+1 Recommend
1 collections
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      A Forensic Taxonomy of SCADA Systems and Approach to Incident Response


      , , , , ,

      3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015) (ICS-CSR)

      Industrial Control System & SCADA Cyber Security Research (ICS-CSR)

      17 - 18 September 2015

      SCADA forensics, digital forensics, incident response, SCADA architecture, ICS forensics, critical infrastructure



            SCADA systems that monitor and control Critical National Infrastructure (CNI) are increasingly becoming the target of advanced cyber-attacks since their convergence with TCP/IP and other networks for efficient controlling. When a SCADA incident occurs the consequences can be catastrophic having an impact on the environment, economy and human life and therefore it is essential for a forensic investigation to take place. SCADA system forensics is an essential process within the cyber-security lifecycle that not only helps to identify the cause of an incident and those responsible but to help develop and design more secure systems of the future. This paper provides an overall forensic taxonomy of the SCADA system incident response model. It discusses the development of forensic readiness within SCADA system investigations, including the challenges faced by the SCADA forensic investigator and suggests ways in which the process may be improved.


            Author and article information

            September 2015
            September 2015
            : 42-51
            [0001]Information Security Research group

            School of Computing and Mathematics

            Department of Computing, Engineering and Science

            University of South Wales

            Pontypridd, CF371DL UK
            [0002]Computer Science and Informatics

            Cardiff University, Queen’s Buildings

            5 The Parade, Roath

            Cardiff CF24 3AA, UK
            [0003]Airbus Group Innovations

            Quadrant House Celtic Springs


            Newport NP10 8FZ, UK
            © Eden et al. Published by BCS Learning & Development Ltd. Proceedings of the 3 rd International Symposium for ICS & SCADA Cyber Security Research 2015

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015)
            17 - 18 September 2015
            Electronic Workshops in Computing (eWiC)
            Industrial Control System & SCADA Cyber Security Research (ICS-CSR)
            Product Information: 1477-9358BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Electronic Workshops in Computing


            1. 2007 Snort: IDS and IPS Toolkit Jay Beale’s open source security series Boston, MA Syngress

            2. 2014 Evaluation of the ability of the Shodan search engine to identify internet-facing industrial control devices International J. Critical Infrastructure Protection 7 2 11 123

            3. 2014 CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot In smart grid security, lecture notes in computer science Berlin, Germany Springer International Publishing Available from http://dx.doi.org/10.1007/978-3-319-10329-7 12

            4. 2013 A distributed real-time event correlation architecture for SCADA security Critical infrastructure protection VII, volume 417 of IFIP advances in information and communication technology Berlin Heidelberg, Germany Springer Available from http://dx.doi.org/10.1007/978-3-642-45330-4 6

            5. 2014 Neue kommunikationskonzepte für den netzbetrieb - aktuelle entwicklungen in der IEC 61850 Hannover Messe 2014 – Smart Grids Forum Available from https://www.vde.com/de/smart-grid/forum/ beitraege/Documents/2014-04-09-neuekommunikationskonzepte-englert.pdf

            6. 2014 The value of security protocols on the example of smart grid. Keynote at IARIA – InfoWare 2014 Available from http://www.iaria.org/conferences2014/files INTELLI14/20140625 keynote sec prot sfries.pdf

            7. Modbus.org 2012 Modbus application protocol specification V1.1b3 Available from http://www.modbus.org/docs/Modbus Application Protocol V1 1b3.pdf

            8. 2013 Industrial control system cyber attacks Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research Available from http://ewic.bcs. org/content/ConWebDoc/51165

            9. 2014 Uninvited connections: A Study of vulnerable devices on the internet of things (IoT) IEEE Joint Intelligence and Security Informatics Conference (JISIC) 232 235

            10. 2013 The SCADA threat landscape Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research Available from http://ewic.bcs.org/ content/ConWebDoc/51166

            11. 2014. Designing and implementing a honeypot for a SCADA network Fredericksburg, VA The SANS Institute. Tech Rep

            12. 2015 July 20–22 A flexible architecture for industrial control system honeypots SECRYPT 2015– Proceedings of the 12th International Conference on Security and Cryptography Colmar, France [to be published]

            13. 2011 SCADA honeynets: The attractiveness of honeypots as critical infrastructure security tools for the detection and analysis of advanced threats M.S. Thesis, Iowa State University Ames, Iowa Available from http://lib.dr.iastate.edu/ cgi/viewcontent.cgi?article=3130&context=etd

            14. 2011 The industrial electronics handbook – industrial communications systems, volume 2 of the industrial electronics handbook 2 ed Boca Raton, FL CRC Press and Taylor & Francis Group

            15. 2013 The SCADA that didnt cry wolf – whos really attacking your ICS equipment?—Part deux! Black Hat US

            16. 2014 How vulnerable are unprotected machines on the Internet? Passive and Active Measurement, volume 8362 of Lecture Notes in Computer Science Berlin Heidelberg, Germany Springer International Publishing


            Comment on this article