A Forensic Taxonomy of SCADA Systems and Approach to Incident Response

Peter Eden, Andrew Blyth, Pete Burnap, Yulia Cherdantseva, Kevin Jones, Hugh Soulsby, Kristan Stoddart

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    Abstract

    SCADA systems that monitor and control Critical National Infrastructure (CNI) are increasingly becoming the target of advanced cyber-attacks since their convergence with TCP/IP and other networks for efficient controlling. When a SCADA incident occurs the consequences can be catastrophic having an impact on the environment, economy and human life and therefore it is essential for a forensic investigation to take place. SCADA system forensics is an essential process within the cyber-security lifecycle that not only helps to identify the cause of an incident and those responsible but to help develop and design more secure systems of the future. This paper provides an overall forensic taxonomy of the SCADA system incident response model. It discusses the development of forensic readiness within SCADA system investigations, including the challenges faced by the SCADA forensic investigator and suggests ways in which the process may be improved.
    Original languageUnknown
    Title of host publicationProceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research 2015
    Place of PublicationSwindon, UK
    PublisherBCS Learning Development Ltd.
    Pages42-51
    Number of pages10
    ISBN (Print)978-1-78017-317-7
    DOIs
    Publication statusPublished - 2015
    Event3rd International Symposium for ICS & SCADA Cyber Security Research 2015 - University of Applied Sciences, Ingolstadt, Germany
    Duration: 17 Sept 201519 Sept 2015

    Publication series

    NameICS-CSR '15
    PublisherBCS Learning Development Ltd.

    Conference

    Conference3rd International Symposium for ICS & SCADA Cyber Security Research 2015
    Abbreviated titleICS-CSR 2015
    Country/TerritoryGermany
    CityIngolstadt
    Period17/09/1519/09/15

    Keywords

    • ICS forensics
    • SCADA architecture
    • SCADA forensics
    • critical infrastructure
    • digital forensics
    • incident response

    Cite this