论文信息 - Inadequate Legal, Regulatory and Technical Guidance for the Forensic Analysis of Cyber-Attacks on Safety- Critical Software

Inadequate Legal, Regulatory and Technical Guidance for the Forensic Analysis of Cyber-Attacks on Safety- Critical Software

National and international organisations including NIST and ENISA have published guidance that is intended to help organisations respond to, and recover from, cyber incidents. They provide detailed information about contingency planning, about the processes needed to gather and analyse evidence, about appropriate ways to disseminate the findings from forensic investigations. Legal frameworks, including the Federal Rules of Evidence, also help companies to identify ways of preserving a chain of evidence with the digital data gathered in the aftermath of a cyber-attack. It is essential that companies apply these guidelines to increase their resilience to future attacks. However, they provide the least support where they are needed the most. Existing guidelines focus on corporate office-based systems; they cannot be applied to support companies dealing with cyber-attacks on safety-critical infrastructures. This is an important omission. It is impossible to immediately disconnect infected systems where they provide life-critical functions. There are conflicts between the need, for instance, to preserve the evidence contained in volatile memory and the requirement to return safety-critical applications to a safe state before any forensic work can begin. The following pages identify the problems that arise when applying legal, regulatory and technical guidance to the cyber security of safety-critical applications. The closing sections focus on techniques that can be used to support the forensic analysis of cyber incidents and promote recovery from attacks without placing lives at risk.

Chris W. Johnson

[1] C. W. Johnson. CyberSafety : On the Interactions between CyberSecurity and the Software Engineering of Safety-Critical Systems , 2011 .

[2] Frank Gens,et al. Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[3] Timothy Grance,et al. Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[4] Chris W. Johnson,et al. Safety cases for global navigation satellite systems' Safety of Life (SoL) applications , 2010 .

[5] Timothy Grance,et al. Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[6] Gregg H. Gunsch,et al. An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[7] Chris W. Johnson,et al. The interaction between safety culture and degraded modes: A survey of national infrastructures for air traffic management , 2009 .

[8] Sarah V. Hart,et al. Forensic Examination of Digital Evidence: A Guide for Law Enforcement , 2014 .

[9] Richard Bassett,et al. Computer Forensics: An Essential Ingredient for Cyber Security , 2006 .

[10] Chris W. Johnson. Preparing for cyber-attacks on Air Traffic Management infrastructures: Cyber-safety scenario generation , 2012 .

[11] U. S. Nij. Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition , 2012 .