Control systems/SCADA forensics,what's the difference?

Immature IT security, increasing network connectivity and unwavering media attention is causing an increase in the number of control system cyber security incidents. For forensic examinations in these environments, knowledge and skills are needed in the field of hardware, networks and data analysis. For forensic examiners, this paper is meant to be a crash course on control systems and their forensic opportunities, focussing on the differences compared to regular IT systems. Assistance from experienced field engineers during forensic acquisition of control systems seems inevitable in order to guarantee process safety, business continuity and examination efficiency. For people working in the control system community, this paper may be helpful to get an idea about specific forensic issues about which they would normally not bother, but may be crucial as soon as their systems are under attack or become part of a law enforcement investigation. For analysis of acquired data, existing tools for network security monitoring have useful functionality for forensic applications but are designed for real-time acquisition and often not directly usable for post-mortem analysis of acquired data in a forensically sound way. The constant and predictable way in which control systems normally behave makes forensic application of anomaly-based threat detection an interesting topic for further research.     

Avoiding the internet of insecure industrial things

Security incidents such as targeted distributed denial of service (DDoS) attacks on power grids and hacking of factory industrial control systems (ICS) are on the increase. This paper unpacks where emerging security risks lie for the industrial internet of things, drawing on both technical and regulatory perspectives. Legal changes are being ushered by the European Union (EU) Network and Information Security (NIS) Directive 2016 and the General Data Protection Regulation 2016 (GDPR) (both to be enforced from May 2018). We use the case study of the emergent smart energy supply chain to frame, scope out and consolidate the breadth of security concerns at play, and the regulatory responses. We argue the industrial IoT brings four security concerns to the fore, namely: appreciating the shift from offline to online infrastructure; managing temporal dimensions of security; addressing the implementation gap for best practice; and engaging with infrastructural complexity. Our goal is to surface risks and foster dialogue to avoid the emergence of an Internet of Insecure Industrial Things.