Forensics for industrial cyber security investigations

After a hacking incident or other cyber invasion in an industrial environment, is it possible to pick up the trail of the perpetrators? In the IT world such investigations are routine, but what about a plant control system? A new podcast with Mark Fabro, president and chief security scientist for Lofty Perch, discusses these specific possibilities.
By Control Engineering Staff March 1, 2009

After a hacking incident or other cyber invasion in an industrial environment, is it possible to pick up the trail of the perpetrators? In the IT world such investigations are routine, but what about a plant control system?

A new podcast with Mark Fabro, president and chief security scientist for Lofty Perch, discusses these specific possibilities. Fabro is well known in security circles, and has worked extensively with groups such as the U.S. Department of Homeland Security, Idaho National Labs, FBI, SANS Institute, Royal Canadian Mounted Police, and is a regular presenter at cyber security events.

This podcast covers:

  • What is possible with investigations;

  • How industrial environments differ from typical IT;

  • What can help or impede gathering evidence;

  • Live vs. dead system investigations;

  • Why field devices are often little help;

  • How forensics fits into a comprehensive cyber security program; and

  • Many more considerations for system operators.

To listen to this podcast, go to www.controleng.com , click on the “Podcast” tab on the multimedia box at the right hand side of the home page, select “View all Podcasts” (if this podcast does not appear on the resulting screen), then scroll to “Industrial Networks & Security” and select “View Podcast Series” to access “Cybersecurity Forensics.”