Presentation is loading. Please wait.

Presentation is loading. Please wait.

Optimisation of Cyber Forensics for ICS

Published byElla Wiggins Modified over 6 years ago

Similar presentations

Presentation on theme: "Optimisation of Cyber Forensics for ICS"— Presentation transcript:

1 Optimisation of Cyber Forensics for ICS

2 Overview Summary of first year forensics research Some key questions
Strengthening the threat-forensics relationship Next steps

3 PhD Forensics Work What are the current limitations in ICS Forensics? Stage 1: Assess Current Understanding of ICS Forensics Research What are the physical and technical barriers with using forensics in ICS environments? What stages of the forensic process pose the most significant challenges? Stage 2: Apply Traditional IT Forensics and Penetration Testing Tools to ICS Components What data can be acquired? Go through each stage and provide a summary of the work that was completed for each – the next slide as the key outcomes from each (primarily the technical ones) Guide: Stage 1: - Initial review of reported limitations within literature to evaluate state-of-the-art - Mapped these limitations to forensic stages - Create foundation for future work Stage 2: - Technical review of existing IT forensics tools Memory forensics, network packet capture, imaging, file analysis… Serial and Ethernet Communications with PLC utilized through different tools USB and TCP/IP connection methods Stage 3: Leveraging proprietary ICS communications protocols for forensics Two particular PLC communication protocols examined How readable is this data? How can we improve the Acquisition, Examination, and Analysis phases of ICS Forensics Stage 3: Explore Bespoke Tools used for ICS Data Communication

4 Review of Forensic Research
Minimal applicability of existing tools Network tools had greatest use This highlighted technical challenges/barriers of forensics for PLCs Proprietary operating systems (firmware) Bespoke file systems and memory structures Novel method showed ability to acquire substantially more data – challenges with interpreting this data though Provides a framework to build a common forensic protocol Briefly go through the outcomes… End objective of research is to develop a common forensic protocol framework that can enhance ICS forensic capture, analysis, and examination – this would be a three layered protocol that has the vendors proprietary protocol sat underneath it. Very early stages of this concept, and some key questions need to be addressed first…

5 Immediate Research Questions on Forensics
Some key questions to answer first… What data types are available to capture in ICS for forensics? How do we categories these data types? How can we think more proactively about forensics in ICS? Before looking at developing this common forensics protocol, I will look at how the strengthening the relationship between Threat and Forensics can address these questions. Since we don’t have adequate forensics capabilities answer these questions, I will explore how using threat assessment can. Hypothesis for this is that by more closely combining threat and forensics, we can assess what types of data should be prioritised in forensics acquisition. Specifically, this would involve including forensics as a concept in a threat modelling approach to visualise this.

6 Threat-Forensic Relationship
Briefly discuss diagram  Mention that forensics plays a role in informing threat assessment intelligence, however the mutual relationship hasn’t been addressed before. As part of 2nd year I would like to explore how strengthening this relationship can answer these key questions and help guide the thinking of proactive forensics development, rather than keeping it as a purely reactive concept.

7 Next Steps… Explore how we can strengthen threat-forensics relationship Develop a modelling notation for this, based on existing approaches Extend research on leveraging proprietary protocols for ICS forensics Test methods against greater range of PLC manufacturers and models These are the next short-term steps that will be covered as part of second year.

Download ppt "Optimisation of Cyber Forensics for ICS"

Similar presentations

Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.

Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.
Priority Research Direction (I/O Models, Abstractions and Software) Key challenges What will you do to address the challenges? – Develop newer I/O models.

Priority Research Direction (I/O Models, Abstractions and Software) Key challenges What will you do to address the challenges? – Develop newer I/O models.
‘Real World’ Problem / Data Set an overall real world problem, supported by real world data Purely academic learning might require a theoretical problem.

‘Real World’ Problem / Data Set an overall real world problem, supported by real world data Purely academic learning might require a theoretical problem.
KDP-1: Integrate supply chain knowledge into secure solutions concepts Evaluate supply chain threats with respect to the set of possible solutions under.

KDP-1: Integrate supply chain knowledge into secure solutions concepts Evaluate supply chain threats with respect to the set of possible solutions under.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Narrowing the achievement gap through curriculum development – probe 6 Natalia Buckler (CUREE) & Michael Jopling (University of Wolverhampton)

Narrowing the achievement gap through curriculum development – probe 6 Natalia Buckler (CUREE) & Michael Jopling (University of Wolverhampton)
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Connecting Networks © 2004 Cisco Systems, Inc. All rights reserved. Exploring How TCP/IP Works INTRO v2.0—4-1.

Connecting Networks © 2004 Cisco Systems, Inc. All rights reserved. Exploring How TCP/IP Works INTRO v2.0—4-1.
Overview of Early Warning system and the role of National Meteorological and Hydrological services Please use this template to guide the development of.

Overview of Early Warning system and the role of National Meteorological and Hydrological services Please use this template to guide the development of.
Computer Networking Course Introduction Dr Sandra I. Woolley.

Computer Networking Course Introduction Dr Sandra I. Woolley.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Emerging Technologies Learning Anywhere-Anytime. Emerging Technology Areas: / Wireless Local Area Networks (WLANs) / Mobile Devices / MacBook Laptop Computers,

Emerging Technologies Learning Anywhere-Anytime. Emerging Technology Areas: / Wireless Local Area Networks (WLANs) / Mobile Devices / MacBook Laptop Computers,
Designing a Work Integrated Assessment Collaborate Project Bringing together staff, students and employers to create employability focused assessments.

Designing a Work Integrated Assessment Collaborate Project Bringing together staff, students and employers to create employability focused assessments.
CSCD 434 Network Security Spring 2014 Lecture 1 Course Overview.

CSCD 434 Network Security Spring 2014 Lecture 1 Course Overview.
Odyssey A Reuse Environment based on Domain Models Prepared By: Mahmud Gabareen Eliad Cohen.

Odyssey A Reuse Environment based on Domain Models Prepared By: Mahmud Gabareen Eliad Cohen.
Experiences and Outcomes Curriculum for Excellence Support for Trialling Expressive Arts.

Experiences and Outcomes Curriculum for Excellence Support for Trialling Expressive Arts.
Workshop A. Development of complex interventions Rob Anderson, PCMD Nicky Britten, PCMD.

Workshop A. Development of complex interventions Rob Anderson, PCMD Nicky Britten, PCMD.
Danish Centre for Studies in Research and Research Analysis Knowledge Economy – Challenges for Measurement Luxembourg, December 8-9, 2005 Innovation measurement:

Danish Centre for Studies in Research and Research Analysis Knowledge Economy – Challenges for Measurement Luxembourg, December 8-9, 2005 Innovation measurement:
ECSE Core Curriculum Innovation in Engineering Education.

ECSE Core Curriculum Innovation in Engineering Education.
Copyright © 2011 Wolters Kluwer Health | Lippincott Williams & Wilkins Chapter 1 Research: An Overview.

Copyright © 2011 Wolters Kluwer Health | Lippincott Williams & Wilkins Chapter 1 Research: An Overview.

Similar presentations

Ads by Google