape and Attack Vectors
Threat actors: nation-states, cybercriminals, insiders, hacktivists
Common OT attack vectors: spear-phishing, supply chain, remote access abuse
MITRE ATT&CK for ICS framework overview
Consequences unique to OT: physical damage, safety failures, operational disruption
Morning Break
Module 3: OT in Action: Digital Twin Introduction and Live Demo
Introduction to the iTrust digital twin environment
Overview of the water treatment process: what normal operations look like and why disruption matters
Instructor-led live demonstration: normal OT operations vs. simulated cyber attack
Participants observe HMI behaviour, sensor readings, and network anomalies
Wireshark PCAP walkthrough: network traffic before and during the attack
Discussion: what an operator would notice and what would go unseen
Lunch Break
Module 4: OT Security Principles and Defence Strategies
Defence-in-depth for OT environments
Network segmentation, DMZ, and air-gapping
Asset inventory, patch management, and secure remote access
OT-specific security controls vs. IT controls
Introduction to IEC 62443 and NIST SP 800-82
Module 5: How OT Attacks Work: Concepts and Awareness
Overview of the MITRE ATT&CK for ICS framework and how it is used in practice
Key attack stages: initial access, discovery, lateral movement, and impact on physical processes
Instructor launches attack scenarios on the digital twin: participants observe and analyse
Groups map each observed attack step to the corresponding MITRE ATT&CK for ICS tactic
Discussion: which stages were detectable, which were not, and what controls would help
Afternoon Break
Module 6: OT Risk Assessment and Incident Response
OT risk assessment methodology: asset → threat → vulnerability → consequence
Incident response in OT: unique challenges and priorities (safety first)
Key elements of an OT incident response plan
Communication between OT engineers, IT security, and management during an incident
Module 7: Case Study, Q&A and Wrap-up
Group discussion: lessons from a real-world OT incident (Singapore context)
Participant reflections: how does this apply to my organisation?
Key takeaways, recommended resources, and further learning paths
Recommended Prerequisites
Basic Cybersecurity
Schedule
Date: 16 Jul 2026, Thursday
Time: 9:00 AM - 5:00 PM (GMT +8:00) Kuala Lumpur, Singapore
Location: 32 Carpenter Street, 059911
Agenda
| Day/Time | Agenda Activity/Description |
|---|---|
| 16 July 2026 / 9am to 5pm | OT Cybersecurity Fundamentals: 1-Day Course |
Pricing
Course fees: $1,500
Skills Covered
PROFICIENCY LEVEL GUIDE
Beginner: Introduce the subject matter without the need to have any prerequisites.
Proficient: Requires learners to have prior knowledge of the subject.
Expert: Involves advanced and more complex understanding of the subject.
- Cybersecurity (Proficiency level: Beginner)
Speakers
Trainer's Profile:
Aanand R, Cyber Security Technology Engineer, Professional Training Lead, iTrust SUTD
Aanand received his Masters in Security by Design (MSSD) from the Singapore University of Technology and Design (SUTD) in 2022. Being a mid-career switcher, he is relatively new to cyber security, having spent significant years in the finance sector previously. His career switch to cyber security came from an innate interest in technology, which he rediscovered in between jobs during the pandemic. His enthusiasm, perseverance, and efforts were recognised, and he was awarded the IMDA Future Communications Research and Development Programme Scholarship Award in 2022.
Trainer's Profile:
Dr. Gauthama Raman, Senior Research Fellow, iTrust SUTD
Dr Gauthama Raman M R joined iTrust in November 2018, bringing along a doctoral degree acquired from SASTRA University, India. Currently, he holds the position of a postdoctoral researcher under the guidance of Prof Aditya P Mathur. Driven by a keen interest in machine learning, data analytics, and applied OT cyber security, he is dedicated to applying iTrust technologies in industrial settings. His primary focus is effectively bridging the gap between iTrust’s advancements and the requirements of industrial environments.
Instructor's Profile:
Richard Wen, CEO, Three North Stars Pte. Ltd.
Richard with Atlas team are information security specialists with 10 to 30 years of experience in the field; hands-on practitioners that have worked at nation-state level and in various industries such as defense and intelligence, banking and financial services, government, energy, utilities, telecom, manufacturing, automotive, shipping, and e commerce; advising organisations on how to better structure their security and processes. Atlas Team members hold CISSP, CCSP, CCSK, ITIL, CISSP-ISSMP and CISSP-ISSAP, OSCP Labs, EC-Council CEH, EC-SA, etc., and previously and currently instructors on the practical Cybersecurity and various certifications; has conducted over the last few years reviews for organizations on critical infrastructure according to CSA’s Cybersecurity frameworks and has helped companies align to NIST standards.
Partners
