Supervisory Control and Data Acquisition/Industrial Control Systems (SCADA/ICS) have achieved rapid growth within the competitive technology market. As a result, it has encountered serious security problems. Hence, security methods are needed to secure ICS from targeted attacks. The information security vulnerabilities of ICS have been studied extensively, and the vulnerable nature of these systems is well-known. However, in the case of a security incident (e.g. system failure, security breach, or denial of service attack), it is important to understand what the digital forensics consequences of such incidents are, what procedures or protocols are needed to be used during an investigation, what tools and techniques are appropriate to be used by an investigator, and where the forensic data can be collected from and how. Taking into these questions consideration, there is a serious gap in the literature as forensic attack analysis is commonly guided by experience and by intuition rather than by a systematic or scientific process. Therefore, in this study, we aim to close this gap by developing fairly complex SCADA/ICS laboratory at Sam Houston State University. During the course of our studies, several students (graduate and undergraduate) worked under the supervision of faculty members to understand the forensic aspects of real world attacks on SCADA hardware as well as the network used by the system. This new laboratory is intended to be used for Computer Science, Digital and Cyber Forensic Engineering Technology, and Engineering Technology programs at our university. With the availability of this laboratory we have a realistic SCADA/ICS system which can be used to study real-life experiments such as penetration assessment and testing, vulnerability assessment and testing, and the SCADA forensics research. In addition to aforementioned research activities, the laboratory will also serve to develop and support both undergraduate and graduate level computer science courses as well as undergraduate engineering technology courses. In this paper we will discuss the digital forensics and security challenges in SCADA/ICS, system infrastructure, forensic attack scenarios and results, student and faculty involvement in this research, laboratory related future course development objectives, student assessments, and the industry support.
[1]
H. Vincent Poor,et al.
An Introduction to Signal Detection and Estimation
,
1994,
Springer Texts in Electrical Engineering.
[2]
Mamoona Rafique,et al.
Exploring Static and Live Digital Forensics: Methods, Practices and Tools
,
2013
.
[3]
D7.1 Preliminary report on forensic analysis for industrial systems
,
2015
.
[4]
Fahmid Imitaz.
Enterprise Computer Forensics: A defensive and offensive strategy to fight computer crime
,
2006
.
[5]
Thomas M. Chen,et al.
Lessons from Stuxnet
,
2011,
Computer.
[6]
栄 久米原,et al.
Wiresharkパケット解析リファレンス : Network Protocol Analyzer
,
2009
.
[7]
David Bailey,et al.
Practical SCADA for industry
,
2003
.
[8]
Martin Naedele,et al.
Addressing IT Security for Critical Control Systems
,
2007,
2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).
[9]
Maria Evangelopoulou,et al.
Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems
,
2016
.
[10]
N Pedro Taveras,et al.
SCADA LIVE FORENSICS: REAL TIME DATA ACQUISITION PROCESS TO DETECT, PREVENT OR EVALUATE CRITICAL SITUATIONS
,
2013
.
[11]
Golden G. Richard,et al.
SCADA Systems: Challenges for Forensic Investigators
,
2012,
Computer.
[12]
Frank Adelstein,et al.
Live forensics: diagnosing your system without killing it first
,
2006,
CACM.
[13]
S. Shankar Sastry,et al.
A Taxonomy of Cyber Attacks on SCADA Systems
,
2011,
2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.
[14]
Tina Wu,et al.
Towards a SCADA Forensics Architecture
,
2013,
ICS-CSR.
[15]
T. Holt,et al.
Corporate Hacking and Technology-Driven Crime: Social Dynamics and Implications
,
2010
.
[16]
Theodore Tryfonas,et al.
Acquiring volatile operating system data tools and techniques
,
2008,
OPSR.