A cyber forensic taxonomy for SCADA systems in critical infrastructure

Abstract

SCADA systems are essential for the safe running of critical infrastructure but in recent years have increasingly become the target of advanced cyber-attacks through their convergence with public and corporate networks for easier monitoring and control. Cyber-events within critical infrastructure can have devastating consequences affecting human life, the environment and the economy. Therefore, it is vital that a forensic investigation takes place to provide remediation, understanding and to help in the design of more secure systems. This paper provides an overview of the SCADA forensic process, within critical infrastructure, and discusses the existing challenges of carrying out a SCADA forensic investigation. It also discusses ways in which the process may be improved together with a suggested SCADA incident response model. This paper is part of an ongoing research project that is working towards the creation of best practice guidelines for the forensic handling and incident response of SCADA systems.