Forensic-related Application Security Controls for RHEL in Critical Infrastructure

Abstract

Industrial cyber security is an avid area of research. Incident response and forensic investigations are complex activities. Due to the complexity of critical infrastructures, such as Nuclear Power Plants (NPPs), preparation is vital. Manual approaches still tend to be favored mainly because of (physical) safety assurances. The tasks and actions required and the outcomes to expect need to be documented. Application Security Controls (ASCs) are a good way to document forensic controls for which an extended model is proposed. However, ASCs must be tested further on forensic applicability and there are also considerable alternatives. In terms of possible additional security measures and to apply the gained insights, one exemplary operational Instrumentation & Control (I&C) server system is analyzed in order to derive recommendations.