Incident Analysis & Digital Forensics in SCADA and Industrial Control Systems

Theodoros Spyridopoulos, Theo Tryfonas, John H R May

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

14 Citations (Scopus)
334 Downloads (Pure)

Abstract

SCADA and industrial control systems have been traditionally isolated in physically protected environments. However, developments such as standardisation of data exchange protocols and increased use of IP, emerging wireless sensor networks and machine-to-machine communication mean that in the near future related threat vectors will require consideration too outside the scope of traditional SCADA security and incident response. In the light of the significance of SCADA for the resilience of critical infrastructures and the related targeted incidents against them (e.g. the development of stuxnet), cyber security and digital forensics emerge as priority areas. In this paper we focus on the latter, exploring the current capability of SCADA operators to analyse security incidents and develop situational awareness based on a robust digital evidence perspective. We look at the logging capabilities of a typical SCADA architecture and the analytical techniques and investigative tools that may help develop forensic readiness to the level of the current threat environment requirements. We also provide recommendations for data capture and retention.
Original languageEnglish
Title of host publicationSystem Safety Conference incorporating the Cyber Security Conference 2013, 8th IET International
PublisherInstitution of Engineering and Technology (IET)
Pages1-6
Number of pages6
DOIs
Publication statusPublished - Oct 2013
EventSystem Safety Conference incorporating the Cyber Security Conference 2013, 8th IET International - Cardiff, United Kingdom
Duration: 15 Oct 201317 Oct 2013

Conference

ConferenceSystem Safety Conference incorporating the Cyber Security Conference 2013, 8th IET International
CountryUnited Kingdom
CityCardiff
Period15/10/1317/10/13

Keywords

  • SCADA systems
  • Digital Forensics
  • Industrial Control Systems
  • Digital Evidence
  • Incident Analysis
  • Situational Awareness

Fingerprint Dive into the research topics of 'Incident Analysis & Digital Forensics in SCADA and Industrial Control Systems'. Together they form a unique fingerprint.

  • Cite this

    Spyridopoulos, T., Tryfonas, T., & May, J. H. R. (2013). Incident Analysis & Digital Forensics in SCADA and Industrial Control Systems. In System Safety Conference incorporating the Cyber Security Conference 2013, 8th IET International (pp. 1-6). Institution of Engineering and Technology (IET). https://doi.org/10.1049/cp.2013.1720