Forensic analysis of SCADA systems and networks

International Journal of Security and Networks

Volumn 3, Issue 2, 2008, Pages 95-102

  Kilpatrick, Tim ^a   Gonzalez, Jesus ^a   Chandia, Rodrigo ^a   Papa, Mauricio ^a   Shenoi, Sujeet ^a  

^a UNIVERSITY OF TULSA   (United States)

Author keywords

DCSs; Distributed control systems; Forensics; Industrial environments; Inforensics; Modbus; Network monitoring

Indexed keywords

DATA TRANSFER; DISTRIBUTED PARAMETER CONTROL SYSTEMS; NETWORK ARCHITECTURE; NETWORK SECURITY; PROCESS MONITORING; TRANSMISSION CONTROL PROTOCOL;

FORENSIC ANALYSIS;

SCADA SYSTEMS;

EID: 70149104596     PISSN: 17478405     EISSN: 17478413     Source Type: Journal    
DOI: 10.1504/IJSN.2008.017222     Document Type: Article

References (26)

1. American Gas Association AGA-12-1 (2005) Cryptographic Protection of SCADA Communications, Part 1: Background, Policies and Test Plan, AGA Report No. 12 (Part 1), Draft 5, April 14, www.gtiservices.org/security/ AGA12Draft5r3.pdf
2. American Gas Association AGA-12-2 (2005) Cryptographic Protection of SCADA Communications; Part 2: Retrofit Link Encryption for Asynchronous Serial Communications, AGA Report No. 12, Part 2, Draft, May 12, www.gtiservices.org/security/aga-12p2-draft-0512.pdf
3. American National Standards Institute/Instrumentation Systems and Automation Society (ANSI/IS A-TR99.00.01) (2004) Security Technologies for Manufacturing and Control Systems, October.
4. American National Standards Institute/Instrumentation Systems and Automation Society (ANSI/ISA-TR99.00.02) (2004) Integrating Electronic Security into the Manufacturing and Control Systems Environment, October.
5. American Petroleum Institute (API 1164) (2004) SCADA Security, September 1, American Petroleum Institute, Washington DC.
6. Berg, M. and Stamp, J. (2005) A Reference Model for Control and Automation Systems in Electric Power, Technical Report SAND2005-1000C, Sandia National Laboratories, Albuquerque, New Mexico.
7. Boyer, S. (2004) SCADA: Supervisory Control and Data Acquisition, 3rd ed., Instrumentation, Systems and Automation Society, Research Triangle Park, North Carolina.
8. British Columbia Institute of Technology (2005) Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks, National Infrastructure Security Coordination Centre, London, UK.
9. Byres, E. and Nguyen, T. (2000) 'Using OPC to integrate control systems from competing vendors', Proceedings of the Canadian Pulp and Paper Association Technical Conference, Montreal, Canada.
10. Byres, E., Carter, J., Elramly, A. and Hoffman, D. (2002) 'Worlds in collision: Ethernet on the plant floor', Proceedings of the ISA Emerging Technologies Conference, Chicago, Illinois.
11. Byres, E., Franz, M. and Miller, D. (2004) 'The use of attack trees in assessing vulnerabilities in SCADA systems', Proceedings of the International Infrastructure Survivability Workshop, Lisbon, Portugal.
12. Charles, P. (2007) Network Packet Capture Facility for Java, sourceforge.net/projects/jpcap.
13. Fenner, B., Harris, G. and Richardson, M. (2007) The libpcap Project sourceforge.net/projects/libp cap.
14. Graham, J. and Patel, S. (2004) Security Considerations in SCADA Communication Protocols, Technical Report TR-ISRL-04-01 Intelligent System Research Laboratory, Department of Computer Engineering and Computer Science, University of Louisville, Louisville, Kentucky.
15. Kilman, D. and Stamp, J. (2005) Framework for SCADA Security Policy Technical Report SAND2005-1002C, Sandia National Laboratories, Albuquerque, New Mexico.
16. Mandia, K., Prosise, C. and Pepe, M. (2003) Incident Response and Computer Forensics, McGraw-Hill/Osborne, Emeryville, California.
17. Modbus IDA (2004a) MODBUS Application Protocol Specification v1.1a June 4, www.modbus.org/specs.php
18. Modbus IDA (2004b) MODBUS Messaging on TCP/IP Implementation Guide v1.0a, June 4, www.modbus.org/specs.php
19. Modbus.org (2002) MODBUS Over Serial Line Specification and Implementation Guide v1.0, 12 February,www. mod-bus.org/specs.php
20. National Institute of Standards and Technology SPP-ICS (2004) National Institute of Standards and Technology, System Protection Profile - Industrial Control Systems v1.0, Gaithersburg, Maryland.
21. Shanmugasundaram, K., Memon, N., Savant, A. and Bronnimann, H. (2003) 'Fornet: A distributed forensics system', Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security, St. Petersburg, Russia.
22. Shanmugasundaram, K., Bronnimann, H. and Memon, N. (2005) 'Integrating digital forensics in network architectures', in Pollitt, M. and Shenoi, S. (Eds.): Advances in Digital Forensics, Springer, New York, pp. 127-140.
23. Smith, M. and Copps, M. (1993) DNP3 V3.00 Data Object Library Version 0.02, September, DNP Users Group.
24. Smith, M. and McFadyen, J. (2000) DNP V3.00 Data Link Layer Protocol Description, June, DNP Users Group.
25. Stamp, J., Dillinger, J., Young, W. and Depoy, J. (2003) Common Vulnerabilities in Critical Infrastructure Control Systems, Technical Report SAND2003-1772C, Sandia National Laboratories, Albuquerque, New Mexico.
26. The White House (1998) Presidential Decision Directive 63: Critical Infrastructure Protection, National Security Council, Executive Office of the President, Washington DC.