CS3STHLM 2019-2020

This page contains information which is not active and is tied to past events.

ICS & IOT Secuity Lab

The Security Lab

The Security Lab is, of course, returning to the CS3STHLM summit of 2019. We plan to add even more ICS and ICS communication equipment to the lab, and we working on extending the IoT security part further.

Similar to one of the previous year, we plan to record and release the traffic in the ICS lab network.

We encourage both newcomers as well as experts to connect to the environment to play with the available equipment. Newcomers will have help to get started by having some examples that they can test and learn from. More experienced users will be able to poke harder at the systems.

Rules of Engagement

We have drafted a document that describes the "rules of engagement" for the using the lab. The rules should make it easier for everyone to understand what is OK and what is not OK to do in the lab environment. It all boils down to being a "good neighbour" that does not interfere, destroy or make trouble for others.

The rules of engagement is also a way to show to the general public that we bring this equipment to the conference for two purposes: one is to give people access to equipment that they normally cannot put their hands on and to allow them to learn about them. The second purpose, is that if we find flaws or problems with the equipment, we will hand them over to KraftCERT that is on site, that in turn with coordinate disclosure with vendors. This is described in the document.

We will have equipment from


(multiple) siemens (s7 1200/1500/300/400), ABB AC800, ABB PM581, (multiple) Allen-Bradley Micrologix 1100, Allen-Bradley Micrologix 1400, Easy Tech Nanjing, Beckhoff


(multiple) Fortinet, Hirschman EAGLE 20, Hirschman, Seecomea, mGuard, RuggedCom

Ethernet I/O

Siemens, Digi, Moxa

Networking Monitoring

Dragos Cyberlens

Security Devices

PwnPlug, Wifi Pinapple, Arlo Network Camera

Industry Switches

Cisco, Moxa (multiple), Westermo (multiple), Siemens (multiple), Ruggedcom (multiple), GarretCom (multiple), Sierra Wireless ES450

Networking Taps

(multiple) Garland TAPs




AutomationDirect, Phoenix contact, SEL, Red Lion, Barix Barionet 100, Advantech ADAM 5500, industrial PC's

IoT Equipment

To this, we have all the IoT related stuff, which is everything from raspberry PI's and IoT developmend boards via Philip Hue's/LIFX, lots of WiFi equipment and SOHO routers. More stuff will be added as we go along.

Location at Conference

This years ICS and IoT security lab will be installed in the GeekLounge part of Nalen. That is in the basement, in the room called Stacken (the stack).

Security Lab Crew

This year there is a much larger team involved in setting up, running the lab, or have special tasks involving the lab during the conference. The team members include Lars-Erik Smevold of KraftCERT (NO) who will be in charge of the lab, Robert Malmgren (SE) of ROMAB, Erik Hjelmvik (SE) of NETRESEC and Mikael Vingaard (DK). We would also like to thank the Norwegian National Security Authority and KraftCERT for providing new interesting equipment to the ICS Lab.

Preparing the ICS Security Lab 2017