Skip to Main content Skip to Navigation
New interface
Conference papers

An Incident Response Model for Industrial Control System Forensics Based on Historical Events

Abstract : Cyber attacks on industrial control systems are increasing. Malware such as Stuxnet, Havex and BlackEnergy have demonstrated that industrial control systems are attractive targets for attackers. However, industrial control systems are not limited to malware attacks. Other attacks include SQL injection, distributed denial-of-service, spear phishing, social engineering and man-in-the-middle attacks. Additionally, methods such as unauthorized access, brute forcing and insider attacks have also targeted industrial control systems. Accidents such as fires and explosions at industrial plants also provide valuable insights into the targets of attacks, failure methods and potential impacts.This chapter presents an incident response model for industrial control system forensics based on historical events. In particular, representative industrial control system incidents – cyber attacks and accidents – that have occurred over the past 25 years are categorized and analyzed.The resulting incident response model is useful for forensic planning and investigations. The model enables incident response teams and forensic investigators to decide on the expertise, techniques and tools to be applied to ensure sound evidence acquisition, analysis and reporting.
Document type :
Conference papers
Complete list of metadata
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, October 4, 2021 - 5:49:13 PM
Last modification on : Wednesday, November 3, 2021 - 7:05:58 AM
Long-term archiving on: : Wednesday, January 5, 2022 - 7:06:13 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Ken Yau, Kam-Pui Chow, Siu-Ming Yiu. An Incident Response Model for Industrial Control System Forensics Based on Historical Events. 13th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2019, Arlington, VA, United States. pp.311-328, ⟨10.1007/978-3-030-34647-8_16⟩. ⟨hal-03364562⟩



Record views


Files downloads