| SCADA (Supervisory Control and Data Acquisition) control systems are widely used to control critical processes in various economically and safety critical commercial industries. SCADA control systems are often vulnerable to attacks due to previous industry reliance on security by obscurity to protect control systems. There is a need for an architecture which can log the communications traffic in the SCADA networks. In this work a forensic network traffic data logger retrofit solution for MODBUS and DNP3 network appliances is presented. The data logger uses a bump-in-wire configuration to capture the network transactions, timestamp, cryptographically sign, encrypt and store the network transactions. The data logger is developed to run on embedded and virtual machine platforms. Thus, a retrofit forensic network traffic data logger logs the network traffic in a SCADA control system efficiently without affecting the normal functionality of the control system and the logger data supports post incident forensics analysis. |
