Welcome to CypSec Group
We specialize in advanced defense and intelligent monitoring to protect your digital assets and operations.
Turning the county into a giant cyber playground.
Mansfeld-Südharz, Germany - November 11, 2025
The idea started with a map and a roll of red adhesive tape. We taped the map to the wall of Hall 14, drew a 32-kilometre circle around the old Buna chimney, and declared everything inside it a test zone: chemical pipelines, 5G campus nets, district heating sensors, even the street-light gateway that talks LoRa to the county traffic centre. Nothing inside the circle is simulation; everything is live, patched, insured and—crucially—reversible. This is the Living Lab covenant: any company, university or bored teenager with a plausible security hypothesis may run code against production atoms, provided she accepts the fail-stop rule: if the watchdog pulse misses two beats, the relay trips and the plant falls back to manual within 200 milliseconds. The covenant turns the entire county into an unending CTF, but one where the flags are pressure valves, smart-meter registers and cooling-tower fans instead of bytes on a scoreboard.
The physical anchor is the Bitterfeld Edge Node, a shipping-container data centre parked on a former rail siding, cooled by groundwater and powered by the same 17 MW biomass plant that keeps the streetlights on during blackouts. Inside are eight racks of ARM-based edge servers, a small FPGA farm for post-quantum handshake fuzzing, and a vintage Siemens S7-417—the same PLC family that runs the nearby potassium hydroxide evaporators—mounted on a vibration-isolated sled so attackers can hammer it without shutting down the real plant. A layer-2 stretch back to the county SOC gives every participant the same glass pane the analysts use, but write operations are sandboxed inside a Kubernetes namespace that re-images itself every four hours, wiping malware, rootkits and regrettable kernel modules before they can crawl sideways into the municipal VLAN. The result is a paradoxical space: production traffic, production latency, but throw-away state. You can brick the PLC, yet the evaporator never notices because the physical output wires are routed through a galvanically isolated shadow relay that only commits if the digital twin converges.
Entry is deliberately lightweight. A three-page form asks for a threat model, a rollback plan and a proof that the experiment cannot be run in a pure virtual lab; the ethics board—three engineers, one county civil servant, one union representative—meets every second Tuesday and approves or rejects within ten working days. There is no fee for the first 200 compute hours; after that the meter starts at 0.08 € per vCPU hour, cheaper than AWS Graviton and sovereign by default. Participants keep every intellectual property they create, but must push telemetry—including anonymised packet captures and IOC hashes—into the Alliance’s STIX repository under a Creative Commons licence, ensuring that the next experiment starts on the shoulders of the previous one. The first cohort, closing 31 January 2026, has room for eighteen pilots; as of today twelve slots are already claimed by a mixture of Polish sensor makers, Czech university red-teams and one Norwegian startup testing quantum-safe firmware updates over NB-IoT.
The most coveted sandbox is the Chemical Process Loop, a 300-metre stainless pipe bridge that once carried brine to the chlor-alkali cells and now circulates dyed water through variable-frequency drives, smart valves and three different fieldbus standards. Participants can introduce packet delay, corrupt Modbus registers or spoof HART commands while the loop’s SCADA historian records every pressure twitch and temperature wobble. Because the fluid is inert, operators can safely explore the dreaded “what happens if both the primary and the backup sensor lie” scenario that textbooks describe but no plant manager will allow on real chemicals. Last month a team from TU Delft demonstrated a self-healing control algorithm that detects sensor drift by correlating vibration patterns with pump-current harmonics; the algorithm will be released under LGPL once the 96-hour stress test is complete, giving every small chemical plant in Europe a free defence against the next Stuxnet-like replay.
"The county learned that resilience is the speed at which you dance back from the edge; the Living Lab is simply the dance floor."
Outside the fence, the living lab leaks into everyday life. Street cabinets that house traffic controllers have been retrofitted with Intel NUC gateways that mirror the same edge image running in the container park, so researchers can test side-channel attacks against TPMs while commuters wait at the red light. The local newspaper runs a weekly “cyber weather” column that lists which intersections are running experimental firmware; residents have learned to treat unexpected green phases as a sign that somewhere a graduate student just earned her doctorate. The social contract is explicit: the county provides the canvas, the scientists provide the paint, and the citizens get both the transparency and the economic spill-over—every euro spent on compute is matched by a euro spent on local accommodation, catering and the kind of hardware-store receipts that keep family businesses alive.
Scale-out is limited only by imagination and coolant. A second container is already on order, powered by the same biomass stream but fitted with immersion tubs for GPU clusters that will test AI-driven anomaly detection on OPC-UA traffic. The long-term vision is a necklace of edge nodes every seven kilometres along the A9 autobahn corridor, each node replicating the Bitterfeld template but specialising in a different vertical: automotive CAN-bus in the north, agricultural ISOBUS in the south, and rail ETCS in the middle. By 2028 the necklace should form a sovereign test highway where a startup can ride one exit, run its experiment, and exit again without ever leaving German jurisdiction or the EU’s GDPR gravity well. The European Commission has tagged the concept as a candidate for the upcoming Cyber-Shield programme, meaning that capex for nodes three through nine could be 60 % grant-funded, provided the telemetry continues to flow into the shared repository that started life in Hall 14.
Applications for the second cohort open on 1 March 2026; the only hard requirement is a credible rollback story. If your experiment can kill a pump, you must also show how you will resurrect it before the shift change. Everything else—root access, packet captures, even the occasional mushroom cloud of coloured steam—is negotiable. The county learned long ago that resilience is not the absence of failure but the speed at which you can dance back from the edge. The Living Lab is simply the dance floor, sprung wood, good lighting and a safety net made of red adhesive tape.
The Cyber Resilience Alliance is a public-private partnership established 2025, led by CypSec, Validato and the County of Mansfeld-Südharz. The Alliance operates a sovereign private-cloud security stack, a shared SOC and an cyber academy, aiming to make Mansfeld-Südharz the reference site for rural cyber resilience by 2030.
Media Contact: Daria Fediay, Chief Executive Officer at CypSec - daria.fediay@cypsec.de.
We specialize in advanced defense and intelligent monitoring to protect your digital assets and operations.
