A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure

Peter Eden; Andrew Blyth; Pete Burnap; Yulia Cherdantseva; Kevin Jones; Hugh Soulsby; Kristan Stoddart

doi:10.1007/978-3-319-33331-1_3

A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure

Peter Eden, Andrew Blyth, Pete Burnap, Yulia Cherdantseva, Kevin Jones, Hugh Soulsby, Kristan Stoddart

Faculty of Computing, Engineering and Science

Research output: Chapter in Book/Report/Conference proceeding › Other chapter contribution › peer-review

Abstract

SCADA systems are essential for the safe running of critical infrastructure but in recent years have increasingly become the target of advanced cyber-attacks through their convergence with public and corporate networks for easier monitoring and control. Cyber-events within critical infrastructure can have devastating consequences affecting human life, the environment and the economy. Therefore, it is vital that a forensic investigation takes place to provide remediation, understanding and to help in the design of more secure systems. This paper provides an overview of the SCADA forensic process, within critical infrastructure, and discusses the existing challenges of carrying out a SCADA forensic investigation. It also discusses ways in which the process may be improved together with a suggested SCADA incident response model. This paper is part of an ongoing research project that is working towards the creation of best practice guidelines for the forensic handling and incident response of SCADA systems.

Original language	English
Title of host publication	Critical Information Infrastructures Security
Subtitle of host publication	10th International Conference, CRITIS 2015, Berlin, Germany, October 5-7, 2015, Revised Selected Papers
Editors	Erich Rome, Marianthi Theocharidou, Stephen Wolthusen
Publisher	Springer
Pages	27-39
ISBN (Electronic)	978-3-319-33331-1
ISBN (Print)	978-3-319-33330-4
DOIs	https://doi.org/10.1007/978-3-319-33331-1_3
Publication status	Published - 18 May 2016

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	9578
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Keywords

SCADA
Critical infrastructure
Digital forensics
Incident response
Cyber security lifecycle
SCADA forensics

Access to Document

10.1007/978-3-319-33331-1_3Licence: CC BY-NC-ND

The 10th International Conference on Critical Information Infrastructures Security
Peter Eden (Speaker)
5 Oct 2015
Activity: Talk or presentation › Invited talk

Cite this

Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Soulsby, H., & Stoddart, K. (2016). A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure. In E. Rome, M. Theocharidou, & S. Wolthusen (Eds.), Critical Information Infrastructures Security: 10th International Conference, CRITIS 2015, Berlin, Germany, October 5-7, 2015, Revised Selected Papers (pp. 27-39). [Chapter 3] (Lecture Notes in Computer Science; Vol. 9578). Springer. https://doi.org/10.1007/978-3-319-33331-1_3

Eden, Peter ; Blyth, Andrew ; Burnap, Pete et al. / A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure. Critical Information Infrastructures Security: 10th International Conference, CRITIS 2015, Berlin, Germany, October 5-7, 2015, Revised Selected Papers. editor / Erich Rome ; Marianthi Theocharidou ; Stephen Wolthusen. Springer, 2016. pp. 27-39 (Lecture Notes in Computer Science).

@inbook{47f1573fdbd7463c9e42638b61b8f494,

title = "A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure",

abstract = "SCADA systems are essential for the safe running of critical infrastructure but in recent years have increasingly become the target of advanced cyber-attacks through their convergence with public and corporate networks for easier monitoring and control. Cyber-events within critical infrastructure can have devastating consequences affecting human life, the environment and the economy. Therefore, it is vital that a forensic investigation takes place to provide remediation, understanding and to help in the design of more secure systems. This paper provides an overview of the SCADA forensic process, within critical infrastructure, and discusses the existing challenges of carrying out a SCADA forensic investigation. It also discusses ways in which the process may be improved together with a suggested SCADA incident response model. This paper is part of an ongoing research project that is working towards the creation of best practice guidelines for the forensic handling and incident response of SCADA systems.",

keywords = "SCADA, Critical infrastructure , Digital forensics, Incident response, Cyber security lifecycle, SCADA forensics",

author = "Peter Eden and Andrew Blyth and Pete Burnap and Yulia Cherdantseva and Kevin Jones and Hugh Soulsby and Kristan Stoddart",

year = "2016",

month = may,

day = "18",

doi = "10.1007/978-3-319-33331-1_3",

language = "English",

isbn = "978-3-319-33330-4",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "27--39",

editor = "Erich Rome and Theocharidou, {Marianthi } and Stephen Wolthusen",

booktitle = "Critical Information Infrastructures Security",

address = "Germany",

}

Eden, P, Blyth, A, Burnap, P, Cherdantseva, Y, Jones, K, Soulsby, H & Stoddart, K 2016, A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure. in E Rome, M Theocharidou & S Wolthusen (eds), Critical Information Infrastructures Security: 10th International Conference, CRITIS 2015, Berlin, Germany, October 5-7, 2015, Revised Selected Papers., Chapter 3, Lecture Notes in Computer Science, vol. 9578, Springer, pp. 27-39. https://doi.org/10.1007/978-3-319-33331-1_3

A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure. / Eden, Peter; Blyth, Andrew; Burnap, Pete et al.

Critical Information Infrastructures Security: 10th International Conference, CRITIS 2015, Berlin, Germany, October 5-7, 2015, Revised Selected Papers. ed. / Erich Rome; Marianthi Theocharidou; Stephen Wolthusen. Springer, 2016. p. 27-39 Chapter 3 (Lecture Notes in Computer Science; Vol. 9578).

Research output: Chapter in Book/Report/Conference proceeding › Other chapter contribution › peer-review

TY - CHAP

T1 - A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure

AU - Eden, Peter

AU - Blyth, Andrew

AU - Burnap, Pete

AU - Cherdantseva, Yulia

AU - Jones, Kevin

AU - Soulsby, Hugh

AU - Stoddart, Kristan

PY - 2016/5/18

Y1 - 2016/5/18

N2 - SCADA systems are essential for the safe running of critical infrastructure but in recent years have increasingly become the target of advanced cyber-attacks through their convergence with public and corporate networks for easier monitoring and control. Cyber-events within critical infrastructure can have devastating consequences affecting human life, the environment and the economy. Therefore, it is vital that a forensic investigation takes place to provide remediation, understanding and to help in the design of more secure systems. This paper provides an overview of the SCADA forensic process, within critical infrastructure, and discusses the existing challenges of carrying out a SCADA forensic investigation. It also discusses ways in which the process may be improved together with a suggested SCADA incident response model. This paper is part of an ongoing research project that is working towards the creation of best practice guidelines for the forensic handling and incident response of SCADA systems.

AB - SCADA systems are essential for the safe running of critical infrastructure but in recent years have increasingly become the target of advanced cyber-attacks through their convergence with public and corporate networks for easier monitoring and control. Cyber-events within critical infrastructure can have devastating consequences affecting human life, the environment and the economy. Therefore, it is vital that a forensic investigation takes place to provide remediation, understanding and to help in the design of more secure systems. This paper provides an overview of the SCADA forensic process, within critical infrastructure, and discusses the existing challenges of carrying out a SCADA forensic investigation. It also discusses ways in which the process may be improved together with a suggested SCADA incident response model. This paper is part of an ongoing research project that is working towards the creation of best practice guidelines for the forensic handling and incident response of SCADA systems.

KW - SCADA

KW - Critical infrastructure

KW - Digital forensics

KW - Incident response

KW - Cyber security lifecycle

KW - SCADA forensics

U2 - 10.1007/978-3-319-33331-1_3

DO - 10.1007/978-3-319-33331-1_3

M3 - Other chapter contribution

SN - 978-3-319-33330-4

T3 - Lecture Notes in Computer Science

SP - 27

EP - 39

BT - Critical Information Infrastructures Security

A2 - Rome, Erich

A2 - Theocharidou, Marianthi

A2 - Wolthusen, Stephen

PB - Springer

ER -

Eden P, Blyth A, Burnap P, Cherdantseva Y, Jones K, Soulsby H et al. A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure. In Rome E, Theocharidou M, Wolthusen S, editors, Critical Information Infrastructures Security: 10th International Conference, CRITIS 2015, Berlin, Germany, October 5-7, 2015, Revised Selected Papers. Springer. 2016. p. 27-39. Chapter 3. (Lecture Notes in Computer Science). doi: 10.1007/978-3-319-33331-1_3

A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure

Abstract

Publication series

Keywords

Access to Document

Fingerprint

Activities

The 10th International Conference on Critical Information Infrastructures Security

Cite this