Virtual Trainings offered by the U.S. Department of Energy’s Better Plants program are the online version of the multi-day workshops known as In-Plant Trainings (INPLTs). As with in-person Trainings, the VTs will help attendees identify energy conservation opportunities, quantify savings from those opportunities, and implement projects to realize the cost savings.
These training workshops enhance the attendees’ understanding of working principles, knowledge of best practices, and capability of analyzing the energy performance of industrial energy systems. As of now, DOE has hosted 31 virtual trainings with more than 2,200 participants and over $11M energy savings opportunities have been identified.
The Better Plants program will deliver a VT on Manufacturing Cybersecurity (MC) from April 17 to May 8, 2025. The MCS VT is comprised of (4) 2-hour online training sessions (1.5-hours formal training and optional 0.5-hour Q&A) that will be delivered every Thursday 10:00AM–12:00PM ET for four (4) consecutive weeks.
The four-week virtual training will cover essential cybersecurity strategies for manufacturing, starting with an overview of industry-specific threats like ransomware, phishing, and IT/OT vulnerabilities. Participants will walk through a real-world cyber intrusion scenario, learning how attackers exploit weaknesses and how to mitigate risks. The training also focuses on best practices for securing OT and IT systems, including zero-trust security, strong authentication, and incident response planning. Finally, attendees will explore key cybersecurity resources, including NIST frameworks, IEC 62443 standards, and tools like Nessus and Shodan.io, to strengthen their organization’s cyber defenses.
Participating in the VT is free and open to all the Better Plants program partners. At the completion of the VT, Professional Development Hours (PDHs) Certificates will be prepared for the attendees on demand basis.
April 17 to May 8, 2025; Every Thursday 10:00AM–12:00PM ET (1.5-hour training + 0.5-hour Q&A)
Week 1 – Cybersecurity and Manufacturing – Overview, Challenges, and Trends; April 17, 2025 (Thursday)
The session introduces cybersecurity in manufacturing, highlighting its role in national security and industry challenges like digital transformation and expertise shortages. It covers key threats such as phishing, ransomware, and IT/OT vulnerabilities, along with AI’s impact on cybersecurity. Participants will explore resilience strategies, perimeter defenses like CyManII’s P.U.R.E. framework, and supply chain security. Hands-on activities will reinforce threat analysis and mitigation strategies.
Week 2 – Inside a Cyber Intrusion – End-to-end Workflow Example (Vulnerabilities, Risk, Exploitation); April 24, 2025 (Thursday)
The lesson explores the end-to-end workflow of a cyber intrusion in manufacturing, from vulnerabilities to exploitation. Participants will develop a threat profile for a small-to-medium manufacturer, map attack patterns using MITRE ATT&CK and CWEs, and examine insider threats and ICS vulnerabilities. A hands-on scenario will guide them through a scenario involving a compromised manufacturing entity, identifying key failures that led to a compromise. The exercise reinforces the importance of proactive security measures and risk mitigation strategies.
Week 3 – Cybersecurity Best Practices in Manufacturing OT and IT; May 1, 2025 (Thursday)
The lesson covers essential cybersecurity best practices for manufacturing OT and IT, emphasizing strong password hygiene, least user privilege, and defense-in-depth strategies to protect critical assets. It introduces zero-trust security, ensuring that no entity is trusted by default, and highlights the importance of regular patching and update management to mitigate vulnerabilities. Participants will also explore incident response planning, addressing the unique challenges faced in OT environments. Participants will analyze cybersecurity vulnerabilities and apply best practices by assessing password security, implementing zero-trust principles, and exploring defense-in-depth strategies in a simulated environment.
Week 4 – Resources for Manufacturing Cybersecurity; May 8, 2025 (Thursday)
The lesson introduces key manufacturing cybersecurity resources, including standards like IEC 62443 and NIST 800, along with frameworks such as NIST CSF and CMMC. Participants will explore training programs, cybersecurity tools like Nessus and Shodan.io, and practical defense strategies. As an activity, they will analyze simulated cyberattacks in OTSim to identify vulnerabilities and apply security measures.
Rima Asmar Awad, PhD.
Dr. Rima Asmar Awad is a Cyber Security Software Engineer at Oak Ridge National Laboratory (ORNL) and an ACM member. At ORNL, she has contributed to cutting-edge cybersecurity R&D projects, starting with research on malware analysis and detection before expanding to cyber-physical systems. She focuses on enhancing SCADA device forensics and securing industrial control systems and critical infrastructure. Committed to strengthening cybersecurity in critical sectors, Rima mentors grad students and supports cybersecurity outreach initiatives. She has helped develop and teach hands-on workshops exposing students to threats in operational technology and digital forensics. Rima holds a B.S. in Computer Information Systems from Saint Leo University, an M.S. in Computer Engineering from Polytechnic University of Puerto Rico, and a Ph.D. in Computer Science from Tennessee Technological University. Her research interests include cybersecurity, malware analysis, and cyber-physical system security.
Jen Sims
Jen Sims is a cybersecurity professional at Oak Ridge National Laboratory, specializing in securing cyber-physical systems, manufacturing, and critical infrastructure. She bridges academia and industry through hands-on workshops, research, and mentorship. Jen leads cybersecurity workshops for students, exposing them to threats in operational technology (OT) and industrial control systems (ICS). She also mentors high school interns in cybersecurity research at a national lab. Beyond student engagement, Jen advises high schools on cybersecurity curricula and supports community college capstone projects. Her research explores cyber threats in manufacturing, IIoT, and power grids. Passionate about interactive learning, she helps develop cybersecurity escape rooms to teach attack and defense strategies. Jen is dedicated to fostering diversity, raising awareness, and strengthening national security.
