Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems

Johnson, C. W. , Harkness, R. and Evangelopoulou, M. (2016) Forensic Attacks Analysis and the Cyber Security of Safety-Critical Industrial Control Systems. In: 34th International System Safety Conference, Orlanda, FL, USA, 8-12 Aug 2016,

[img]
Preview
Text
130823.pdf - Accepted Version

407kB

Publisher's URL: http://www.dcs.gla.ac.uk/~johnson/papers/ISSC16/forensic.pdf

Abstract

Industrial Control Systems (ICS) and SCADA (Supervisory Control And Data Acquisition) applications monitor and control a wide range of safety-related functions. These include energy generation where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related products. In this case bugs in an ICS/SCADA system could introduce flaws in the production of components that remain undetected before being incorporated into safety-related applications. Industrial Control Systems, typically, use devices and networks that are very different from conventional IP-based infrastructures. These differences prevent the re-use of existing cyber-security products in ICS/SCADA environments; the architectures, file formats and process structures are very different. This paper supports the forensic analysis of industrial control systems in safety-related applications. In particular, we describe how forensic attack analysis is used to identify weaknesses in devices so that we can both protect components but also determine the information that must be analyzed during the aftermath of a cyber-incident. Simulated attacks detect vulnerabilities; a risk-based approach can then be used to assess the likelihood and impact of any breach. These risk assessments are then used to justify both immediate and longer-term countermeasures.

Item Type:Conference Proceedings
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Harkness, Mr Robert and Johnson, Professor Chris and Evangelopoulou, Miss Maria
Authors: Johnson, C. W., Harkness, R., and Evangelopoulou, M.
College/School:College of Science and Engineering > School of Computing Science
Copyright Holders:Copyright © 2016 The Authors
Publisher Policy:Reproduced with the permission of the authors.
Related URLs:

University Staff: Request a correction | Enlighten Editors: Update this record