Next Article in Journal
Thermal Decomposition of a Single AdBlue® Droplet Including Wall–Film Formation in Turbulent Cross-Flow in an SCR System
Previous Article in Journal
Parametrization of a Modified Friedman Kinetic Method to Assess Vine Wood Pyrolysis Using Thermogravimetric Analysis
Previous Article in Special Issue
Evolutionary Multi-Objective Cost and Privacy Driven Load Morphing in Smart Electricity Grid Partition
Open AccessArticle

Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems

School of Electrical Engineering and Computer Science, KTH Royal Institute of Technology, Stockholm SE-100 44, Sweden
*
Author to whom correspondence should be addressed.
This paper is an extension of the paper Iqbal, A., Mahmood, F., & Ekstedt, M. (2018, November), An Experimental Forensic Testbed: Attack-based Digital Forensic Analysis of WAMPAC Applications. Presented at the 11th Mediterranean Conference on Power Generation, Transmission, Distribution, and Energy Conversion (MEDPOWER 2018), Dubrovnik, Croatia, 12–15 November 2018.
Energies 2019, 12(13), 2598; https://doi.org/10.3390/en12132598
Received: 11 May 2019 / Revised: 20 June 2019 / Accepted: 3 July 2019 / Published: 6 July 2019
In today’s connected world, there is a tendency of connectivity even in the sectors which conventionally have been not so connected in the past, such as power systems substations. Substations have seen considerable digitalization of the grid hence, providing much more available insights than before. This has all been possible due to connectivity, digitalization and automation of the power grids. Interestingly, this also means that anybody can access such critical infrastructures from a remote location and gone are the days of physical barriers. The power of connectivity and control makes it a much more challenging task to protect critical industrial control systems. This capability comes at a price, in this case, increasing the risk of potential cyber threats to substations. With all such potential risks, it is important that they can be traced back and attributed to any potential threats to their roots. It is extremely important for a forensic investigation to get credible evidence of any cyber-attack as required by the Daubert standard. Hence, to be able to identify and capture digital artifacts as a result of different attacks, in this paper, the authors have implemented and improvised a forensic testbed by implementing a sandboxing technique in the context of real time-hardware-in-the-loop setup. Newer experiments have been added by emulating the cyber-attacks on WAMPAC applications, and collecting and analyzing captured artifacts. Further, using sandboxing for the first time in such a setup has proven helpful. View Full-Text
Keywords: forensic investigations; forensic evidence substation; wide area monitoring protection and control; phasor measurement units (PMUs); industrial control systems; sandboxing forensic investigations; forensic evidence substation; wide area monitoring protection and control; phasor measurement units (PMUs); industrial control systems; sandboxing
Show Figures

Graphical abstract

MDPI and ACS Style

Iqbal, A.; Mahmood, F.; Ekstedt, M. Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems. Energies 2019, 12, 2598.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop