Building an ICS Firing Range (in our kitchen): sharing our journey & lessons learned (so you don’t have to)

Abstract

Aiming to improve our own expertise in ICS security, we went to build our own ICS firing range for internal and external trainings, and hacking demos. It covers multiple technical aspects about IT infrastructure, PLC configuration and programming, ICS protocols and specific methodologies for red and blue teaming. Beginning with a bridge operation scenario we planned our approach on implementing the ICS Firing Range addressing all levels of the Purdue Model, from enterprise to physical processes. We were faced with a variety of practical challenges and challenges specific to the ICS context and prototyping: we learned how to implement ladder logic, how CAD modelling works, how to print 3D models with a 3D printer and how to combine all ICS and bridge components into a single, confined and mobile lab environment. Lastly, we designed a series of kill chains for our firing range that we use for trainings on a variety of professions such as digital forensics and incident response.