ONYIEGO, John

Project Title: Supervisory Control and Data Acquisition (SCADA) System Live Memory Acquisition for the Modbus Protocol Forensics. A Case of the Petroleum Depots in Kenya

Abstract: Supervisory Control and Data Acquisition (SCADA) has been at the core of Operational Technology used in industries and process plants to monitor and control critical processes, especially in the energy sector. In petroleum sub-sector, it has been used in monitoring transportation, storage and loading of petroleum products. It is linked to instruments that collect and monitor parameters such as temperature, pressure and product densities. It gives commands to actuators by the use of the application programs installed on the programmable logic controllers. Earlier SCADA systems were isolated from the internet, hence protected from CYBER attacks. Recent trend in SCADA systems is integration to other business systems using Internet technologies such as Ethernet and TCP/IP. However, TCP/IP and web technologies which are predominantly used by IT systems have become increasingly vulnerable to cyberattacks that are experienced by IT systems such as malwares and other attacks.  It is important to conduct vulnerability assessment of SCADA systems with a view to thwart attacks that can exploit such vulnerabilities. Where the vulnerabilities have been exploited, forensic analysis is required so as to know what really happened. This research reviews SCADA systems configuration, vulnerabilities, and attacks scenarios, then presents a prototype SCADA system and forensic tool that can be used on SCADA. The tool reads into the PLC memory and Wireshark has been to capture network communication between the SCADA system and the PLC.