{"title":"A Forensic I/O Recorder for Industrial Control Systems Using PLCs and OPC UA","authors":"Alexios Karagiozidis, M. Gergeleit","doi":"10.1145/3600160.3605059","DOIUrl":null,"url":null,"abstract":"The increasing network connectivity of automation or industrial control systems (ICS) through Industrie 4.0 has led to higher risks of attacks, where remote attackers can compromise industrial devices or networks to maliciously change or inject data, as well as send malicious commands that can damage machines or impair production efficiency. However, evidence gathering for such attacks can be challenging due to the lack of forensic compliant logging capabilities, as well as the high heterogeneity of these devices that makes it difficult to find generalized approaches for collecting evidence or artifacts from an ICS system. Furthermore industrial devices have limited hardware and CPU resources making established IT forensics not applicable to these devices. To address this challenge, we use an industrial device, specifically a Programmable Logic Controller (PLC), as a non intrusive I/O recorder to log I/O changes in a forensically compliant manner. In addition, we use OPC UA to securely transmit the data as well as to allow deployment of the approach to a broader range of devices by establishing a forensic information model or OPC UA server interface.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3605059","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The increasing network connectivity of automation or industrial control systems (ICS) through Industrie 4.0 has led to higher risks of attacks, where remote attackers can compromise industrial devices or networks to maliciously change or inject data, as well as send malicious commands that can damage machines or impair production efficiency. However, evidence gathering for such attacks can be challenging due to the lack of forensic compliant logging capabilities, as well as the high heterogeneity of these devices that makes it difficult to find generalized approaches for collecting evidence or artifacts from an ICS system. Furthermore industrial devices have limited hardware and CPU resources making established IT forensics not applicable to these devices. To address this challenge, we use an industrial device, specifically a Programmable Logic Controller (PLC), as a non intrusive I/O recorder to log I/O changes in a forensically compliant manner. In addition, we use OPC UA to securely transmit the data as well as to allow deployment of the approach to a broader range of devices by establishing a forensic information model or OPC UA server interface.