Title :
Incident analysis & digital forensics in SCADA and industrial control systems
Author :
Spyridopoulos, Theodoros ; Tryfonas, Theo ; May, John
Author_Institution :
Cryptography Group, Univ. of Bristol, Bristol, UK
Abstract :
SCADA and industrial control systems have been traditionally isolated in physically protected environments. However, developments such as standardisation of data exchange protocols and increased use of IP, emerging wireless sensor networks and machine-to-machine communication mean that in the near future related threat vectors will require consideration too outside the scope of traditional SCADA security and incident response. In the light of the significance of SCADA for the resilience of critical infrastructures and the related targeted incidents against them (e.g. the development of stuxnet), cyber security and digital forensics emerge as priority areas. In this paper we focus on the latter, exploring the current capability of SCADA operators to analyse security incidents and develop situational awareness based on a robust digital evidence perspective. We look at the logging capabilities of a typical SCADA architecture and the analytical techniques and investigative tools that may help develop forensic readiness to the level of the current threat environment requirements. We also provide recommendations for data capture and retention.
Keywords :
IP networks; SCADA systems; control engineering computing; digital forensics; industrial control; production engineering computing; wireless sensor networks; IP networks; SCADA architecture; SCADA security; critical infrastructures; data capture; data retention; digital evidence; digital forensics; incident analysis; incident response; industrial control systems; machine-to-machine communication; situational awareness;
Conference_Titel :
System Safety Conference incorporating the Cyber Security Conference 2013, 8th IET International
Conference_Location :
Cardiff
Electronic_ISBN :
978-1-84919-778-6
DOI :
10.1049/cp.2013.1720
