Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems
KTH, School of Electrical Engineering and Computer Science (EECS), Network and Systems Engineering.
KTH, School of Electrical Engineering and Computer Science (EECS), Electric Power and Energy Systems.ORCID iD: 0000-0003-3488-533X
KTH, School of Electrical Engineering and Computer Science (EECS), Network and Systems Engineering.ORCID iD: 0000-0003-3922-9606
2019 (English)In: Energies, ISSN 1996-1073, E-ISSN 1996-1073, Vol. 12, no 13, article id 2598Article in journal (Refereed) Published
Abstract [en]

In today's connected world, there is a tendency of connectivity even in the sectors which conventionally have been not so connected in the past, such as power systems substations. Substations have seen considerable digitalization of the grid hence, providing much more available insights than before. This has all been possible due to connectivity, digitalization and automation of the power grids. Interestingly, this also means that anybody can access such critical infrastructures from a remote location and gone are the days of physical barriers. The power of connectivity and control makes it a much more challenging task to protect critical industrial control systems. This capability comes at a price, in this case, increasing the risk of potential cyber threats to substations. With all such potential risks, it is important that they can be traced back and attributed to any potential threats to their roots. It is extremely important for a forensic investigation to get credible evidence of any cyber-attack as required by the Daubert standard. Hence, to be able to identify and capture digital artifacts as a result of different attacks, in this paper, the authors have implemented and improvised a forensic testbed by implementing a sandboxing technique in the context of real time-hardware-in-the-loop setup. Newer experiments have been added by emulating the cyber-attacks on WAMPAC applications, and collecting and analyzing captured artifacts. Further, using sandboxing for the first time in such a setup has proven helpful.

Place, publisher, year, edition, pages
MDPI, 2019. Vol. 12, no 13, article id 2598
Keywords [en]
forensic investigations; forensic evidence substation; wide area monitoring protection and control; phasor measurement units (PMUs); industrial control systems; sandboxing
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Electrical Engineering; Industrial Information and Control Systems
Identifiers
URN: urn:nbn:se:kth:diva-254917DOI: 10.3390/en12132598ISI: 000477034700136Scopus ID: 2-s2.0-85068759897OAI: oai:DiVA.org:kth-254917DiVA, id: diva2:1336084
Funder
Swedish Civil Contingencies Agency
Note

QC 20190710

Available from: 2019-07-09 Created: 2019-07-09 Last updated: 2019-08-12Bibliographically approved

Open Access in DiVA

2019-Energies Journal-Digital Forensic Analysis of Industrial Control Systems(4504 kB)46 downloads
File information
File name FULLTEXT01.pdfFile size 4504 kBChecksum SHA-512
84e463d781fd982b76e3cadae2e7ca97e2db61993b5e900faecd64c11034ddb4a0beb680a67481b52627e798caac813da1c5fc59a83b2e810d9a9f5ce0355a97
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Search in DiVA

By author/editor
Iqbal, AsifMahmood, FarhanEkstedt, Mathias
By organisation
Network and Systems EngineeringElectric Power and Energy Systems
In the same journal
Energies
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 46 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 184 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf