Network forensics lessons for industrial control systems
Loading...
Authors
Nguyen, Thuy D.
Subjects
Industrial control system
network forensics
Ethernet/Industrial Protocol (EtherNet/IP)
Common Industrial Protocol (CIP)
cybersecurity education
network forensics
Ethernet/Industrial Protocol (EtherNet/IP)
Common Industrial Protocol (CIP)
cybersecurity education
Advisors
Date of Issue
2016-12-08
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Network security monitoring is an important element in incident response and forensics investigation. Most forensic investigators are trained to recognize abusive network behavior in conventional information systems, but they may not have the technical skills to detect anomalous traffic patterns in industrial control systems that manage critical infrastructure services. We have developed and laboratory-tested hands-on teaching material to introduce students to forensics investigation of intrusions on an industrial network. Rather than using prototypes of ICS components, our approach utilizes commercial industrial products to provide students a more realistic simulation of an ICS network. The lessons cover four different types of attacks and the corresponding post-incident network data analysis. This report describes the initial development of these network forensics lessons.
Type
Technical Report
Description
Series/Report No
Department
Identifiers
NPS Report Number
NPS-CS-16-004
Sponsors
National Science Foundation
Funder
DUE-1140938
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.