nl en

Industrial Control Systems & Critical Infrastructures


Admission requirements

Admission only after intake, see website of the Cyber Security Academy
Elective in master’s programme Cyber Security


The course is aimed at cyber security specialists interested in the governance and technical aspects of securing industrial control systems (ICSs) controlling physical systems (SCADA, ICS and IoT) and critical infrastructures.

Course objectives

Participants are able to:

  • describe and discuss the stakeholders of and complexities in critical infrastructures.

  • explain main cyber security concepts in ICS networks

  • explain and analyse the cyber security architectures of critical infrastructures, design choices and pitfalls, as well as common cyber security policies within these domains.

  • understand and explore the cyber risk associated with ICS control of physical systems and critical infrastructures; understand specific threats, threat vectors, vulnerabilities and risk in control systems.

  • enumerate and discuss common preventative and repressive measures to mitigate the cyber risk to acceptable levels in processes provided and controlled by multiple organisations.

  • assess control systems and select security controls.


Five Fridays from 9.30 until 17.00, either in April/May or in June/July, to be scheduled dependent on preferences of participants.

Mode of instruction

Lectures, seminars, exercises, class discussion, site visit
Lecturers: Prof.dr. Jan van den Berg, ir. Eric Luiijf (independent consultant, former TNO), dr. Marieke Klaver (TNO) and others

Course Load

4 EC

Assessment method

Assignments (60%), written exam (40%).

No compensation is possible for assignments of 30% or more. Only assessments with a weight under 30% are compensable. This means that one does not have to pass an assessment if it weighs less than 30% in order to pass the course, if the average of all assessments combined is at least a 5.5. In addition, assignments with less than 30% are not re-sitable, meaning that if one failed an assessment of less than 30%, one is not allowed to redo it.


Yes, for posting slides of lectures, relevant literature and assignments.

Reading list

Compulsory literature and literature for further consultation will be announced via Blackboard.


No registration is required for lectures and exams.


Prof.dr. Jan van den Berg Drs. Mireille Snels, programme manager


For more information see the website of the Cyber Security Academy