Programmable logic controllers (PLCs) automate the monitoring of infrastructure processes. Due to the convergence of network infrastructures, PLCs may be exposed to cyber attacks with serious consequences.
This article introduces the dynamics with which such attacks are analyzed and resolved.
In recent decades, industrial control systems (ICS) have been closely integrated with commercial software and hardware; the consequence of all this, however, is the strong IT vulnerability that can provide several aggressions.
Such attacks can disrupt the normal control of a physical process, causing severe discomfort; therefore a forensic investigation turns out to be crucial to answer questions such as:
Who are responsible for the attack?
How did it come about?
Is the attack still active or can it be repeated?
Another problem with PLCs may be planning errors resulting in accidents at work, machine blocks and production blocks; therefore, even in these cases, PLC analysis may be necessary in order to solve these problems.
In order to answer these questions entrusted to who for years work in the forensic world; our CTP is in fact able to carry out activities of analysis of the PLC, carrying out a forensic acquisition of the data, following of course the norms previewed from the Computer forensics.
After the acquisition activity, our technician will proceed to analyze how the external attack or the bad programming happened.