Digital Forensic Readiness for Hyper-Connected Critical Infrastructure

A city plunged into darkness due to a disrupted electric supply, production lines and nuclear centrifuges shut down, water supplies to a town attempted to be poisoned and the largest fuel pipeline in the US was taken down by a ransomware - these catastrophic cyberattacks could cripple critical national infrastructures (CNI) on which the core of everyday life in our modern societies heavily relies. Such incidents which aim to disrupt the control of physical processes and cause an economic, geopolitical, or environmental lasting damage and/or loss of life, have and will continue to occur against industrial control systems (ICS), also referred to as Supervisory Control and Data Acquisition (SCADA) systems.

The ascent of sophisticated and state-sponsored attacks such as Stuxnet and Triton against core components like Programmable Logic Controllers PLCs, along with the lack of forensically sound tools, approaches and techniques have motivated this PhD to examine the applicability and transferability of traditional digital forensics tools and capabilities to the realm of cyber physical systems within critical national infrastructures. With major challenges forensic investigators are facing in SCADA forensic investigations such as limited computing/storage resources in ICS devices , vendor-specific proprietary firmware, opacity of ICS protocol specifications, lack of memory acquisition tools and insufficient logging capabilities, a new and experimentally validated ICS forensic readiness architecture to establish a forensic capability before an incident while maintaining the safety-critical properties represent the core objective of my PhD.

Who will benefit?

The inter-disciplinary doctoral graduates trained within the CDT will play a key role in addressing the acute shortage of highly skilled workers in this area, hence meeting industry and government needs. The research they will conduct in the CDT and their future work will strongly impact industry, government, academia and society. Industrial applications cover those involving large-scale, socio-technical infrastructures where resilience-at-scale is a fundamental need, such as, intelligent transportation, finance, digital healthcare, energy generation & distribution and advanced manufacturing. The globally unique capacity focusing on TIPS-at-Scale will position the UK as a world-leader, offering major economic benefits by ensuring that the UK is a safe place in which to do business, and social benefits in terms of security and privacy of the individual.

More specifically, the CDT's research and training programme will provide graduates with capabilities to address socio-technical challenges of TIPS-at-Scale, including understanding of user and adversarial behaviours. This is of major importance to digital infrastructure providers, government agencies and law enforcement agencies. This is in addition to the wider business and health sectors where the protection of data and the physical processes controlled by large-scale infrastructure is vital. Research on resilience in partially-trusted environments will lead to new architectures and new technologies to significantly enhance integrity and resilience, including new authentication methods and trust models. Research on empirically-grounded assurances for TIPS will break new ground by providing new interdisciplinary techniques and design principles to underpin infrastructures of the future. Last, but by no means least, by embedding Responsible Innovation into the programme throughout, the CDT ensures that TIPS-at-Scale approaches take a values-based view that considers TIPS across the full lifecycle of digital infrastructures: from conception to design, implementation and deployment through to maintenance, evolution and decommissioning. Such a Responsible Innovation approach will benefit society-at-large.

How will they benefit?

There is a critical need within the UK for a new breed of researchers and future leaders, equipped with a breadth of interdisciplinary skills to tackle TIPS issues at play in future infrastructures and a depth of knowledge, drawing upon interdisciplinary skills, to develop novel and innovative solutions to address TIPS-at-Scale. The CDT will produce a pipeline of such researchers and leaders trained to PhD level. It will build on very strong existing links with organisations such as Vodafone, Google, HP, Airbus , Thales, Symantec, IBM, Babcock, NCC Group, Altran, Wessex Water, Cybernetica and Embecosm, all of which have contributed to co-creation of the CDT and are committed to close engagement with it. Both universities will use their business development teams to further engage with these and other relevant organisations. Major opportunities for generating economic and societal benefits exist with the planned Temple Quarter Enterprise Campus of University of Bristol (due to open in 2021) - with a focus on co-creation of a suite of PG training programmes with industry - and the Bath Innovation Centre. The CDT will also leverage the various impact channels of the three EPSRC-NCSC Research Institutes, the PETRAS Hub and the CREST Centre in which the two Universities play a major role. Both universities already have research and PhD studentships directly funded by industry and agencies such as DSTL, NCSC and GCHQ as well as iCASE awards hence close relationships already exist to maximise impact. The CDT will also organise public debates and social media campaigns to encourage public participation and shaping of TIPS-at-scale discussions and solutions.