论文信息 - An Incident Response Model for Industrial Control System Forensics Based on Historical Events

An Incident Response Model for Industrial Control System Forensics Based on Historical Events

Cyber attacks on industrial control systems are increasing. Malware such as Stuxnet, Havex and BlackEnergy have demonstrated that industrial control systems are attractive targets for attackers. However, industrial control systems are not limited to malware attacks. Other attacks include SQL injection, distributed denial-of-service, spear phishing, social engineering and man-in-the-middle attacks. Additionally, methods such as unauthorized access, brute forcing and insider attacks have also targeted industrial control systems. Accidents such as fires and explosions at industrial plants also provide valuable insights into the targets of attacks, failure methods and potential impacts.

K. P. Chow | Siu-Ming Yiu | Ken Yau

[1] Timothy Grance,et al. Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[2] Karen A. Scarfone,et al. Guide to Industrial Control Systems (ICS) Security , 2015 .

[3] Majid Hashemi,et al. Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack , 2016 .

[4] Kevin Jones,et al. A Forensic Taxonomy of SCADA Systems and Approach to Incident Response , 2015, ICS-CSR.

[5] Marek Dźwiarek. An Analysis of Accidents Caused by Improper Functioning of Machine Control Systems , 2004, International journal of occupational safety and ergonomics : JOSE.

[6] M. Tahar Kechadi,et al. Forensics in Industrial Control System: A Case Study , 2015, CyberICS/WOS-CPS@ESORICS.

[7] Jill Slay,et al. Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[8] John H R May,et al. Incident Analysis & Digital Forensics in SCADA and Industrial Control Systems , 2013 .

[9] Eric Cornelius,et al. Recommended Practice: Creating Cyber Forensics Plans for Control Systems , 2008 .

[10] Neil C. Rowe,et al. A prototype forensic toolkit for industrial-control-systems incident response , 2015, Defense + Security Symposium.

[11] Krzysztof Sacha,et al. Translatable Finite State Time Machine , 2007, SDL Forum.