[SCADASEC] SCADA, control systems and forensics
Bob Radvanovsky
rsradvan at unixworks.net
Thu Feb 7 14:01:29 CST 2008
One of the issues that I have raised within the 'CIP' community has been *how* to identify threats (and their attempts) post-facto; meaning, how do I perform a forensics analysis on something that is, for sake of better terms, 'dumber than a door knob'? It's one thing to conduct post-facto forensics best practices on a server, or within an IT environment, but this isn't 'IT'. Older protocols don't include date and/or time stamps within the communications packets, and often times, comm packets are terse (if that). So...how do *we*, as SCADA professionals define and establish methods for performing post-facto forensics analysis and management of a given control system environment?
I'd like to get some feedback from the list. The entire premise here is to encourage discussion. OK -- here's your opportunity... ;)
-rad
P.S. This message will self-destruct in 5 seconds...
More information about the scadasec
mailing list