《電子技術(shù)應(yīng)用》
您所在的位置:首頁(yè) > 通信與網(wǎng)絡(luò) > 設(shè)計(jì)應(yīng)用 > 工業(yè)控制系統(tǒng)安全防護(hù)體系研究
工業(yè)控制系統(tǒng)安全防護(hù)體系研究
2021年電子技術(shù)應(yīng)用第1期
趙悅琪1,2,趙德政2,林 浩2,霍玉鮮2,張 菡1,2,加舒娟1
1.華北計(jì)算機(jī)系統(tǒng)工程研究所,北京100083;2.中電智能科技有限公司,北京102209
摘要: 工業(yè)控制系統(tǒng)(簡(jiǎn)稱工控系統(tǒng))廣泛應(yīng)用于水力、電力、石油、交通、軍工等各個(gè)行業(yè),其安全性和穩(wěn)定性關(guān)系著國(guó)家關(guān)鍵基礎(chǔ)設(shè)置的正常運(yùn)行。隨著工控行業(yè)數(shù)字化生產(chǎn)、智能制造的推進(jìn),工控系統(tǒng)面臨著嚴(yán)重的安全威脅。通過分析典型的攻擊方式和現(xiàn)有防護(hù)措施的弱點(diǎn),提出和設(shè)計(jì)一套縱深的工控系統(tǒng)安全防護(hù)體系,并從物理安全、數(shù)據(jù)安全、網(wǎng)絡(luò)安全、主機(jī)與應(yīng)用安全、控制安全五個(gè)方面分別闡述其技術(shù)重點(diǎn),在可信平臺(tái)的基礎(chǔ)之上構(gòu)建安全綜合防護(hù)平臺(tái),形成了一套自適應(yīng)的、閉環(huán)的、可進(jìn)行自我防御與恢復(fù)的安全模型與機(jī)制,立體地維護(hù)了工控系統(tǒng)的安全,有利于工控系統(tǒng)的安全穩(wěn)定運(yùn)行。
中圖分類號(hào): TP309
文獻(xiàn)標(biāo)識(shí)碼: A
DOI:10.16157/j.issn.0258-7998.200218
中文引用格式: 趙悅琪,趙德政,林浩,等. 工業(yè)控制系統(tǒng)安全防護(hù)體系研究[J].電子技術(shù)應(yīng)用,2021,47(1):69-72,77.
英文引用格式: Zhao Yueqi,Zhao Dezheng,Lin Hao,et al. Research on security protection system of industrial control system[J]. Application of Electronic Technique,2021,47(1):69-72,77.
Research on security protection system of industrial control system
Zhao Yueqi1,2,Zhao Dezheng2,Lin Hao2,Huo Yuxian2,Zhang Han1,2,Jia Shujuan1
1.National Computer System Engineering Research Institute of China,Beijing 100083,China; 2.Intelligence Technology of CEC Co.,Ltd.,Beijing 100083,China
Abstract: Industrial control system(ICS) is widely used in water treatment, power, oil, transportation, military industry and other industries. The safety and stability are related to the normal operation of key national infrastructures. ICS are facing with serious security threats with the advancement of digital production and intelligent manufacturing. This paper proposes and designs a set of in-depth ICS security protection system by discussing the typical attack methods and the weaknesses of existing protection measures,and elaborates its technical focus from five aspects: physical security, data security, network security, host and application security, and control security. And then a comprehensive security protection platform is built on the basis of a trusted platform, forming a set of adaptive, closed-loop, security models and mechanisms that can self-defense and recover, maintain the safety of the ICS in three dimensions.It is helpful for security and stability operation of ICS.
Key words : ICS;safety;protection;trusted platform

0 引言

    工業(yè)控制系統(tǒng)(以下簡(jiǎn)稱工控系統(tǒng))是一種借助物理組件、邏輯和網(wǎng)絡(luò)來(lái)管理自動(dòng)化過程,以及對(duì)事件進(jìn)行控制和監(jiān)視的業(yè)務(wù)流程管控系統(tǒng),主要包括監(jiān)控和數(shù)據(jù)采集(SCADA)系統(tǒng)、分布式控制系統(tǒng)(DCS)和可編程邏輯控制器(PLC)等,通常用在水力、電力、石油、交通、軍工等行業(yè)。工業(yè)控制系統(tǒng)的安全性和穩(wěn)定性關(guān)系著國(guó)家關(guān)鍵基礎(chǔ)設(shè)施的正常運(yùn)行。

    近年來(lái),隨著工控行業(yè)數(shù)字化生產(chǎn)和智能制造的推進(jìn),工控系統(tǒng)正逐步向開放和互聯(lián)的方向發(fā)展,并不斷地滲透?jìng)鹘y(tǒng)網(wǎng)絡(luò)通信領(lǐng)域的互聯(lián)理念,系統(tǒng)不再有從前的“物理隔離”假設(shè),面臨更加嚴(yán)重和復(fù)雜的安全威脅,安全事件與日俱增,嚴(yán)重影響著我國(guó)諸多行業(yè)的安全與穩(wěn)定[1]。然而我國(guó)的工控安全防護(hù)工作還處于起步階段,缺乏自我保護(hù)能力,因此做好工控系統(tǒng)的安全防護(hù)是現(xiàn)階段的重中之重[2]。本文通過討論工控系統(tǒng)所面臨的安全威脅,結(jié)合典型的攻擊方式,針對(duì)現(xiàn)有防護(hù)措施的弱點(diǎn),提出和設(shè)計(jì)一套縱深的工控系統(tǒng)安全防護(hù)體系,詳細(xì)介紹涉及的安全防護(hù)技術(shù),為工控系統(tǒng)的安全穩(wěn)定運(yùn)行給出良好的解決方案。




本文詳細(xì)內(nèi)容請(qǐng)下載:http://ihrv.cn/resource/share/2000003323




作者信息:

趙悅琪1,2,趙德政2,林  浩2,霍玉鮮2,張  菡1,2,加舒娟1

(1.華北計(jì)算機(jī)系統(tǒng)工程研究所,北京100083;2.中電智能科技有限公司,北京102209)

此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。