Abstract
The proliferation of intelligent devices has provisioned more functionality in Critical Infrastructures. But the same automation also brings challenges when it comes to malicious activity, either internally or externally. One such challenge is the attribution of an attack and to ascertain who did what, when and how? Answers to these questions can only be found if the overall underlying infrastructure supports answering such queries. This study sheds light on the power sector specifically on smart grids to learn whether current setups support digital forensic investigations or no. We also address several challenges that arise in the process and a detailed look at the literature on the subject. To facilitate such a study our scope of work revolves around substation automation and devices called intelligent electronic devices (IEDs) in smart grids.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
U.S. General Accounting Office: Cyber security guidance is available, but more can be done to promote its use (2011). http://www.gao.gov/assets/590/587529.pdf
Alcaraz, C., Zeadally, S.: Critical infrastructure protection: requirements and challenges for the 21st century. Int. J. Crit. Infrastruct. Prot. 8, 53–66 (2015)
U.S. Department of Homeland Security: What is critical infrastructure? (2016). https://www.dhs.gov/what-criticalinfrastructure
Critical infrastructure sectors (2016). https://www.dhs.gov/critical-infrastructure-sectors
KTH Royal Institute of Technology (2013). Viking: https://www.kth.se/en/ees/omskolan/organisation/avdelningar/ics/research/cc/proj/v/viking-1.407871
Trend Micro Incorporated: Report on cybersecurity and critical infrastructure in the americas (2015). http://www.trendmicro.com/cloudcontent/us/pdfs/securityintelligence/reports/critical-infrastructures-west-hemisphere.pdf
SANS ICS: Analysis of the cyber attack on the Ukrainian power grid (2016). https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf
Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)
CESG National Technical Authority for Information Assurance: Good practice guide: Forensic readiness (2015). https://www.cesg.gov.uk/content/files/guidancefiles/Forensic%20Readiness%20(Good%20Practice%20Guide%2018)1.2.pdf
Ammann, R.: Network forensic readiness: a bottom-up approach for IPv6 networks. Ph.D. dissertation, Auckland University of Technology (2012)
Sule, D.: Importance of forensic readiness (2014). http://www.isaca.org/Journal/archives/2014/Volume-1/Pages/JOnline-Importance-of-Forensic-Readiness.aspx
Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Soulsby, H., Stoddart, K.: A cyber forensic taxonomy for SCADA systems in critical infrastructure. In: Rome, E., Theocharidou, M., Wolthusen, S. (eds.) CRITIS 2015. LNCS, vol. 9578, pp. 27–39. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33331-1_3
Cook, A., Nicholson, A., Janicke, H., Maglaras, L.A., Smith, R.: Attribution of cyber attacks on industrial control systems. EAI Endorsed Trans. Indust. Netw. Intellig. Syst. 3(7), e3 (2016). https://doi.org/10.4108/eai.21-4-2016.151158
van der Knijff, R.M.: Control systems/SCADA forensics, what’s the difference? Digit. Invest. 11(3), 160–174 (2014). https://doi.org/10.1016/j.diin.2014.06.007. ISSN 1742-2876
Etalle, S., Gregory, C., Bolzoni, D., Zambon, E.: Self-configuring deep protocol network whitelisting. Security Matters (2013). http://www.secmatters.com/sites/www.secmatters.com/files/documents/whitepaper_ics_EU.Pdf
Pauna, A., May, J., Tryfonas, T.: Can we learn from SCADA security incidents? – ENISA, 09 October 2013. https://www.enisa.europa.eu/publications/can-we-learn-from-scada-security-incidents
Ahmed, I., Obermeier, S., Naedele, M., Richard III, G.G.: SCADA systems: challenges for forensic investigators. Computer 45(12), 44–51 (2012). https://doi.org/10.1109/mc.2012.325
Wu, T., Pagna Disso, J.F., Jones, K., Campos, A.: Towards a SCADA forensics architecture. In: Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research, pp. 12–21 (2013)
Fabro, M., Cornelius, E.: Recommended practice: creating cyber forensics plans for control systems. DHS Control Systems Security Program (2008). https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/Forensics_RP.pdf. Accessed 15 May 2017
Iqbal, A.: [Extended Abstract] Digital Forensic Readiness in Critical Infrastructures: Exploring substation automation in the power sector. Stockholm (2017). http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-209689
Kilpatrick, T., Gonzalez, J., Chandia, R., Papa, M., Shenoi, S.: An architecture for SCADA network forensics. In: Olivier, M.S., Shenoi, S. (eds.) DigitalForensics 2006. IAIC, vol. 222, pp. 273–285. Springer, Boston, MA (2006). https://doi.org/10.1007/0-387-36891-4_22
Valli, C.: SCADA forensics with Snort IDS. In: Proceedings of the 2009 International Conference Security and Management (SAM 2009), pp. 618–621. CSREA Press (2009)
Sohl, E., Fielding, C., Hanlon, T., Rrushi, J., Farhangi, H., Howey, C., Carmichael, K., Dabell, J.: A field study of digital forensics of intrusions in the electrical power grid. In: Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy (CPS-SPC 2015), pp. 113–122. ACM, New York (2015)
CVE Details, Security Vulnerabilities, Promotic. https://www.cvedetails.com/vulnerability-list/vendor_id-649/product_id-22225/Microsys-Promotic.html
Hunt, R., Slay, J.: Achieving critical infrastructure protection through the interaction of computer security and network forensics. In: 2010 Eighth Annual International Conference on Privacy Security and Trust (PST), pp. 23–30. IEEE (2010)
Langner, R.: Robust Control System Networks: How to Achieve Reliable Control after Stuxnet. Momentum Press, New York (2011)
IEEE C37.118.1-2011: IEEE Standard for Synchrophasor Measurement for Power Systems
NASPI Technical Report: Time Synchronization in the Electric Power System, USA, March 2017. https://www.naspi.org/sites/default/files/reference_documents/tstf_electric_power_system_report_pnnl_26331_march_2017_0.pdf
IEEE Standard for Synchrophasor Data Transfer for Power Systems. In: IEEE Std C37.118.2-2011 (Revision of IEEE Std C37.118-2005), pp. 1–53, 28 December 2011
Beasley, C., Zhong, X., Deng, J., Brooks, R., Venayagamoorthy, G.K.: A survey of electric power synchrophasor network cyber security. In: IEEE PES Innovative Smart Grid Technologies, Europe, Istanbul, pp. 1–5 (2014)
Almas, M.S., Vanfretti, L.: Impact of time-synchronization signal loss on PMU-based WAMPAC applications. In: 2016 IEEE Power and Energy Society General Meeting (PESGM), Boston, MA, pp. 1–5 (2016)
Almas, M.S., Vanfretti, L., Singh, R.S., Jonsdottir, G.M.: Vulnerability of synchrophasor-based WAMPAC applications’ to time synchronization spoofing. IEEE Trans. Smart Grid 8(99), 1 (2017)
SEL: Protection Relays by Schweitzer Engineering Laboratories. https://selinc.com/products/421/
SEL-5030 acSELerator QuickSet Software. https://selinc.com/products/5030/
Acknowledgment
This work has received funding from the Swedish Civil Contingencies Agency (MSB) through the research center Resilient Information and Control Systems (RICS).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Iqbal, A., Ekstedt, M., Alobaidli, H. (2018). Digital Forensic Readiness in Critical Infrastructures: A Case of Substation Automation in the Power Sector. In: Matoušek, P., Schmiedecker, M. (eds) Digital Forensics and Cyber Crime. ICDF2C 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 216. Springer, Cham. https://doi.org/10.1007/978-3-319-73697-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-73697-6_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-73696-9
Online ISBN: 978-3-319-73697-6
eBook Packages: Computer ScienceComputer Science (R0)