New podcast: Forensics for industrial cyber security investigations
How do cyber investigators handle a virtual crime scene? Listen in to learn how to find out who did what.
After a hacking incident or other cyber invasion in an industrial environment, is it possible to pick up the trail of the perpetrators? In the IT world such investigations are routine, but what about a plant control system?
A new podcast with Mark Fabro, president and chief security scientist for Lofty Perch , discusses these specific possibilities. Fabro is well known in security circles, and has worked extensively with groups such as the U.S. Department of Homeland Security, Idaho National Labs, FBI, SANS Institute, Royal Canadian Mounted Police, and is a regular presenter at cyber security events.
Fabro is co-author of " Recommended Practice: Creating Cyber Forensics Plans for Control Systems ," with Eric Cornelius of Idaho National Labs, published in August, 2008. This is available from the DHS National Cyber Security Division, Control Systems Security Program.
His discussion with Control Engineering editor Peter Welander considers a range of related topics:
What is possible with investigations;
How industrial environments differ from typical IT;
What can help or impede gathering evidence;
Live vs. dead system investigations;
Why field devices are often little help;
How forensics fits into a comprehensive cyber security program; and
Many more considerations for system operators.
In some very serious situations where a full criminal investigation is involved, Fabro describes the possibility that investigators with search warrants could come into your control room and want to “bag and tag” parts of your control system, even if that means shutting down operations.
—Peter Welander, process industries editor, PWelander@cfemedia.com ,
Control Engineering Process & Advanced Control Monthly
Register here and scroll down to select your choice of free eNewsletters .