Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Incident analysis & digital forensics in SCADA and industrial control systems

Spyridopoulos, Theodoros ORCID:, Tryfonas, Theo and May, J. 2013. Incident analysis & digital forensics in SCADA and industrial control systems. Presented at: 8th IET International System Safety Conference Incorporating the Cyber Security Conference, Cardiff, UK, 16th-17th October 2013. 8th IET International System Safety Conference incorporating the Cyber Security Conference 2013. IET Conference Publications , vol.2013 (620 CP) IET, pp. 1-6. 10.1049/cp.2013.1720

Full text not available from this repository.


SCADA and industrial control systems have been traditionally isolated in physically protected environments. However, developments such as standardisation of data exchange protocols and increased use of IP, emerging wireless sensor networks and machine-to-machine communication mean that in the near future related threat vectors will require consideration too outside the scope of traditional SCADA security and incident response. In the light of the significance of SCADA for the resilience of critical infrastructures and the related targeted incidents against them (e.g. the development of stuxnet), cyber security and digital forensics emerge as priority areas. In this paper we focus on the latter, exploring the current capability of SCADA operators to analyse security incidents and develop situational awareness based on a robust digital evidence perspective. We look at the logging capabilities of a typical SCADA architecture and the analytical techniques and investigative tools that may help develop forensic readiness to the level of the current threat environment requirements. We also provide recommendations for data capture and retention.

Item Type: Conference or Workshop Item (Paper)
Date Type: Published Online
Status: Published
Schools: Computer Science & Informatics
Publisher: IET
ISBN: 978-184919778-6
Last Modified: 30 Jan 2023 12:15

Actions (repository staff only)

Edit Item Edit Item