Digital Forensic Readiness in Critical Infrastructures: A Case of Substation Automation in the Power Sector

The proliferation of intelligent devices has provisioned more functionality in Critical Infrastructures. But the same automation also brings challenges when it comes to malicious activity, either internally or externally. One such challenge is the attribution of an attack and to ascertain who did what, when and how? Answers to these questions can only be found if the overall underlying infrastructure supports answering such queries. This study sheds light on the power sector specifically on smart grids to learn whether current setups support digital forensic investigations or no. We also address several challenges that arise in the process and a detailed look at the literature on the subject. To facilitate such a study our scope of work revolves around substation automation and devices called intelligent electronic devices (IEDs) in smart grids.

[1]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[2]  Ronald M. van der Knijff,et al.  Control systems/SCADA forensics, what's the difference? , 2014, Digit. Investig..

[3]  Sujeet Shenoi,et al.  An Architecture for SCADA Network Forensics , 2006, IFIP Int. Conf. Digital Forensics.

[4]  Craig Valli SCADA Forensics with Snort IDS , 2009 .

[5]  Sherali Zeadally,et al.  Critical infrastructure protection: Requirements and challenges for the 21st century , 2015, Int. J. Crit. Infrastructure Prot..

[6]  Roman Ammann,et al.  Network Forensic Readiness: a bottom-up approach for IPv6 networks , 2012 .

[7]  Asif Iqbal [Extended Abstract] Digital Forensic Readiness in Critical Infrastructures : Exploring substation automation in the power sector , 2017 .

[8]  Leandros A. Maglaras,et al.  Attribution of Cyber Attacks on Industrial Control Systems , 2016, EAI Endorsed Trans. Ind. Networks Intell. Syst..

[9]  L. Vanfretti,et al.  Impact of time-synchronization signal loss on PMU-based WAMPAC applications , 2016, 2016 IEEE Power and Energy Society General Meeting (PESGM).

[10]  Eric Cornelius,et al.  Recommended Practice: Creating Cyber Forensics Plans for Control Systems , 2008 .

[11]  Kevin Jones,et al.  A Cyber Forensic Taxonomy for SCADA Systems in Critical Infrastructure , 2015, CRITIS.

[12]  Chi Zhou,et al.  SARAA: Semi-Supervised Learning for Automated Residential Appliance Annotation , 2017, IEEE Transactions on Smart Grid.

[13]  John H R May,et al.  Can we learn from SCADA security Incidents , 2013 .

[14]  Tina Wu,et al.  Towards a SCADA Forensics Architecture , 2013, ICS-CSR.

[15]  Golden G. Richard,et al.  SCADA Systems: Challenges for Forensic Investigators , 2012, Computer.

[16]  Ralph Langner,et al.  Robust Control System Networks: How to Achieve Reliable Control After Stuxnet , 2011 .

[17]  Hassan Farhangi,et al.  A Field Study of Digital Forensics of Intrusions in the Electrical Power Grid , 2015, CPS-SPC@CCS.

[18]  L. Vanfretti,et al.  Vulnerability of Synchrophasor-Based WAMPAC Applications’ to Time Synchronization Spoofing , 2018, IEEE Transactions on Smart Grid.

[19]  Jill Slay,et al.  Achieving critical infrastructure protection through the interaction of computer security and network forensics , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[20]  Richard Brooks,et al.  A survey of electric power synchrophasor network cyber security , 2014, IEEE PES Innovative Smart Grid Technologies, Europe.