Critical Infrastructure Cyber Security (SCADA)


This course currently has no scheduled dates. To express interest in this course or to discuss bespoke options for yourself or your organisation, please submit an expression of interest or contact the Professional Education Team on +61 2 5114 5573 or


5 days

Delivery mode




Standard price


Defence price


  • Accelerate your career, learn new skills, and expand your knowledge.

  • First in Australia for research excellence and impact.

  • Top 50 in the world. 2020 QS World University Rankings.


This is a technical course, designed to use simulation tools and equipment to replicate the potential threats against Critical Infrastructure Services (CIS) utilising real-life Supervisory Control and Data Acquisition (SCADA) models. The course provides hands-on experience with the complexity of modern information technology equipment and the components in control systems and legacy systems, the threat environment and attackers’ capabilities as well as techniques for securing these systems.

Course content

Day 1: Critical Infrastructure (CI)

This session starts with a comprehensive overview of critical infrastructure sectors. Students will gain an understanding of the current threat landscape and be provided with real-world examples of cyber attacks to study and analyse.


CI in the Economy, Phishing, SQL Injection, Cross-Site Scripting, Malware Attacks, DoS, DDoS.

Day 2: Control Systems

This session covers the history of control systems, where they are found and how they work. We’ll also look at the hardware used in these systems and give an overview of the types of common configurations.


Control system implementations, Industrialised hardware, Open-loop Control, Closed-loop Control.

Day 3: Components of an Industrial Control System (ICS)

This session starts with an overview of ICS Hardware. We’ll look at Unintelligent Field Devices, Intelligence Electronic Devices and Distributed Control Systems. Students will become familiar with the roles and limitations of various components.


Limit Switches, Sensors, Robotics, Programmable Logic Controller (PLC), Supervisory Control and Data Acquisition (SCADA), IP Addresses, Binary Coded Decimal, Pulse Width Modulation.

Day 4: Cyber Security Fundamentals

This session provides an overview of cyber threats and attacks. The various stages of cyber attacks will be covered, along with common ICS security vulnerabilities. Students will gain an understanding of cyber security in an Industrial Control System setting.


Threat Actors and Agents, Threat targets, Attack Vectors, Asymmetric Warfare, Cyber Resiliency.

Day 5: Protection of CI and ICS Forensics

This session consists of a Red team vs Blue team exercise utilising actual industrial control equipment and the cyber range. Students will gain experience attacking and defending physical real-world type infrastructure scale models that includes traffic management, water supply and electrical supply systems.


Red teaming, Blue teaming, Cyber physical systems, Cyber offence, Cyber defence, SCADA.

Critical Infrastructure Control System Security – Course outline PDF.

Learning outcomes

Skills/competencies/knowledge that would be gained through this course:
  • understand and evaluate the vulnerabilities of Critical Infrastructure
  • understand the principles behind the industrial hardware and software of control systems that are used in the operation of Critical Infrastructure
  • examine technical specifics about the vulnerabilities of critical infrastructure service delivery with an emphasis of those services dependent on control systems reliability and recoverability
  • develop and implement comprehensive mitigation strategies as well as effective administrative and technical risk management plans to protect and secure process control systems.

Who should attend

This course is useful for IT and Engineering graduates in the Cyber Security profession who are managing or securing Industrial Control Systems or those in intermediate Security roles within Defence and utility security managing SCADA and other Industrial Control Systems on all types of platforms.

Note: Students should have a basic understanding of Cyber Security gained in the workplace or through the Cyber Security Boot Camp or SANS SEC401 or similar. Knowledge of basic networking principles such as OSI/Internet stack and TCP/IP will also be helpful.

Cancellation policy

Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.