Sunday, September 3, 2017

Simple ICS Lab - Intro

My background is in traditional IT. I'm familiar with many aspects of the business side of systems and infrastructure. What I have not had much experience with is the Operational Technology (OT) side of things. In order to learn more about OT and Industrial Control Systems (ICS) I thought it would be good to setup a simple home lab. This is the first post about my home ICS lab which will be followed by additional posts detailing how I built and initially used the lab.

Over the past couple of years I have been fortunate to attend SANS ICS410: ICS/SCADA Security Essentials and ICS515: ICS Active Defense and Incident Response. These two training courses have improved my understanding of ICS immensely. Both courses included labs focused on using specific software and technology related to ICS including:

You might be asking, "Why didn't you just reuse the materials from the training courses?" A few of the reasons are below.

  • Start from nothing to see how one might go about bringing up a PLC, programming it, and interfacing with an HMI.
  • Additional opportunity to program process logic using various IEC 61131-3 standard languages.
  • Use software and tools with no limitations - time limits, input/output limits, etc.
  • Create a process to build an ICS lab at very low cost that I can share with others who may not be able to attend a specific training course. (Try to eliminate barriers to entry so that as many people that want are able to learn about ICS.)


When looking to create a simple home ICS lab I had a few requirements in mind:

  • Low complexity - 1 VM, 1 Raspberry Pi 3, handful of electronic components
  • Ability to generate Modbus TCP traffic that can be captured
  • Use open source or free software - no time limits, etc.

Eventually these initial requirements may expand to include more capabilities. Additional ICS protocols may be added later such as Distributed Network Protocol (DNP3). Also, the Raspberry Pi 3 only has digital input and output. A future version of the lab might incorporate different hardware like the Arduino to gain analog input and output capabilities. However, as a beginning, a single VM with one Raspberry Pi 3 allows the focus to remain on low complexity.

Hardware and Software

Setting up the lab requires some specific hardware and software. I used a laptop to host a Lubuntu VM. The Lubuntu VM is used to program the process logic using PLCopen Editor. The VM will also function as the HMI by running ScadaBR. Next up is a Raspberry Pi 3, or RPi. The RPi will have a base load of Raspbian Stretch Lite along with an installation of OpenPLC. This combination allows the RPi to function as the PLC of the ICS lab. The remaining items needed to build the ICS lab are electronic components to create a connection to the physical world. A limited set and type of components are used to keep complexity low. Below is a list of items needed for the lab, a mix of hardware and software:

  • Host computer running VirtualBox
  • Lubuntu 16.04.3
  • Raspberry Pi 3 + MicroSD
  • Raspbian Stretch Lite
  • Etcher
  • Notepad++
  • PLCopen Editor
  • OpenPLC
  • ScadaBR
  • Breadboard
  • Jumper Wires
  • LEDs
  • Resistors
  • Switches
  • Wireless Network
  • Internet Access

Next Steps

As mentioned in the beginning of this post there will be follow-on posts about the lab creation. The future posts are going to be done in a how-to style. This will give me a reference if I ever need to revisit building the lab in the future. Anyone else who is interested should be able to replicate what I've done too. Here is the draft list of posts:

Once that is all done other activities can be performed to learn more about ICS. With a project in place it will be possible to capture Modbus TCP traffic and analyze it, or try spoofing and modifying data with the system running.


Here are some links with information on the electronic components that will be used. None of them are too complicated but it may be a good review for anyone who has not worked with them before.

Light-Emitting Diodes (LEDs)

* No soldering required!