Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems†
Asif Iqbal 
School of Electrical Engineering and Computer Science, KTH Royal Institute of Technology, Stockholm SE-100 44, Sweden
*
Author to whom correspondence should be addressed.
†
This paper is an extension of the paper Iqbal, A., Mahmood, F., & Ekstedt, M. (2018, November), An Experimental Forensic Testbed: Attack-based Digital Forensic Analysis of WAMPAC Applications. Presented at the 11th Mediterranean Conference on Power Generation, Transmission, Distribution, and Energy Conversion (MEDPOWER 2018), Dubrovnik, Croatia, 12–15 November 2018.
Energies 2019, 12(13), 2598; https://doi.org/10.3390/en12132598
Received: 11 May 2019 / Revised: 20 June 2019 / Accepted: 3 July 2019 / Published: 6 July 2019
(This article belongs to the Special Issue Selected Papers from MEDPOWER 2018—the 11th Mediterranean Conference on Power Generation, Transmission, Distribution and Energy Conversion)
In today’s connected world, there is a tendency of connectivity even in the sectors which conventionally have been not so connected in the past, such as power systems substations. Substations have seen considerable digitalization of the grid hence, providing much more available insights than before. This has all been possible due to connectivity, digitalization and automation of the power grids. Interestingly, this also means that anybody can access such critical infrastructures from a remote location and gone are the days of physical barriers. The power of connectivity and control makes it a much more challenging task to protect critical industrial control systems. This capability comes at a price, in this case, increasing the risk of potential cyber threats to substations. With all such potential risks, it is important that they can be traced back and attributed to any potential threats to their roots. It is extremely important for a forensic investigation to get credible evidence of any cyber-attack as required by the Daubert standard. Hence, to be able to identify and capture digital artifacts as a result of different attacks, in this paper, the authors have implemented and improvised a forensic testbed by implementing a sandboxing technique in the context of real time-hardware-in-the-loop setup. Newer experiments have been added by emulating the cyber-attacks on WAMPAC applications, and collecting and analyzing captured artifacts. Further, using sandboxing for the first time in such a setup has proven helpful.
View Full-Text
Keywords:
forensic investigations; forensic evidence substation; wide area monitoring protection and control; phasor measurement units (PMUs); industrial control systems; sandboxing
▼
Show Figures
Graphical abstract
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited
MDPI and ACS Style
Iqbal, A.; Mahmood, F.; Ekstedt, M. Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems. Energies 2019, 12, 2598.
Show more citation formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.
