The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.12 - Dec. (2012 vol.45)
pp: 44-51
Irfan Ahmed , University of New Orleans
Sebastian Obermeier , ABB Corporate Research
Martin Naedele , ABB Corporate Research
Golden G. Richard III , University of New Orleans
ABSTRACT
When security incidents occur, several challenges exist for conducting an effective forensic investigation of SCADA systems, which run 24/7 to control and monitor industrial and infrastructure processes. The Web extra at http://youtu.be/L0EFnr-famg is an audio interview with Irfan Ahmed about SCADA (supervisory control and data acquisition) systems.
INDEX TERMS
SCADA systems, Forensics, Computers, Process control, Malware, Digital forensics, Network security, SCADA systems, digital forensics, computer security, process control systems
CITATION
Irfan Ahmed, Sebastian Obermeier, Martin Naedele, Golden G. Richard III, "SCADA Systems: Challenges for Forensic Investigators", Computer, vol.45, no. 12, pp. 44-51, Dec. 2012, doi:10.1109/MC.2012.325
REFERENCES
1. D. Bailey and E. Wright, Practical SCADA for Industry, Newnes, 2003.
2. R. Kalapatapu, “SCADA Protocols and Communication Trends,” Proc. 2004 ISA Industrial Network Security Symp. (ISA Expo 04), Instrumentation, Systems, and Automation Soc., 2004; www.isa.org/journals/intechTP04ISA048.pdf .
3. M. Brändle and M. Naedele, “Security for Process Control Systems: An Overview,” IEEE Security & Privacy, Nov./Dec. 2008, pp. 24-29.
4. T.M. Chen and S. Abu-Nimeh, “Lessons from Stuxnet,” Computer, Apr. 2011, pp. 91-93.
5. G. Keizer, “Development Timeline Key to Linking Stuxnet, Flame Malware,” Computerworld,30 May 2012; www.computerworld.com/s/article/9227580Development_timeline_key_to_linking_Stuxnet_Flame_malware .
6. K. Mandia, C. Prosise, and M. Pepe, Incident Response and Computer Forensics, 2nd ed., McGraw-Hill/Osborne, 2003.
7. R.N. Charette, “Gone Missing: The Public Policy Debate on Unleashing the Dogs of Cyberwar,” blog, 4 June 2012; http://spectrum.ieee.org/riskfactor/telecom/ securitygone-missing-the-public-policy-debate-on-unleashing-the-dogs-of-cyberwar .
8. M. Naedele, “Addressing IT Security for Critical Control Systems,” Proc. 40th Hawaii Int'l Conf. System Sciences (HICSS 07), IEEE CS, 2007; doi:10.1109/HICSS.2007.48.
9. F. Adelstein, “Live Forensics: Diagnosing Your System without Killing It First,” Comm. ACM, Feb. 2006, pp. 63-66.
10. K. Stouffer, J. Falco, and K. Scarfone, Guide to Industrial Control Systems (ICS) Security, NIST special publication 800-82, Nat'l Inst. Standards and Technology, 2011; http://csrc.nist.gov/publications/nistpubs/ 800-82SP800-82-final.pdf.
11. T. Kilpatrick et al., “An Architecture for SCADA Network Forensics,” Advances in Digital Forensics II, M.S. Olivier, and S. Shenoi eds., Springer, 2006, pp. 273-285.
12. H. Hadeli et al., “, Leveraging Determinism in Industrial Control Systems for Advanced Anomaly Detection and Reliable Security Configuration,” Proc. 14th Int'l Conf. Emerging Technologies and Factory Automation (ETFA 09), IEEE, 2009, pp. 1189-1196.
13. M. Fabro and E. Cornelius, Recommended Practice: Creating Cyber Forensics Plans for Control Systems, tech. report INL/EXT-08-14231, Idaho Nat'l Lab., 2008.
14. H. Kirrmann, “Seamless Redundancy: Bumpless Ethernet Redundancy for Substations with IEC 61850,” ABB Rev., Aug. 2010, pp. 57-61.
15. D. Dzung et al., “Security for Industrial Communication Systems,” Proc. IEEE, June 2005, pp. 1152-1177.
16. F. Köster et al., “Collaborative Security Assessments in Embedded Systems Development—The ESSAF Framework for Structured Qualitative Analysis,” Proc. Int'l Conf. Security and Cryptography (Secrypt 09), INSTICC Press, 2009, pp. 305-312.
17. E. Levy, “Crossover: Online Pests Plaguing the Offline World,” IEEE Security & Privacy, Nov./Dec. 2003, pp. 71-73.
18. S. Fuloria et al., “The Protection of Substation Communications,” Proc. SCADA Security Scientific Symp. (S4 10), 2010; www.cl.cam.ac.uk/~rja14/PapersS4-2010.pdf .
19. T. Morris, R. Vaughn, and Y.S. Dandass, “A Testbed for SCADA Control System Cybersecurity Research and Pedagogy,” Proc. 7th Ann. Cyber Security and Information Intelligence Research Workshop (CSIIRW 11), ACM, 2011; doi:10.1145/2179298.2179327.
20. T. Kilpatrick et al., “Forensic Analysis of SCADA Systems and Networks,” Int'l J. Security and Networks, Feb. 2008, pp. 95-102.
21. R. Chandia et al., “Security Strategies for SCADA Networks,” Critical Infrastructure Protection, E. Goetz, and S. Shenoi eds., Springer, 2008, pp. 117-131.
22. C. Valli, “SCADA Forensics with Snort IDS,” , Proc. 2009 Int'l Conf. Security and Management (SAM 09), CSREA Press, 2009, pp. 618-621.
23. J. Slay and E. Sitnikova, “The Development of a Generic Framework for the Forensic Analysis of SCADA and Process Control Systems,” Forensics in Telecommunications, Information, and Multimedia, M. Sorrell ed., Springer, 2009, pp. 77-82.
5 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool