Abstract
SCADA systems are essential for the safe running of critical infrastructure but in recent years have increasingly become the target of advanced cyber-attacks through their convergence with public and corporate networks for easier monitoring and control. Cyber-events within critical infrastructure can have devastating consequences affecting human life, the environment and the economy. Therefore, it is vital that a forensic investigation takes place to provide remediation, understanding and to help in the design of more secure systems. This paper provides an overview of the SCADA forensic process, within critical infrastructure, and discusses the existing challenges of carrying out a SCADA forensic investigation. It also discusses ways in which the process may be improved together with a suggested SCADA incident response model. This paper is part of an ongoing research project that is working towards the creation of best practice guidelines for the forensic handling and incident response of SCADA systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Miller, B., Rowe, D.C.: A survey of SCADA and Critical Infrastructure Incidents. In: Proceedings of the 1st Annual conference on Research in information technology (2012)
Ahmed, I., Obermeier, S., Naedele, M., Richard, G.G.: SCADA systems: challenges for forensic investigators. IEEE Comput. 45(12), 44–51 (2012)
Boyer, S.: SCADA: Supervisory Control and Data Acquisition, 4th edn. ISA, Texas (2009)
McNamee, D., Elliott, T.: Secure Historian Access in SCADA Systems. Galios, White Paper, June 2011
Stouffer, K., Falco, J., Kent, K.: Guide to Industrial Control Systems (ICS) security. NIST (National Institute of Standards and Technology), U.S, Department of Commerce (2011)
Stouffer, K., Falco, J., Kent, K.: Guide to supervisory control and data acquisition (SCADA) and industrial control systems security. NIST (National Institute of Standards and Technology), U.S, Department of Commerce (2006)
Wu, T., Disso, J.F.P., Jones, K., Campos, A.: Towards a SCADA Forensics Architecture. In: 1st International symposium for ICS and SCADA cyber security research (ICS-CSR 2013) (2013)
McCarthy, J., Mahoney, W.: SCADA threats in the modern airport. Int. J. Cyber Warfare Terrorism 3(4), 32–39 (2013)
Kang, D., Robles, R.J.: Compartmentalization of protocols in SCADA communication. Int. J. Adv. Sci. Tech. 8, 27–36 (2009)
Ingure, V.M., Williams, R.D.: A Taxonomy of Security Vulnerabilities in SCADA Protocols. University of Virginia Charlottesville, USA (2007)
Stirland, J., Jones, K., Janicke, H., Wu, T.: Developing cyber forensics for SCADA industrial control systems. In: Proceedings of the International Conference of Information Security and Cyber Forensics (2014)
Zhu, B., Joseph, A., Sastry, S.: A taxonomy of cyber attacks on SCADA systems. In: Proceedings of the International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, pp. 380–388. IEEE Computer Society, Washington, DC (2011)
Wilhoit, K.: ICS, SCADA, and Non-Traditional Incident Response, Trend Micro, Digital forensics and incident response summit, July 2013
van der Knijff, R.M.: Control systems/SCADA forensics, what’s the difference?, digital investigation. Int. J. Digit. Forensics Incident Response 11(3), 160–174 (2014)
Fabro, M.E.C.: Recommended practice: creating cyber forensics plans for control systems, Homeland Security, Technical report, August 2008
Taveras, P.: Scada live forensics: Real time data acquisition process to detect, prevent or evaluate critical situations. Eur. Sci. J. (3), 253–262 (2013)
Techaisle White Paper: The Ageing PC Effect - Exposing Financial Impact for Small Businesses, May 2013. www.techaisle.com
Eden, P., Blyth, A., Burnap, Cherdantseva, Y., P., Jones, K., Soulsby, H., Stoddart, K.: A forensic taxonomy of SCADA systems and approach to incident response. In: Proceedings of the 3rd International Symposium for ICS and SCADA Cyber Security Research (ICS-CSR 2015) (2015)
Breeuwsma, I.: Forensic imaging of embedded systems using JTAG (boundary-scan). Digit. Invest. 3(1), 32–42 (2006)
Hoog, A., Forensics, A.: Investigation, Analysis and Mobile Security for Google Android, 1st edn. Syngress, New York (2011)
Network Working Group, Internet Engineering Task Force. Guidelines for Evidence Collection and Archiving, RFC 3227 (2002)
Acknowledgments
This work is funded by the Airbus Group Endeavr Wales scheme under the SCADA Cyber Security Lifecycle (SCADA-CSL) programme with the ultimate goal of improving the forensic handling and incident response process for SCADA systems.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Eden, P. et al. (2016). A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure. In: Rome, E., Theocharidou, M., Wolthusen, S. (eds) Critical Information Infrastructures Security. CRITIS 2015. Lecture Notes in Computer Science(), vol 9578. Springer, Cham. https://doi.org/10.1007/978-3-319-33331-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-33331-1_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-33330-4
Online ISBN: 978-3-319-33331-1
eBook Packages: Computer ScienceComputer Science (R0)