《中国工程科学》 >> 2023年 第25卷 第6期 doi: 10.15302/J-SSCAE-2023.06.008
工业控制系统安全防护技术发展研究
广州大学网络空间安全学院,广州 510006
下一篇 上一篇
摘要
工业控制系统逐渐由封闭隔离走向开放互联,工业控制系统的安全问题进一步凸显;针对工业控制系统的网络威胁呈现出高隐蔽、强对抗、跨域等特点,一旦遭受网络攻击将直接影响工业生产,因而工业控制系统网络安全防护技术备受关注。本文聚焦工业控制系统安全防护问题,分析了工业控制系统安全防护的特殊性及面临的挑战,总结了工业控制系统的主要攻击技术,梳理了以边界防护、纵深防护为代表的“自卫模式”安全防护体系的发展现状。针对工业控制系统面临的安全挑战,从自主可控安全和新型工业控制安全防护体系两个方面提出了今后的重点任务和关键技术攻关路径,即建立自主可控的工业控制系统安全生态和基于“限制器”的底线确保防护机制、探索“自卫模式+护卫模式”的工业控制系统安全防护体系,以为工业控制系统安全防护研究和应用提供参考。
参考文献
[ 1 ] Stojanović B, Hofer-Schmitz K, Kleb U. APT datasets and attack modeling for automated detection methods: A review [J]. Computers & Security, 2020, 92: 101734.
[ 2 ]
马力, 陈广勇, 张振峰, 等. 信息安全技术 网络安全等级保护基本要求: GB/T 22239—2019 [S]. 北京: 中国标准出版社, 2019.
Ma L, Chen G Y, Zhang Z F, et al. Information security technology—Baseline for classified protection of cybersecurity: GB/T 22239—2019 [S]. Beijing: Standard Press of China, 2019.
[ 3 ] Williams T J. A reference model for computer integrated manufacturing from the viewpoint of industrial automation [J]. IFAC Proceedings Volumes, 1990, 23(8): 281‒291.
[ 4 ] International Electrotechnical Commission, International Electrotechnical Commission. IEC 62264-1 enterprise-control system integration—Part 1: Models and terminology [EB/OL]. (2013-05-30)[2023-06-20]. https://www.iso.org/standard/57308.html.
[ 5 ]
智研咨询. 2021—2027年中国工业控制系统产业发展动态及投资决策建议报告 [R]. 北京: 智研咨询, 2021.
Zhiyan Kexin Consulting. Report on the development dynamics and investment decision suggestions of China´s industrial control system industry from 2021 to 2027 [R]. Beijing: Zhiyan Kexin Consulting, 2021.
[ 6 ]
杨婷, 张嘉元, 黄在起, 等. 工业控制系统安全综述 [J]. 计算机研究与发展, 2022, 59(5): 1035‒1053.
Yang T, Zhang J Y, Huang Z Q, et al. Survey of industrial control systems security [J]. Journal of Computer Research and Development, 2022, 59(5): 1035‒1053.
[ 7 ] Falliere N, Murchu L O, Chien E. W32. stuxnet dossier [EB/OL]. (2011-02-20)[2023-06-20]. https://docs.broadcom.com/doc/security-response-w32-stuxnet-dossier-11-en.
[ 8 ] Lee R M, Assante M J, Conway T. Analysis of the cyber attack on the Ukrainian power grid [EB/OL]. (2016-03-18)[2023-06-20]. https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/03/Documents_E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf.
[ 9 ] Di Pinto A, Dragoni Y, Carcano A. TRITON: The first ICS cyber attack on safety instrument systems [EB/OL]. [2023-06-20]. https://i.blackhat.com/us-18/Wed-August-8/us-18-Carcano-TRITON-How-It-Disrupted-Safety-Systems-And-Changed-The-Threat-Landscape-Of-Industrial-Control-Systems-Forever-wp.pdf.
[10]
黄涛, 付安民, 季宇凯, 等. 工控协议逆向分析技术研究与挑战 [J]. 计算机研究与发展, 2022, 59(5): 1015‒1034.
Huang T, Fu A M, Ji Y K, et al. Research and challenges on reverse analysis technology of industrial control protocol [J]. Journal of Computer Research and Development, 2022, 59(5): 1015‒1034.
[11] Lei C, Donghong L, Liang M. The spear to break the security wall of S7CommPlus [EB/OL]. [2023-06-20]. https://www.blackhat.com/docs/eu-17/materials/eu-17-Lei-The-Spear-To-Break%20-The-Security-Wall-Of-S7CommPlus-wp.pdf.
[12] Biham E, Bitan S, Carmel A, et al. Rogue7: Rogue engineering-station attacks on S7 Simatic PLCs [EB/OL]. (2019-08-03)[2023-06-20]. https://i.blackhat.com/USA-19/Thursday/us-19-Bitan-Rogue7-Rogue-Engineering-Station-Attacks-On-S7-Simatic-PLCs-wp.pdf.
[13] Maynard P, McLaughlin K, Haberler B. Towards understanding man-In-the-middle attacks on IEC 60870-5-104 SCADA networks [C]. Swindon: The 2nd International Symposium on ICS & SCADA Cyber Security Research, 2014.
[14] Kleinmann A, Amichay O, Wool A, et al. Stealthy deception attacks against SCADA systems [M]. Cham: Springer International Publishing, 2017: 93‒109.
[15] Hu Y, Sun Y Y, Wang Y C, et al. An enhanced multi-stage semantic attack against industrial control systems [J]. IEEE Access, 1809, 7: 156871‒156882.
[16] Kalle S, Ameen N, Yoo H, et al. CLIK on PLCs! attacking control logic with decompilation and virtual PLC [C]. San Diego: 2019 Workshop on Binary Analysis Research, 2019.
[17] Govil N, Agrawal A, Tippenhauer N O. On ladder logic bombs in industrial control systems [M]. Cham: Springer International Publishing, 2017: 110‒126.
[18] Alsabbagh W, Langendörfer P. Patch now and attack later-exploiting S7 PLCs by time-of-day block [C]. Victoria: 2021 4th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS), 2021.
[19] Klick J, Lau S, Marzin D, et al. Internet-facing PLCs—A new back orifice [EB/OL]. [2023-06-20]. https://www.blackhat.com/docs/us-15/materials/us-15-Klick-Internet-Facing-PLCs-A-New-Back-Orifice-wp.pdf.
[20] Spenneberg R, Brüggemann M, Schwartke H. PLC-blaster: A worm living solely in the PLC [EB/OL]. [2023-06-20]. https://www.blackhat.com/docs/asia-16/materials/asia-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC-wp.pdf.
[21] Yoo H, Ahmed I. Control logic injection attacks on industrial control systems [M]. Cham: Springer International Publishing, 2019: 33‒48.
[22] Keliris A, Maniatakos M. ICSREF: A framework for automated reverse engineering of industrial control systems binaries [C]. San Diego: 2019 Network and Distributed System Security Symposium, 2019.
[23] Castellanos J H, Ochoa M, Cardenas A A, et al. AttkFinder: Discovering attack vectors in PLC programs using information flow analysis [C]. ZOOM: 24th International Symposium on Research in Attacks, Intrusions and Defenses, 2021.
[24] Liu Y, Ning P, Reiter M K. False data injection attacks against state estimation in electric power grids [J]. ACM Transactions on Information and System Security, 2011, 14(1): 1‒33.
[25] Sedjelmaci H, Senouci S M, Ansari N. A hierarchical detection and response system to enhance security against lethal cyber-attacks in UAV networks [J]. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2018, 48(9): 1594‒1606.
[26] Yu J J Q, Hou Y H, Li V O K. Online false data injection attack detection with wavelet transform and deep neural networks [J]. IEEE Transactions on Industrial Informatics, 2018, 14(7): 3271‒3280.
[27] Liu X, Li Z Y. Local load redistribution attacks in power systems with incomplete network information [J]. IEEE Transactions on Smart Grid, 2014, 5(4): 1665‒1676.
[28] Liu X, Bao Z, Lu D, et al. Modeling of local false data injection attacks with reduced network information [J]. IEEE Transactions on Smart Grid, 2015, 6(4): 1686‒1696.
[29] Tajer A. False data injection attacks in electricity markets by limited adversaries: Stochastic robustness [J]. IEEE Transactions on Smart Grid, 2019, 10(1): 128‒138.
[30] Bishop A N, Savkin A V. On false-data attacks in robust multi-sensor-based estimation [C]. Santiago: 2011 9th IEEE International Conference on Control and Automation (ICCA), 2011.
[31] Yu Z H, Chin W L. Blind false data injection attack using PCA approximation method in smart grid [J]. IEEE Transactions on Smart Grid, 2015, 6(3): 1219‒1226.
[32]
杨安, 孙利民, 王小山, 等. 工业控制系统入侵检测技术综述 [J]. 计算机研究与发展, 2016, 53(9): 2039‒2054.
Yang A, Sun L M, Wang X S, et al. Intrusion detection techniques for industrial control systems [J]. Journal of Computer Research and Development, 2016, 53(9): 2039‒2054.
[33] López-Morales E, Rubio-Medrano C, Doupé A, et al. HoneyPLC: A next-generation honeypot for industrial control systems [C]. New York: The 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020.
[34]
黄家辉, 冯冬芹, 王虹鉴. 基于攻击图的工控系统脆弱性量化方法 [J]. 自动化学报, 2016, 42(5): 792‒798.
Huang J H, Feng D Q, Wang H J. A method for quantifying vulnerability of industrial control system based on attack graph [J]. Acta Automatica Sinica, 2016, 42(5): 792‒798.
[35]
周明, 吕世超, 游建舟, 等. 工业控制系统安全态势感知技术研究 [J]. 信息安全学报, 2022, 7(2): 101‒119.
Zhou M, Lyu S C, You J Z, et al. A comprehensive survey of security situational awareness on industrial control systems [J]. Journal of Cyber Security, 2022, 7(2): 101‒119.
[36] Zonouz S, Rrushi J, McLaughlin S. Detecting industrial control malware using automated PLC code analytics [J]. IEEE Security & Privacy, 2014, 12(6): 40‒47.
[37] Guo S J, Wu M, Wang C. Symbolic execution of programmable logic controller code [C]. Paderborn: The 2017 11th Joint Meeting on Foundations of Software Engineering, 2017.
[38] Zheng Y W, Davanian A, Yin H, et al. FIRM-AFL: High-throughput greybox fuzzing of iot firmware via augmented process emulation [C]. Berkeley: The 28th USENIX Conference on Security Symposium, 2019.
[39] Luo Z X, Zuo F L, Jiang Y, et al. Polar [J]. ACM Transactions on Embedded Computing Systems, 2019, 18(5s): 1‒22.
[40] Chen Y Q, Poskitt C M, Sun J, et al. Learning-guided network fuzzing for testing cyber-physical system defences [C]. San Diego: The 34th IEEE/ACM International Conference on Automated Software Engineering, 2019.
[41]
李欣格, 胡晓娅, 周纯杰, 等. 面向工业控制系统全生命周期的脆弱性多维协同分析 [J]. 控制与决策, 2022, 37(11): 2827‒2838.
Li X G, Hu X Y, Zhou C J, et al. Multi-dimensional collaborative analysis of vulnerability for full-lifecycle of industrial control systems [J]. Control and Decision, 2022, 37(11): 2827‒2838.
[42]
BCS 2022方滨兴: 在冬奥防护中, "四蜜"探查结构塑造了更加强大的防护模式 [EB/OL]. (2022-07-13)[2023-08-18]. https://bcs.qianxin.com/2022 /news/detail?id=55.
BCS 2022 Fang Binxing: In Winter Olympics protection, the "four honey" exploration structure has shaped a more powerful protection mode [EB/OL]. (2022-07-13)[2023-08-18]. https://bcs.qianxin.com/2022 /news/detail?id=55.