File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1007/978-3-030-34647-8_16
- WOS: WOS:000582700000016
Supplementary
-
Citations:
- Web of Science: 0
- Appears in Collections:
Conference Paper: An Incident Response Model for Industrial Control System Forensics Based on Historical Events
| Title | An Incident Response Model for Industrial Control System Forensics Based on Historical Events |
|---|---|
| Authors | |
| Keywords | Industrial control systems incident response forensics |
| Issue Date | 2019 |
| Publisher | Springer. |
| Citation | International Conference on Critical Infrastructure Protection (ICCIP) 2019, Arlington, VA, USA, 11-12 March 2019. In Staggs, J & Shenoi, S (eds.). Critical Infrastructure Protection XIII: 13th IFIP WG 11.10 International Conference, ICCIP 2019: Revised Selected Papers, p. 331-328 How to Cite? |
| Abstract | Cyber attacks on industrial control systems are increasing. Malware such as Stuxnet, Havex and BlackEnergy have demonstrated that industrial control systems are attractive targets for attackers. However, industrial control systems are not limited to malware attacks. Other attacks include SQL injection, distributed denial-of-service, spear phishing, social engineering and man-in-the-middle attacks. Additionally, methods such as unauthorized access, brute forcing and insider attacks have also targeted industrial control systems. Accidents such as fires and explosions at industrial plants also provide valuable insights into the targets of attacks, failure methods and potential impacts.
This chapter presents an incident response model for industrial control system forensics based on historical events. In particular, representative industrial control system incidents – cyber attacks and accidents – that have occurred over the past 25 years are categorized and analyzed.The resulting incident response model is useful for forensic planning and investigations. The model enables incident response teams and forensic investigators to decide on the expertise, techniques and tools to be applied to ensure sound evidence acquisition, analysis and reporting. |
| Persistent Identifier | http://hdl.handle.net/10722/289178 |
| ISBN | |
| ISI Accession Number ID | |
| Series/Report no. | IFIP Advances in Information and Communication Technology (IFIPAICT) ; v. 570 |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Yau, KK | - |
| dc.contributor.author | Chow, KP | - |
| dc.contributor.author | Yiu, SM | - |
| dc.date.accessioned | 2020-10-22T08:08:56Z | - |
| dc.date.available | 2020-10-22T08:08:56Z | - |
| dc.date.issued | 2019 | - |
| dc.identifier.citation | International Conference on Critical Infrastructure Protection (ICCIP) 2019, Arlington, VA, USA, 11-12 March 2019. In Staggs, J & Shenoi, S (eds.). Critical Infrastructure Protection XIII: 13th IFIP WG 11.10 International Conference, ICCIP 2019: Revised Selected Papers, p. 331-328 | - |
| dc.identifier.isbn | 978-3-030-34646-1 | - |
| dc.identifier.uri | http://hdl.handle.net/10722/289178 | - |
| dc.description.abstract | Cyber attacks on industrial control systems are increasing. Malware such as Stuxnet, Havex and BlackEnergy have demonstrated that industrial control systems are attractive targets for attackers. However, industrial control systems are not limited to malware attacks. Other attacks include SQL injection, distributed denial-of-service, spear phishing, social engineering and man-in-the-middle attacks. Additionally, methods such as unauthorized access, brute forcing and insider attacks have also targeted industrial control systems. Accidents such as fires and explosions at industrial plants also provide valuable insights into the targets of attacks, failure methods and potential impacts. This chapter presents an incident response model for industrial control system forensics based on historical events. In particular, representative industrial control system incidents – cyber attacks and accidents – that have occurred over the past 25 years are categorized and analyzed.The resulting incident response model is useful for forensic planning and investigations. The model enables incident response teams and forensic investigators to decide on the expertise, techniques and tools to be applied to ensure sound evidence acquisition, analysis and reporting. | - |
| dc.language | eng | - |
| dc.publisher | Springer. | - |
| dc.relation.ispartof | Critical Infrastructure Protection XIII: 13th IFIP WG 11.10 International Conference on Critical Infrastructure Protection | - |
| dc.relation.ispartofseries | IFIP Advances in Information and Communication Technology (IFIPAICT) ; v. 570 | - |
| dc.subject | Industrial control systems | - |
| dc.subject | incident response | - |
| dc.subject | forensics | - |
| dc.title | An Incident Response Model for Industrial Control System Forensics Based on Historical Events | - |
| dc.type | Conference_Paper | - |
| dc.identifier.email | Chow, KP: chow@cs.hku.hk | - |
| dc.identifier.email | Yiu, SM: smyiu@cs.hku.hk | - |
| dc.identifier.authority | Chow, KP=rp00111 | - |
| dc.identifier.authority | Yiu, SM=rp00207 | - |
| dc.identifier.doi | 10.1007/978-3-030-34647-8_16 | - |
| dc.identifier.hkuros | 317131 | - |
| dc.identifier.spage | 331 | - |
| dc.identifier.epage | 328 | - |
| dc.identifier.isi | WOS:000582700000016 | - |
| dc.publisher.place | Cham, Switzerland | - |