Abstract
SCADA and industrial control systems have been traditionally isolated in physically protected environments. However, developments such as standardisation of data exchange protocols and increased use of IP, emerging wireless sensor networks and machine-to-machine communication mean that in the near future related threat vectors will require consideration too outside the scope of traditional SCADA security and incident response. In the light of the significance of SCADA for the resilience of critical infrastructures and the related targeted incidents against them (e.g. the development of stuxnet), cyber security and digital forensics emerge as priority areas. In this paper we focus on the latter, exploring the current capability of SCADA operators to analyse security incidents and develop situational awareness based on a robust digital evidence perspective. We look at the logging capabilities of a typical SCADA architecture and the analytical techniques and investigative tools that may help develop forensic readiness to the level of the current threat environment requirements. We also provide recommendations for data capture and retention.
Original language | English |
---|---|
Title of host publication | System Safety Conference incorporating the Cyber Security Conference 2013, 8th IET International |
Publisher | Institution of Engineering and Technology (IET) |
Pages | 1-6 |
Number of pages | 6 |
DOIs | |
Publication status | Published - Oct 2013 |
Event | System Safety Conference incorporating the Cyber Security Conference 2013, 8th IET International - Cardiff, United Kingdom Duration: 15 Oct 2013 → 17 Oct 2013 |
Conference
Conference | System Safety Conference incorporating the Cyber Security Conference 2013, 8th IET International |
---|---|
Country/Territory | United Kingdom |
City | Cardiff |
Period | 15/10/13 → 17/10/13 |
Keywords
- SCADA systems
- Digital Forensics
- Industrial Control Systems
- Digital Evidence
- Incident Analysis
- Situational Awareness