The Development of a Generic Framework for the Forensic Analysis of SCADA and Process Control Systems

There is continuing interest in researching generic security architectures and strategies for managing SCADA and process control systems. Documentation from various countries on IT security does now begin to recommendations for security controls for (federal) information systems which include connected process control systems. Little or no work exists in the public domain which takes a big picture approach to the issue of developing a generic or generalisable approach to SCADA and process control system forensics. The discussion raised in this paper is that before one can develop solutions to the problem of SCADA forensics, a good understanding of the forensic computing process, and the range of technical and procedural issues subsumed with in this process, need to be understood, and also agreed, by governments, industry and academia.

[1]  Jill Slay,et al.  Digital Forensics: Validation and Verification in a Dynamic Work Environment , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[2]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[3]  L. Futcher,et al.  IFIP – The International Federation for Information Processing , 2004 .

[4]  Eric Cornelius,et al.  Recommended Practice: Creating Cyber Forensics Plans for Control Systems , 2008 .

[5]  Ann Miller Trends in Process Control Systems Security , 2005, IEEE Secur. Priv..

[6]  Sujeet Shenoi,et al.  Security Strategies for SCADA Networks , 2007, Critical Infrastructure Protection.

[7]  Rodney McKemmish,et al.  What is forensic computing , 1999 .

[8]  Jill Slay,et al.  A Security Architecture for SCADA Networks , 2006 .

[9]  Jason Trent,et al.  Remote Forensic Analysis of Process Control Systems , 2007, Critical Infrastructure Protection.