Forensic Readiness for SCADA/ICS Incident Response

Peter Eden, Andrew Blyth, Pete Burnap, Yulia Cherdantseva, Kevin Jones, Hugh Soulsby, Kristan Stoddart

Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion CynhadleddCyfraniad i gynhadleddadolygiad gan gymheiriaid

Crynodeb

The actions carried out following any cyber-attack are vital in limiting damage, regaining control and determining the cause and those responsible. Within SCADA and ICS environments there is certainly no exception. Critical National Infrastructure (CNI) relies heavily on SCADA systems to monitor and control critical processes. Many of these systems span huge geographical areas and contain thousands of individual devices, across an array of asset types. When an incident occurs, those assets contain forensic artefacts, which can be thought of as any data that provides explanation to the current state of the SCADA system.
Knowing what devices exist within the network and the tools and methods to retrieve data from them are some of the biggest challenges for incident response within CNI. This paper aims to identify those assets and their forensic value whilst providing the tools needed to perform data acquisition in a forensically sound
manner. It will also discuss the key stages in which the incident response process can be managed.
Iaith wreiddiolSaesneg
TeitlProceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016
Man cyhoeddiSwindon, UK
CyhoeddwrBCS Learning Development Ltd.
Tudalennau1-9
Nifer y tudalennau9
ISBN (Argraffiad)978-1-78017-3573
Dynodwyr Gwrthrych Digidol (DOIs)
StatwsCyhoeddwyd - Awst 2016
Digwyddiad4th International Symposium for ICS & SCADA Cyber Security Research 2016 - Queen's University Belfast , Belfast, Y Deyrnas Unedig
Hyd: 23 Awst 201625 Awst 2016
Rhif y gynhadledd: 4th

Cyfres gyhoeddiadau

EnwICS-CSR '16
CyhoeddwrBCS Learning Development Ltd.

Cynhadledd

Cynhadledd4th International Symposium for ICS & SCADA Cyber Security Research 2016
Teitl crynoICS-CSR 2016
Gwlad/TiriogaethY Deyrnas Unedig
DinasBelfast
Cyfnod23/08/1625/08/16

Ôl bys

Gweld gwybodaeth am bynciau ymchwil 'Forensic Readiness for SCADA/ICS Incident Response'. Gyda’i gilydd, maen nhw’n ffurfio ôl bys unigryw.

Dyfynnu hyn