Navy Contracts IAI to Develop a Digital Forensic Toolkit for Machinery Control Systems

Digital forensics is a vital part of the cyber-protection strategy for machine control systems, to aid identification and troubleshooting of system malfunctions due to malicious and non-malicious events. Shipboard machinery control systems utilize Supervisory Control and Data Acquisition (SCADA) based systems for monitoring and control. Components of a SCADA system are often resource constrained, and SCADA-based systems need to be continuously operational, making live forensic solutions where data acquisition and analysis are performed at run time. However, there is still no comprehensive software design and implementation to systemically address live forensic issues on a SCADA system while minimizing risk to the system’s services. To address this critical need, IAI and collaborators will develop the Digital Forensic Tool Kit for Machinery Control Systems (TRACE), a live digital forensics tool kit that, at run time, provides a cyber-protection strategy and identifies malfunctions while ensuring minimal impact on overall system performance. The key innovation of TRACE is to deploy data collection agents within the SCADA network to provide real-time inputs and then use this information, combined with system and network-specific knowledge, for cross-domain data forensic analysis. The built-in data collection agents and live forensic analysis engine provide a run-time cyber-protection for SCADA systems and aid the identification of malfunctions. TRACE can be directly applied to the cyber security of government control systems. Commercial applications for TRACE include manufacturing, food and energy production, oil and mineral processing facility machinery and engine control systems, and in electric, energy and water utilities security.