|
Feras Shahbi
|
Year 4 Student – 2020 Intake – Cohort 2 With a master’s degree, professional certificates like CehV10 and ISO27001 lead implementer and almost three-year experience spanning technical and managerial roles in cyber security, I am now interested in utilizing threat intelligence tools to develop techniques and carry out necessary actions to proactively protect systems and data from compromise. With practical understanding of the Cyber Kill Chain, I am interested in developing a mindset that uses digital forensics, artefacts and IoCs to hunt cyber threats at the very early stages of the infection in industrial control systems. Studying in-depth Operators’ behaviour under hostile circumstances is also a great interest of mine. |
| PhD Project |
Digital Forensic Readiness for Hyper-Connected Critical Infrastructure A city plunged into darkness due to a disrupted electric supply, production lines and nuclear centrifuges shut down, water supplies to a town attempted to be poisoned and the largest fuel pipeline in the US was taken down by a ransomware – these catastrophic cyberattacks could cripple critical national infrastructures (CNI) on which the core of everyday life in our modern societies heavily relies. Such incidents which aim to disrupt the control of physical processes and cause an economic, geopolitical, or environmental lasting damage and/or loss of life, have and will continue to occur against industrial control systems (ICS), also referred to as Supervisory Control and Data Acquisition (SCADA) systems. The ascent of sophisticated and state-sponsored attacks such as Stuxnet and Triton against core components like Programmable Logic Controllers PLCs, along with the lack of forensically sound tools, approaches and techniques have motivated this PhD to examine the applicability and transferability of traditional digital forensics tools and capabilities to the realm of cyber physical systems within critical national infrastructures. With major challenges forensic investigators are facing in SCADA forensic investigations such as limited computing/storage resources in ICS devices , vendor-specific proprietary firmware, opacity of ICS protocol specifications, lack of memory acquisition tools and insufficient logging capabilities, a new and experimentally validated ICS forensic readiness architecture to establish a forensic capability before an incident while maintaining the safety-critical properties represent the core objective of my PhD. Supervisors: Professor Awais Rashid (Bristol) and Dr Sridhar Adepu (Bristol) |
| PhD Poster |
