Today our friends at the European Network and Information Security Agency (ENISA) published a white paper entitled Can We Learn from SCADA Security Incidents?
The paper is about 10-pages long and offers some ideas on how to organize and perform a systematic approach to evaluating Industrial Control System/SCADA incidents. One helpful element of the white paper is Table 1 that shows a roles matrix for incident response and analysis in control systems which was extracted from the US Department of Homeland Security (DHS)/Idaho National Labs document Recommended Practice: Creating Cyber Forensics Plans for Control Systems. (Table 5)
Overall I'd suggest you at least skim through the document and use it when developing ICS/SCADA incident response plans. It will offer some useful guidance for programmatic and organizational approaches to ICS incident analysis. The US DHS document referenced above will give you a more thorough technical perspective for ICS post-event forensics.
Thanks again ENISA! Keep up the good work!
The paper is about 10-pages long and offers some ideas on how to organize and perform a systematic approach to evaluating Industrial Control System/SCADA incidents. One helpful element of the white paper is Table 1 that shows a roles matrix for incident response and analysis in control systems which was extracted from the US Department of Homeland Security (DHS)/Idaho National Labs document Recommended Practice: Creating Cyber Forensics Plans for Control Systems. (Table 5)
Overall I'd suggest you at least skim through the document and use it when developing ICS/SCADA incident response plans. It will offer some useful guidance for programmatic and organizational approaches to ICS incident analysis. The US DHS document referenced above will give you a more thorough technical perspective for ICS post-event forensics.
Thanks again ENISA! Keep up the good work!