ICS & IOT Secuity Lab

The Security Lab is, of course, returning to the CS3STHLM summit of 2018. We plan to add even more ICS and ICS communication equipment to the lab, and we working on extending the IoT security part further.

Similar to one of the previous year, we plan to record and release the traffic in the ICS lab network.

We encourage both newcomers as well as experts to connect to the environment to play with the available equipment. Newcomers will have help to get started by having some examples that they can test and learn from. More experienced users will be able to poke harder at the systems.

Rules of Engagement

We have drafted a document that describes the "rules of engagement" for the using the lab. The rules should make it easier for everyone to understand what is OK and what is not OK to do in the lab environment. It all boils down to being a "good neighbour" that does not interfere, destroy or make trouble for others.

The rules of engagement is also a way to show to the general public that we bring this equipment to the conference for two purposes: one is to give people access to equipment that they normally cannot put their hands on and to allow them to learn about them. The second purpose, is that if we find flaws or problems with the equipment, we will hand them over to KraftCERT that is on site, that in turn with coordinate disclosure with vendors. This is described in the document.

We will have equipment from

  • PLC

    (multiple) siemens (s7 1200/1500/300/400), ABB AC800, ABB PM581, (multiple) Allen-Bradley Micrologix 1100, Allen-Bradley Micrologix 1400, Easy Tech Nanjing, Beckhoff

  • Firewalls

    (multiple) Fortinet, Hirschman EAGLE 20, Hirschman, Seecomea, mGuard, RuggedCom

  • Ethernet I/O

    Siemens, Digi, Moxa

  • Networking Monitoring

    Dragos Cyberlens

  • Security Devices

    PwnPlug, Wifi Pinapple, Arlo Network Camera

  • Industry Switches

    Cisco, Moxa (multiple), Westermo (multiple), Siemens (multiple), Ruggedcom (multiple), GarretCom (multiple), Sierra Wireless ES450

  • Networking Taps

    (multiple) Garland TAPs

  • Routers

    Microtick

  • Other

    AutomationDirect, Phoenix contact, SEL, Red Lion, Barix Barionet 100, Advantech ADAM 5500, industrial PC's

IoT Equipment

To this, we have all the IoT related stuff, which is everythting from raspberry PI's and IoT developmend boards via Philip Hue's/LIFX, lots of WiFi equipment and SOHO routers. More stuff will be added as we go along.

Security Lab Crew

This year there is a much larger team involved in setting up, running the lab, or have special tasks involving the lab during the conference. The team members include Lars-Erik Smevold of KraftCERT (NO) who will be in charge of the lab, Nicklas Keijser (SE), who is an expert on SCADA/ICS development, Robert Malmgren (SE) of ROMAB, Erik Hjelmvik (SE) of NETRESEC and Mikael Vingaard (DK).

Location at Conference

This years ICS and IoT security lab will be installed in the GeekLounge part of Nalen. That is in the basement, in the room called Stacken (the stack).

Preparing the ICS Security Lab