SCADA System Forensic Analysis Within IIoT

A new wave of industrial technology has emerged in the form of Industry 4.0, which has seen a progression from electronic devices and IT (Information Technology) systems that automate production advance to a new revolution of Cyber-Physical Production Systems used for Smart Manufacturing and Smart Factories via IIoT (Industrial Internet of Things). As more and more devices are becoming connected and networked to allow for Smart Manufacturing to take place the number of data sources significantly increases as a result. Real-time Information is then becoming increasingly interlinked across multiple industries for a more efficient productivity process and a reduction in cost. Aside from Smart manufacturing and factories, Industry 4.0 has already seen huge advances in infrastructure management, energy management, transportation and building and home automation. With such industries relying so heavily on real-time data from connected sensors the security of these systems are at risk due to the reliance on low-latency and reliable communication for critical processes. The increase of interconnected networks and devices across the Internet significantly increases the amount of entry points into these systems, increasing their vulnerability and allowing outsiders to take advantage of any weaknesses within them. This has already been highlighted by the events of Stuxnet, Havex, Black Energy and the German Steel Mill that targeted ICS (Industrial Control Systems) and SCADA (Supervisory Control and Data Acquisition) Systems causing catastrophic results. The use of SIEM (Security Information and Event Management) services, IDS (Intrusion Detection Systems), IPS (Intrusion Prevention Systems) and firewalls may be implemented within ICS but only operate on the perimeters of their networks or segmented networks and not at the lower operational level where critical processes rely on speed and availability simply because by doing so could introduce latency between critical processes. When events do occur, regardless of whether an incident is accidental or deliberate, an immediate incident response should take place. This chapter focusses on the forensic challenges and analysis of the physical infrastructure that underpins the systems operating within IIoT. It discusses the development of SCADA system architecture over the past few decades and how it has arrived at IIoT, creating the new generation of SCADA systems. The chapter then discusses the current available tools that exist that can help carry out a forensic investigation of a SCADA system operating within IIoT space before closing with a suggested SCADA Incident Response Model.

[1]  Ronald M. van der Knijff,et al.  Control systems/SCADA forensics, what's the difference? , 2014, Digit. Investig..

[2]  Kevin Jones,et al.  A Forensic Taxonomy of SCADA Systems and Approach to Incident Response , 2015, ICS-CSR.

[3]  Stamatis Karnouskos,et al.  Architecting the next generation of service-based SCADA/DCS system of systems , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[4]  Helge Janicke,et al.  Runtime-Monitoring for Industrial Control Systems , 2015 .

[5]  Eric Cornelius,et al.  Recommended Practice: Creating Cyber Forensics Plans for Control Systems , 2008 .

[6]  N Pedro Taveras,et al.  SCADA LIVE FORENSICS: REAL TIME DATA ACQUISITION PROCESS TO DETECT, PREVENT OR EVALUATE CRITICAL SITUATIONS , 2013 .

[7]  Golden G. Richard,et al.  SCADA Systems: Challenges for Forensic Investigators , 2012, Computer.

[8]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[9]  Timothy Grance,et al.  Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology , 2012 .

[10]  McClanahan SCADA and IP: is network convergence really here? , 2003 .

[11]  Joe Stirland,et al.  Developing Cyber Forensics for SCADA Industrial Control Systems , 2014 .

[12]  Min-kyu Choi,et al.  Assessment of the Vulnerabilities of SCADA, Control Systems and Critical Infrastructure Systems , 2009 .

[13]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[14]  Stefano Panzieri,et al.  Improving network security monitoring for industrial control systems , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[15]  Tina Wu,et al.  Towards a SCADA Forensics Architecture , 2013, ICS-CSR.