A Forensic Taxonomy of SCADA Systems and Approach to Incident Response

Peter Eden; Andrew Blyth; Pete Burnap; Yulia Cherdantseva; Kevin Jones; Hugh Soulsby; Kristan Stoddart

doi:10.14236/ewic/ICS2015.5

A Forensic Taxonomy of SCADA Systems and Approach to Incident Response

Peter Eden, Andrew Blyth, Pete Burnap, Yulia Cherdantseva, Kevin Jones, Hugh Soulsby, Kristan Stoddart

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

SCADA systems that monitor and control Critical National Infrastructure (CNI) are increasingly becoming the target of advanced cyber-attacks since their convergence with TCP/IP and other networks for efficient controlling. When a SCADA incident occurs the consequences can be catastrophic having an impact on the environment, economy and human life and therefore it is essential for a forensic investigation to take place. SCADA system forensics is an essential process within the cyber-security lifecycle that not only helps to identify the cause of an incident and those responsible but to help develop and design more secure systems of the future. This paper provides an overall forensic taxonomy of the SCADA system incident response model. It discusses the development of forensic readiness within SCADA system investigations, including the challenges faced by the SCADA forensic investigator and suggests ways in which the process may be improved.

Original language	Unknown
Title of host publication	Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research 2015
Place of Publication	Swindon, UK
Publisher	BCS Learning Development Ltd.
Pages	42-51
Number of pages	10
ISBN (Print)	978-1-78017-317-7
DOIs	https://doi.org/10.14236/ewic/ICS2015.5
Publication status	Published - 2015
Event	3rd International Symposium for ICS & SCADA Cyber Security Research 2015 - University of Applied Sciences, Ingolstadt, Germany Duration: 17 Sep 2015 → 19 Sep 2015

Publication series

Name	ICS-CSR '15
Publisher	BCS Learning Development Ltd.

Conference

Conference	3rd International Symposium for ICS & SCADA Cyber Security Research 2015
Abbreviated title	ICS-CSR 2015
Country/Territory	Germany
City	Ingolstadt
Period	17/09/15 → 19/09/15

Keywords

ICS forensics
SCADA architecture
SCADA forensics
critical infrastructure
digital forensics
incident response

Access to Document

10.14236/ewic/ICS2015.5

A Forensic Taxonomy of SCADA Systems and Approach to Incident Response
Peter Eden (Speaker)
17 Sep 2015
Activity: Talk or presentation › Invited talk

Cite this

@inproceedings{0e6c405c5fa84c8ab86e861b93adc768,

title = "A Forensic Taxonomy of SCADA Systems and Approach to Incident Response",

abstract = "SCADA systems that monitor and control Critical National Infrastructure (CNI) are increasingly becoming the target of advanced cyber-attacks since their convergence with TCP/IP and other networks for efficient controlling. When a SCADA incident occurs the consequences can be catastrophic having an impact on the environment, economy and human life and therefore it is essential for a forensic investigation to take place. SCADA system forensics is an essential process within the cyber-security lifecycle that not only helps to identify the cause of an incident and those responsible but to help develop and design more secure systems of the future. This paper provides an overall forensic taxonomy of the SCADA system incident response model. It discusses the development of forensic readiness within SCADA system investigations, including the challenges faced by the SCADA forensic investigator and suggests ways in which the process may be improved.",

keywords = "ICS forensics, SCADA architecture, SCADA forensics, critical infrastructure, digital forensics, incident response",

author = "Peter Eden and Andrew Blyth and Pete Burnap and Yulia Cherdantseva and Kevin Jones and Hugh Soulsby and Kristan Stoddart",

year = "2015",

doi = "10.14236/ewic/ICS2015.5",

language = "Anadnabyddus",

isbn = "978-1-78017-317-7",

series = "ICS-CSR '15",

publisher = "BCS Learning Development Ltd.",

pages = "42--51",

booktitle = "Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research 2015",

note = "null ; Conference date: 17-09-2015 Through 19-09-2015",

}

Eden, P, Blyth, A, Burnap, P, Cherdantseva, Y, Jones, K, Soulsby, H & Stoddart, K 2015, A Forensic Taxonomy of SCADA Systems and Approach to Incident Response. in Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research 2015. ICS-CSR '15, BCS Learning Development Ltd., Swindon, UK, pp. 42-51, 3rd International Symposium for ICS & SCADA Cyber Security Research 2015, Ingolstadt, Germany, 17/09/15. https://doi.org/10.14236/ewic/ICS2015.5

A Forensic Taxonomy of SCADA Systems and Approach to Incident Response. / Eden, Peter; Blyth, Andrew; Burnap, Pete et al.

Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research 2015. Swindon, UK : BCS Learning Development Ltd., 2015. p. 42-51 (ICS-CSR '15).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Forensic Taxonomy of SCADA Systems and Approach to Incident Response

AU - Eden, Peter

AU - Blyth, Andrew

AU - Burnap, Pete

AU - Cherdantseva, Yulia

AU - Jones, Kevin

AU - Soulsby, Hugh

AU - Stoddart, Kristan

PY - 2015

Y1 - 2015

N2 - SCADA systems that monitor and control Critical National Infrastructure (CNI) are increasingly becoming the target of advanced cyber-attacks since their convergence with TCP/IP and other networks for efficient controlling. When a SCADA incident occurs the consequences can be catastrophic having an impact on the environment, economy and human life and therefore it is essential for a forensic investigation to take place. SCADA system forensics is an essential process within the cyber-security lifecycle that not only helps to identify the cause of an incident and those responsible but to help develop and design more secure systems of the future. This paper provides an overall forensic taxonomy of the SCADA system incident response model. It discusses the development of forensic readiness within SCADA system investigations, including the challenges faced by the SCADA forensic investigator and suggests ways in which the process may be improved.

AB - SCADA systems that monitor and control Critical National Infrastructure (CNI) are increasingly becoming the target of advanced cyber-attacks since their convergence with TCP/IP and other networks for efficient controlling. When a SCADA incident occurs the consequences can be catastrophic having an impact on the environment, economy and human life and therefore it is essential for a forensic investigation to take place. SCADA system forensics is an essential process within the cyber-security lifecycle that not only helps to identify the cause of an incident and those responsible but to help develop and design more secure systems of the future. This paper provides an overall forensic taxonomy of the SCADA system incident response model. It discusses the development of forensic readiness within SCADA system investigations, including the challenges faced by the SCADA forensic investigator and suggests ways in which the process may be improved.

KW - ICS forensics

KW - SCADA architecture

KW - SCADA forensics

KW - critical infrastructure

KW - digital forensics

KW - incident response

U2 - 10.14236/ewic/ICS2015.5

DO - 10.14236/ewic/ICS2015.5

M3 - Cyfraniad i gynhadledd

SN - 978-1-78017-317-7

T3 - ICS-CSR '15

SP - 42

EP - 51

BT - Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research 2015

PB - BCS Learning Development Ltd.

CY - Swindon, UK

Y2 - 17 September 2015 through 19 September 2015

ER -

A Forensic Taxonomy of SCADA Systems and Approach to Incident Response

Abstract

Publication series

Conference

Keywords

Access to Document

Activities

A Forensic Taxonomy of SCADA Systems and Approach to Incident Response

Cite this