Forensic Analysis of SCADA/ICS System with Security and Vulnerability Assessment

Umit Karabiyik; Naciye Celebi; Faruk Yildiz; James Holekamp; Khaled Rabieh

Download Paper | Permalink

Conference: 2018 ASEE Annual Conference & Exposition
Location: Salt Lake City, Utah
Publication Date: June 23, 2018
Start Date: June 23, 2018
End Date: July 27, 2018
Conference Session: Topics in Computing and Information Technology-I
Tagged Division: Computing and Information Technology
Page Count: 16
DOI: 10.18260/1-2--30530
Permanent URL: https://peer.asee.org/30530
Download Count: 2675

Request a correction

Paper Authors

biography

Umit Karabiyik Sam Houston State University orcid.org/0000-0001-6760-259X

visit author page

Umit Karabiyik is an Assistant Professor in the Department of Computer Science at Sam Houston University, in Huntsville, TX. Dr. Karabiyik completed his Ph.D. and M.S. degrees at Florida State University in 2015 and 2010 respectively. His research interests mainly lie in the area of Digital Forensics and Cybersecurity ranging from developing tools for forensic investigations to creating new models for forensic data analysis in various environments. He also has broad research interests in Expert Systems, Knowledge Representation, Encrypted File Analysis, Computer and Network Security. Dr. Karabiyik is the creator of open source digital forensics tool called Automated Disk Investigation Toolkit (AUDIT). Dr. Karabiyik is a recipient of NIJ Grant on Targeted Data Extraction from Mobile Devices. One of his recent work has received the “Best Paper Award” at the IEEE 4th International Symposium on Digital Forensic and Security (ISDF). In addition, Dr. Karabiyik is leading the Mobile Forensics and SCADA Forensics Labs at SHSU.

visit author page

author page

Naciye Celebi

biography

Faruk Yildiz Sam Houston State University

visit author page

Faruk Yildiz is currently an Associate Professor of
Engineering Technology at Sam Houston State University.
His primary teaching areas are in Electronics,
Computer Aided Design (CAD), and Alternative Energy Systems. Research interests include: low power energy
harvesting systems, renewable energy technologies
and education.

visit author page

author page

James Holekamp Sam Houston State University orcid.org/0000-0002-3746-2351

author page

Khaled Rabieh Sam Houston State University

Download Paper | Permalink

Abstract

Supervisory Control and Data Acquisition/Industrial Control Systems (SCADA/ICS) have achieved rapid growth within the competitive technology market. As a result, it has encountered serious security problems. Hence, security methods are needed to secure ICS from targeted attacks. The information security vulnerabilities of ICS have been studied extensively, and the vulnerable nature of these systems is well-known. However, in the case of a security incident (e.g. system failure, security breach, or denial of service attack), it is important to understand what the digital forensics consequences of such incidents are, what procedures or protocols are needed to be used during an investigation, what tools and techniques are appropriate to be used by an investigator, and where the forensic data can be collected from and how. Taking into these questions consideration, there is a serious gap in the literature as forensic attack analysis is commonly guided by experience and by intuition rather than by a systematic or scientific process. Therefore, in this study, we aim to close this gap by developing fairly complex SCADA/ICS laboratory at Sam Houston State University. During the course of our studies, several students (graduate and undergraduate) worked under the supervision of faculty members to understand the forensic aspects of real world attacks on SCADA hardware as well as the network used by the system. This new laboratory is intended to be used for Computer Science, Digital and Cyber Forensic Engineering Technology, and Engineering Technology programs at our university. With the availability of this laboratory we have a realistic SCADA/ICS system which can be used to study real-life experiments such as penetration assessment and testing, vulnerability assessment and testing, and the SCADA forensics research. In addition to aforementioned research activities, the laboratory will also serve to develop and support both undergraduate and graduate level computer science courses as well as undergraduate engineering technology courses. In this paper we will discuss the digital forensics and security challenges in SCADA/ICS, system infrastructure, forensic attack scenarios and results, student and faculty involvement in this research, laboratory related future course development objectives, student assessments, and the industry support.

Citation
Format

Karabiyik, U., & Celebi, N., & Yildiz, F., & Holekamp, J., & Rabieh, K. (2018, June), Forensic Analysis of SCADA/ICS System with Security and Vulnerability Assessment Paper presented at 2018 ASEE Annual Conference & Exposition , Salt Lake City, Utah. 10.18260/1-2--30530

TY  - CPAPER
AB  - Supervisory Control and Data Acquisition/Industrial Control Systems (SCADA/ICS) have achieved rapid growth within the competitive technology market. As a result, it has encountered serious security problems. Hence, security methods are needed to secure ICS from targeted attacks. The information security vulnerabilities of ICS have been studied extensively, and the vulnerable nature of these systems is well-known. However, in the case of a security incident (e.g. system failure, security breach, or denial of service attack), it is important to understand what the digital forensics consequences of such incidents are, what procedures or protocols are needed to be used during an investigation, what tools and techniques are appropriate to be used by an investigator, and where the forensic data can be collected from and how. Taking into these questions consideration, there is a serious gap in the literature as forensic attack analysis is commonly guided by experience and by intuition rather than by a systematic or scientific process. Therefore, in this study, we aim to close this gap by developing fairly complex SCADA/ICS laboratory at Sam Houston State University. During the course of our studies, several students (graduate and undergraduate) worked under the supervision of faculty members to understand the forensic aspects of real world attacks on SCADA hardware as well as the network used by the system. This new laboratory is intended to be used for Computer Science, Digital and Cyber Forensic Engineering Technology, and Engineering Technology programs at our university. With the availability of this laboratory we have a realistic SCADA/ICS system which can be used to study real-life experiments such as penetration assessment and testing, vulnerability assessment and testing, and the SCADA forensics research. In addition to aforementioned research activities, the laboratory will also serve to develop and support both undergraduate and graduate level computer science courses as well as undergraduate engineering technology courses. In this paper we will discuss the digital forensics and security challenges in SCADA/ICS, system infrastructure, forensic attack scenarios and results, student and faculty involvement in this research, laboratory related future course development objectives, student assessments, and the industry support.
AU  - Umit Karabiyik
AU  - Naciye Celebi
AU  - Faruk Yildiz
AU  - James Holekamp
AU  - Khaled Rabieh
CY  - Salt Lake City, Utah
DA  - 2018/06/23
PB  - ASEE Conferences
TI  - Forensic Analysis of SCADA/ICS System with Security and Vulnerability Assessment 
UR  - https://peer.asee.org/30530
DO  - 10.18260/1-2--30530
ER  -