Inside Industrial Defences: A Real-World OT Cyber Security Course

Step into the world where technology meets critical infrastructure. Inside Industrial Defences is a cutting-edge Blended Intensive Programme (BIP) jointly coordinated by NHL Stenden University of Applied Sciences, Howest University of Applied Sciences, and the Polytechnic University of Leiria.

This unique international experience bridges theory and practice, guiding participants through the complex landscape of Operational Technology (OT) cybersecurity. Learn how to protect the industrial systems that power modern life; from energy and manufacturing to water and transportation networks.

Through a dynamic mix of online preparation and an immersive face-to-face week in Emmen, the Netherlands, participants will explore real-world OT environments, work directly with industrial equipment, and collaborate with experts from both academia and industry. By the end of the course, you’ll have gained not only technical insights but also practical skills to strengthen the cyber resilience of today’s most vital systems.

Inside Industrial Defences: A Real-World OT Cyber Security Course” is a BIP jointly coordinated by NHL Stenden University of Applied Sciences (NHL Stenden), the Howest University of Applied Sciences (HOWEST), and the Polytechnic University of Leiria.

Industrial Control Systems (ICS) form the backbone of modern society, powering the automation that drives our critical infrastructure. This BIP offers a practical, research-informed introduction to Operational Technology (OT) cyber security, exploring the systems, challenges, and best practices essential to protecting industrial environments. During the face-to-face component of the course, hosted in Emmen, participants will apply the theoretical knowledge gained during the online phase to real-world industrial scenarios. Through hands-on workshops on real OT equipment, case studies, and collaboration with industry experts, students will develop actionable strategies and guidelines for strengthening the resilience of industrial systems against emerging cyber threats.

Date:

2nd of February 2026 to 27th of March 2026

Language of instruction:

English

3 ECTS credits
Academic recognition:

3 EC

Eligible participants:

The program is open to Bachelor’s, Master’s, and PhD students, as well as university staff with an interest in Operational Technology (OT) or Industrial Cybersecurity. Participants should have a foundational understanding of information technology, engineering, or related disciplines. The program corresponds to EQF levels 6-8, making it suitable for individuals pursuing or holding advanced academic qualifications who wish to deepen their knowledge and practical skills in this specialized field.

How to apply:

Login to apply for this product.

Deadline for applications: 17th of December 2025

Programme at a glance

Session 1 - Getting Started (online)
04 Feb 2026 :
16:00 - 18:30 CET
Meet lecturers and peers while exploring ICS/SCADA, OT components, key standards, and lessons from real incidents.
Session 2 - Introduction to Industrial Cyber Security (online)
11 Feb 2026 :
16:00 - 18:30 CET
Understand IT vs OT security, common protocols, and typical OT threats.
Session 3 - ICS Vulnerabilities and Risk Assessment (online)
18 Feb 2026 :
16:00 - 18:30 CET
Identifying vulnerabilities in legacy systems and modern automation networks. Risk assessment methodologies for OT environments.
Session 4 -Defensive Architecture and Network Segmentation (online)
25 Feb 2026 :
16:00 - 18:30 CET
Designing secure architectures using the Purdue Model. Implementing IT/OT DMZs, firewalls, IDS/IPS, and anomaly detection.
Session 5 - Incident Response and System Recovery (online)
04 Mar 2026 :
16:00 - 18:30 CET
Developing incident response playbooks for ICS environments.
Patch management, backup strategies, and disaster recovery in OT.
Session 6 - Ethics, Safety, and Legal Frameworks (online)
11 Mar 2026 :
16:00 - 18:30 CET
The intersection of safety and security in industrial contexts.
Ethical responsibilities and responsible disclosure practices.
Understanding EU NIS2 Directive and compliance obligations.
Session 7 - Digital Forensics and Research in OT Cyber Security (online)
18 Mar 2026 :
16:00 - 18:30 CET
Basics of digital forensics for industrial systems.
Analyzing real incident data and reconstructing attack paths.
F2F Week (in person)
23 Mar - 27 Mar 2026 :
NHL Stenden Emmen Netherlands
23 March 2026
Morning: Introduction to the assignment and overview of the week
Afternoon: Introduction to the physical PLC/OT testbed
Evening: Free time (getting to know each other)

24 March 2026
Morning: Hands‑on lab: Start with reconnaisance of the testbed, network mapping, Modbus/TCP analysis.
Afternoon: External stakeholder workshop

25 March 2026
Morning + Afternoon: Continued work with the testbed environment

26 March 2026
Morning: How to detect these attacks? Blue Teaming (monitoring, alerts, signatures, OT forensics)
Afternoon: Offensive/Defensive challenge. Attacking the testbed while performing live detection & containment
Evening: Group Dinner

27 March 2026
Morning: Consolidation of findings and preparation of final presentations
Afternoon: Final presentations, course evaluation and reflection session

Learning outcomes

By the end of this Erasmus+ Blended Intensive Programme, learners will be able to:

Students will acquire a foundational understanding of how industrial systems are structured and operated. They will learn about the key components (such as PLCs, RTUs, HMIs, and DCS), the role of SCADA in monitoring and control, and how IIoT integrates with OT environments. This knowledge enables them to analyse system architectures, identify operational requirements, and recognize the unique security challenges of these environments.

Students will be able to distinguish the contrasting priorities and requirements of Information Technology (IT) and Operational Technology (OT). They will learn how IT security traditionally emphasizes confidentiality, integrity, and availability (CIA), while OT security prioritizes availability, integrity, and confidentiality (AIC) to ensure continuous operations and safety. This understanding enables students to evaluate why standard IT security practices cannot be directly applied to OT environments without adaptation.

Students will learn to analyse and classify the main threats targeting industrial systems, including nation-state actors, ransomware campaigns, and insider threats. They will explore common vulnerabilities such as weak authentication, legacy protocols, and insufficient network segmentation, and evaluate how these can be exploited. By applying risk assessment methods, students will be able to determine the potential impact of such threats on safety, availability, and reliability in ICS/OT networks.

Students will develop practical skills in applying fundamental security assessment methods tailored to industrial systems. They will learn how to perform network scanning to identify active hosts and services, and conduct protocol analysis to evaluate ICS-specific communications such as Modbus or PROFINET. These techniques will enable them to detect potential weaknesses, misconfigurations, and anomalies within industrial environments.

Students will gain the ability to design and apply defensive strategies that strengthen the resilience of industrial environments. They will learn how to implement network segmentation using models such as Purdue, apply monitoring and intrusion detection tailored to ICS traffic, and manage patching while maintaining operational continuity. In addition, they will explore backup, disaster recovery, and incident response approaches to ensure system availability and safety in the face of cyber threats.

Students will explore how artificial intelligence (AI) and machine learning (ML) can enhance security and efficiency in operational technology environments. They will examine applications such as anomaly detection for identifying abnormal system behaviour, predictive maintenance to reduce downtime, and adaptive defence mechanisms that respond dynamically to emerging threats. This knowledge will enable them to critically assess both the opportunities and limitations of AI/ML in safeguarding industrial and maritime systems.

Students will understand the ethical, legal, and safety responsibilities associated with industrial and maritime cyber security. They will learn how to apply responsible disclosure practices, comply with regulations such as the EU NIS2 directive, and consider the safety implications of cyber incidents on critical infrastructure. By integrating ethical reflection with technical practice, students will be able to act responsibly and professionally when addressing vulnerabilities and incidents in OT environments.

Selection criteria

Applications will be reviewed according to eligibility, motivation and interest in the programme, submission order, and the goal of maintaining diverse participation across all RUN-EU member institutions.

Involved organisations and persons

Howest University of Applied Sciences

Partner Organisation
  • Johan Galle (Instructor)
  • Thijs Martens (Instructor)

NHL Stenden University of Applied Sciences

Lead Organisation, Host Organisation
  • Jeroen Pijpker (Instructor)
  • Remco Hassing (Lead Instructor)

Polytechnic University of Leiria

Partner Organisation
  • Leonel Santos (Instructor)
Product label: BIP-RWLDOTCS-01