PDF(1174 KB)
PDF(1174 KB)
PDF(1174 KB)
工业控制设备安全测试技术
Security evaluation for industrial control devices
工业控制设备(ICDs)广泛应用于石油化工、电力水利、轨道交通等国家关键基础设施领域,其正常运行直接关系到工业生产安全、经济安全甚至是国家安全。该文总结了现有工业控制设备普遍存在的共性安全问题,分析了其存在的根源。在此基础上从信息空间和物理空间这2方面分析了网络攻击带来的危害影响,最后总结了工业控制设备安全测试的标准规范、测评认证与面临的问题和挑战。
Industrial control devices (ICDs) are widely used in many industrial facilities such as petrochemical factories, power generation plants, water treatment plants, and transportation systems. The cyber security of such devices directly affects industrial production, which affects our economic security as well as our national security. This paper describes common cyber security issues in these devices and the root causes of these issues. The effects of cyber attacks are also analyzed for attacks from the information space and the physical space connected to the ICDs. Finally, security evaluation techniques are given including standards, evaluation methods and certifications along with future research challenges.
工业控制设备(ICDs) / 共性安全问题 / 信息空间 / 物理空间 / 安全测试
industrial control devices (ICDs) / controller security issues / information space / physical space / security evaluation
| [1] | Luders S. Stuxnet and the impact on accelerator control systems [C]// Proceedings of the 13th Conference on Accelerator and Large Experimental Physics Control Systems. Geneva, Switzerland: JACoW, 2011: 1285-1288. |
| [2] | Kube N, Yoo K, Hoffman D. Automated testing of industrial control devices: The Delphi database [C]// Proceedings of 6th IEEE/ACM International Workshop on Automation of Software Test. New York, USA: Association for Computing Machinery Press, 2011: 71-76. |
| [3] | 彭勇, 江常青, 谢丰, 等. 工业控制系统信息安全研究进展 [J]. 清华大学学报: 自然科学版, 2012, 52(10): 1396-1408. PENG Yong, JIANG Changqing, XIE Feng. Industrial control system cyber security research[J]. Journal of Tsinghua University: Science & Technology, 2012, 52(10): 1396-1408. |
| [4] | IEC62443. Security for Industrial Automation and Control Systems[S]. Geneva, Switzerland: International Electrotechnical Commission, 2010. |
| [5] | ICS-CERT. Control system internet accessibility [Z/OL]. (2012-11-20), http://www.cs.unh.edu/~it666/reading_list/ Physical/cert_scada_shodan_alert.pdf. |
| [6] | Florian S, MA Zhengdong, Thomas B, et al.A survey on threats and vulnerabilities in smart metering infrastructures[J]. International Journal of Smart Grid and Clean Energy, 2012, 1(1): 22-28. |
| [7] | Sifferlin A. Wireless medical devices vulnerable to hacking [Z/OL]. (2013-04-22), http://www.toppatch.com/wp-content/uploads/2012/04/2012_Wireless-Medical-Devices-Vulnerable-to-Hacking-_-TIME.pdf. |
| [8] | Radcliffe J. Hacking medical devices for fun and insulin: Breaking the human SCADA system [Z/OL]. (2013-04-30), http://cs.uno.edu/~dbilar/BH-US-2011/materials/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_WP.pdf. |
| [9] | National Institute of Standards and Technology. Guide to Industrial Control Systems (ICS) Security[M]. Gaithersburg, USA: NIST, 2011. |
| [10] | 王中杰, 谢璐璐. 信息物理融合系统研究综述[J]. 自动化学报, 2011, 37(10): 1157-1166. WANG Zhongjie, XIE lulu. Cyber-physical systems: A survey[J]. Acta Automatica Sinica, 2011, 37(10): 1157-1166. |
| [11] | Rajkumar R, Lee I, Lui S, et al.Cyber-physical systems: The next computing revolution [C]// Proceedings of 47th Conference on Design Automation Conference. Piscataway, USA: IEEE Press, 2010: 731-736. |
| [12] | ANSI/ISA 99. Security forIndustrial Automation and Control Systems[S]. Research Triangle Park, USA: the International Society of Automation, 2007. |
| [13] | International Instrument User's Association. Process control domain-security requirements for vendors [Z/OL]. (2013-05-22), http://osgug.ucaiug.org/conformity/security/Shared%20Documents/WIB%20M2784%20PCS%20Vendor Security%20v2.pdf. |
| [14] | 吴世忠. 信息安全测评认证的十年求索[J]. 信息安全与保密通信, 2007, 1(6): 5-8. WU Shizhong. Decade research of testing, evaluation and certification of information security[J]. Information Security and Communications Privacy, 2007, 1(6): 5-8. |
| [15] | 冯登国. 信息安全测评理论与技术专辑前言[J]. 计算机学报, 2009, 32(4): 1-4. FENG Dengguo. The foreword of information security evaluation theory and techniques[J]. Chinese Journal of Computers, 2009, 32(4): 1-4. |
| [16] | ISA Security Compliance Institute. ISA secure embedded device security assurance certification [Z/OL]. (2013-05-11), http://www.isa.org/filestore/asci/isci/ISCI%20ISASecure%20ECSA%20Certification%20brochure.pdf. |
| [17] | Wurldtech Security Inc. Achilles practices certification [Z/OL]. (2013-03-15), http://www.wurldtech.com/product_services/certify_educate/achilles_practices_certification/. |
/
| 〈 |
|
〉 |
