The safety of industrial control systems has become a field of concern in recent years. The industrial control system is related to the stability of the country's major infrastructure, and its security defense cannot be underestimated.
Differences between industrial control system security and traditional IT system security
Industrial control system security is different from traditional information security. It usually pays more attention to physical security and functional safety. Moreover, the safe operation of the system is the responsibility of the relevant production department. The security protection focuses on system isolation and personnel management, and rarely considers information. Security and network intrusion threats. In the traditional information security field, confidentiality is generally considered to have the highest priority, integrity followed, and lowest availability. When considering the safety of the industrial control system, it is necessary to first consider the availability of the system, followed by the integrity, and finally the confidentiality.
Li Hongpei, a strategist at NSFOCUS Research Institute, believes that because the industrial control system is the core production and operation system of the enterprise, its working environment has strict management, and it is difficult for outsiders to enter. At the same time, the system itself is also connected with the enterprise's office network (ordinary IT). There are certain isolation measures between the systems, and the Internet is also physically isolated. And industrial control systems are mainly based on embedded operating systems (such as VxWorks, uCLinux, WinCE, etc.) and dedicated communication protocols or communication protocols (such as OPC, ModBus, DNP3, etc.) industrial control equipment or systems (PLC, RTU, DCS, SCADA) Etc.) composition.
That is to say, the relative sealing of industrial control systems and the proprietary nature of their system equipment and communication protocols make us have a big difference with traditional IT information systems when considering the safety and coping strategies of industrial control systems. Li Hongpei said.
With the deep integration of informationization and industrialization and the threat of potential cyber warfare, industrial control systems will shift from traditional physical security and functional security to information system security.
Threats and attacks faced by industrial control systems
So, what threats and attacks are currently facing industrial control systems? In recent years, attacks against industrial control systems, whether it is a large-scale cyber warfare or a general cybercrime, can find the shadow of APT attacks. Li Hongpei said.
Li Hongpei further explained that compared with the attack methods against traditional IT systems, the attacks faced by industrial control systems are mostly organized teams for a certain purpose (political, economic, ideological, etc.), using multiple attack methods. Collaborative persistent attacks; because there may be support from interest groups behind it, the attack may use a variety of new attack methods or attack modes based on 0-day vulnerabilities to avoid the protection mechanism of the industrial control system as much as possible.
According to our trend analysis of vulnerabilities, since the 'Seismic Network Virus' incident in 2011, the proportion of high-risk vulnerabilities in the newly disclosed vulnerability database has decreased sharply, and it may be speculated that it is added by snow. High-risk vulnerabilities are most likely to be used as 0-day vulnerabilities in future APT attack tools. Li Hongpei said.
According to the results of the survey conducted by NSFOCUS for typical users in 2013, the specific security threats that users are currently most concerned about are business interruption, violation outreach, illegal operation and system configuration insecurity, and malicious code (trojan, virus, etc.) attacks. For industrial control systems, the business interruption may be due to the failure of the industrial control system (functional safety, reliability issues) or the consequences of intrusion attacks or system violations.
It can be said that the security risks of industrial control are derived from vulnerabilities, personnel, processes, physical security defects, etc., but the core of them are vulnerabilities and personnel; mainly manifested as attacks against industrial control systems/device vulnerabilities, malicious/violation operations of internal and external personnel. behavior.
Research and protection status of industrial control system security
The safety of industrial control systems has emerged frequently as an important topic in many information security-related technology conferences in China. It has become one of the hotspots of research institutes and vendors in the field of industrial control systems and information security. At the same time, the state is gradually increasing its efforts in policy setting, technical standards development, research fund support, and promotion of cooperation within the industry.
At present, the safety standards related to industrial control systems in China are being formulated. Users in important industries such as power, petrochemical, manufacturing, and municipalities have been inspected and rectified under the guidance of the competent national authorities; they emphasize the standardization of personnel management and institutional processes. , system network security and system operation compliance.
However, in this process, support for security products of industrial control systems is still needed. Li Hongpei stressed that this is because traditional information and network security vendors have not paid enough attention to the safety of industrial control systems. At the same time, industrial control system manufacturers pay more attention to the function realization and availability guarantee of industrial control systems, but do not consider the threat of attacks from information networks. Information security vendors and industrial control system manufacturers need to start from their respective fields to study the vulnerability of industrial control systems and communication protocols and the security threats and attack methods they face, and explore the protective measures of industrial control systems.
According to Li Hongpei, the safety protection capability of industrial control systems in most industries is also seriously inadequate: personnel security awareness is not strong, lack of clear safety management system and personnel awareness training; lack of effective system of safety protection system planning and safety risk assessment; lack of System operator's role positioning, authorization process and operating procedures; lack of corresponding operational behavior auditing mechanism; lack of system data backup. With the integration of the two technologies and the improvement of the informationization degree of the industrial control system, the safety of the industrial control system will become more prominent.
Traditional information security vendors still face bottlenecks in the security of industrial control systems
At present, the main protection method for industrial control system security is to adopt a system security protection scheme for security domain isolation and defense in depth. Relevant vendors have introduced products such as industrial control firewalls, security isolation gateways, and industrial control audit systems.
However, due to the large difference between industrial control environment and IT system, personnel involved in industrial safety research, service or product development also need to have knowledge of industrial control system, need to be able to understand the business logic of industrial control system, familiar with industrial control system and various industrial control equipment. Therefore, for traditional information security vendors, there are certain bottlenecks in the face of the security protection of industrial control systems.
Industrial control systems are a relatively unfamiliar research field for traditional information security vendors. Traditional security vendors cannot simply use IT security solutions to deal with industrial security issues. They need to protect objects (industrial control systems) and their The threat, there is in-depth research and understanding. Due to the diversity of the industrial control system, it is difficult to access various systems, equipment and protocols in the industrial control environment by itself, and it is difficult to do industrial control safety. Li Hongpei said.
Similarly, industrial control system manufacturers and users are also faced with the problem of insufficient attack and defense capabilities and experience of information systems. Therefore, as a new and strategic security field, industrial control system security requires countries, industry authorities, industrial control system enterprises (users), industrial control system providers, information security providers and other cross-disciplinary and cross-industry Multi-faceted cooperation.
(Finish)We provide kinds of flower wrapping materials for florists. Flower wrapping paper. Waterproof paper.
Flower Wrapping Paper,Bouquet Wrapping Materials,Bulk Wrapping Paper Rolls,Floral Wrapping Paper
Zenghui Paper Package Industry and Trading Company , https://www.zhpaperpackage.com