A Forensic Taxonomy of SCADA Systems and Approach to Incident Response

Peter Eden, Andrew Blyth, Pete Burnap, Yulia Cherdantseva, Kevin Jones, Hugh Soulsby, Kristan Stoddart

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

SCADA systems that monitor and control Critical National Infrastructure (CNI) are increasingly becoming the target of advanced cyber-attacks since their convergence with TCP/IP and other networks for efficient controlling. When a SCADA incident occurs the consequences can be catastrophic having an impact on the environment, economy and human life and therefore it is essential for a forensic investigation to take place. SCADA system forensics is an essential process within the cyber-security lifecycle that not only helps to identify the cause of an incident and those responsible but to help develop and design more secure systems of the future. This paper provides an overall forensic taxonomy of the SCADA system incident response model. It discusses the development of forensic readiness within SCADA system investigations, including the challenges faced by the SCADA forensic investigator and suggests ways in which the process may be improved.
Original languageUnknown
Title of host publicationProceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research 2015
Place of PublicationSwindon, UK
PublisherBCS Learning Development Ltd.
Pages42-51
Number of pages10
ISBN (Print)978-1-78017-317-7
DOIs
Publication statusPublished - 2015
Event3rd International Symposium for ICS & SCADA Cyber Security Research 2015 - University of Applied Sciences, Ingolstadt, Germany
Duration: 17 Sep 201519 Sep 2015

Publication series

NameICS-CSR '15
PublisherBCS Learning Development Ltd.

Conference

Conference3rd International Symposium for ICS & SCADA Cyber Security Research 2015
Abbreviated titleICS-CSR 2015
Country/TerritoryGermany
CityIngolstadt
Period17/09/1519/09/15

Keywords

  • ICS forensics
  • SCADA architecture
  • SCADA forensics
  • critical infrastructure
  • digital forensics
  • incident response

Cite this