工业控制系统安全防护技术发展研究

孙彦斌, 汪弘毅, 田志宏, 方滨兴

中国工程科学 ›› 2023, Vol. 25 ›› Issue (6) : 126-136.

PDF(1767 KB)
PDF(1767 KB)
中国工程科学 ›› 2023, Vol. 25 ›› Issue (6) : 126-136. DOI: 10.15302/J-SSCAE-2023.06.008
网络空间安全技术体系与风险应对

工业控制系统安全防护技术发展研究

作者信息 +

Development of Security Protection Technologies for Industrial Control System

Author information +
History +

摘要

工业控制系统逐渐由封闭隔离走向开放互联,工业控制系统的安全问题进一步凸显;针对工业控制系统的网络威胁呈现出高隐蔽、强对抗、跨域等特点,一旦遭受网络攻击将直接影响工业生产,因而工业控制系统网络安全防护技术备受关注。本文聚焦工业控制系统安全防护问题,分析了工业控制系统安全防护的特殊性及面临的挑战,总结了工业控制系统的主要攻击技术,梳理了以边界防护、纵深防护为代表的“自卫模式”安全防护体系的发展现状。针对工业控制系统面临的安全挑战,从自主可控安全和新型工业控制安全防护体系两个方面提出了今后的重点任务和关键技术攻关路径,即建立自主可控的工业控制系统安全生态和基于“限制器”的底线确保防护机制、探索“自卫模式+护卫模式”的工业控制系统安全防护体系,以为工业控制系统安全防护研究和应用提供参考。

Abstract

Industrial control system (ICS) is gradually transitioning from being closed and isolated to open and interconnected. The network threats to ICS are becoming highly hidden, strong-confrontation, and cross-domain in nature. Once subjected to cyberattacks, industrial production will be directly affected. Consequently, network attacks on ICS and corresponding security protection technologies have attracted significant attention. This study focuses on the security protection issues of ICS. First, we analyzed the specific characteristics of ICS security protection, as well as the unclear and uncontrollable security challenges of ICS. The network attacks on ICS are summarized and analyzed, and then the security protection systems with a self-defense mode, such as border protection and defense in depth, are discussed. In view of the security challenges, the development ideas are given from the aspects of security and controllability of ICS and a novel security protection system of ICS, and key tasks and key technology research paths are as follows: establishing an autonomous and controllable ICS security ecology and a security assurance mechanism of foreign devices based on limiters, and exploring the new security protection system of ICS based on a self-defense plus guard mode, such that the security protection ability of ICS can be better improved.

关键词

工业控制系统 / 安全防护 / 自主可控 / 新型防护体系 / 护卫模式

Keywords

industrial control system / security protection / autonomous and controllable / new security-protection architecture / guard mode

引用本文

EndNote

Ris (Procite)

Bibtex

导出引用
孙彦斌, 汪弘毅. 田志宏. 工业控制系统安全防护技术发展研究. 中国工程科学. 2023, 25(6): 126-136 https://doi.org/10.15302/J-SSCAE-2023.06.008

参考文献

原文顺序 | 文献年度倒序 | 文中引用次数倒序
[1]
Stojanović B, Hofer-Schmitz K, Kleb U‍‍. APT datasets and attack modeling for automated detection methods: A review [J]‍. Computers & Security, 2020, 92: 101734.
[2]
马力, 陈广勇, 张振峰, 等‍. 信息安全技术 网络安全等级保护基本要求: GB/T 22239—2019 [S]‍. 北京: 中国标准出版社, 2019.
[3]
Williams T J‍. A reference model for computer integrated manufacturing from the viewpoint of industrial automation [J]‍. IFAC Proceedings Volumes, 1990, 23(8): 281‒291.
[4]
International Electrotechnical Commission, International Electrotechnical Commission‍. IEC 62264-1 enterprise-control system integration—Part 1: Models and terminology [EB/OL]‍. (2013-05-30)[2023-06-20]‍. https://www.iso.org/standard/57308.html.
[5]
智研咨询‍. 2021—2027年中国工业控制系统产业发展动态及投资决策建议报告 [R]‍. 北京: 智研咨询, 2021.
[6]
杨婷, 张嘉元, 黄在起, 等‍. 工业控制系统安全综述 [J]‍. 计算机研究与发展, 2022, 59(5): 1035‒1053.
[7]
Falliere N, Murchu L O, Chien E‍. W32‍. stuxnet dossier [EB/OL]‍. (2011-02-20)[2023-06-20]‍. https://docs.broadcom.com/doc/security-response-w32-stuxnet-dossier-11-en.
[8]
Lee R M, Assante M J, Conway T‍. Analysis of the cyber attack on the Ukrainian power grid [EB/OL]‍. (2016-03-18)‍[2023-06-20]‍. https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/03/Documents_E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf.
[9]
Di Pinto A, Dragoni Y, Carcano A‍. TRITON: The first ICS cyber attack on safety instrument systems [EB/OL]‍. [2023-06-20]‍. https://i.blackhat.com/us-18/Wed-August-8/us-18-Carcano-TRITON-How-It-Disrupted-Safety-Systems-And-Changed-The-Threat-Landscape-Of-Industrial-Control-Systems-Forever-wp.pdf.
[10]
黄涛, 付安民, 季宇凯, 等‍. 工控协议逆向分析技术研究与挑战 [J]‍. 计算机研究与发展, 2022, 59(5): 1015‒1034.
[11]
Lei C, Donghong L, Liang M‍. The spear to break the security wall of S7CommPlus [EB/OL]‍. [2023-06-20]‍. https://www.blackhat.com/docs/eu-17/materials/eu-17-Lei-The-Spear-To-Break%20-The-Security-Wall-Of-S7CommPlus-wp.pdf.
[12]
Biham E, Bitan S, Carmel A, et al‍. Rogue7: Rogue engineering-station attacks on S7 Simatic PLCs [EB/OL]‍. (2019-08-03)[2023-06-20]‍. https://i.‍blackhat.‍com/USA-19/Thursday/us-19-Bitan-Rogue7-Rogue-Engineering-Station-Attacks-On-S7-Simatic-PLCs-wp.pdf.
[13]
Maynard P, McLaughlin K, Haberler B‍. Towards understanding man-In-the-middle attacks on IEC 60870-5-104 SCADA networks [C]‍. Swindon: The 2nd International Symposium on ICS & SCADA Cyber Security Research, 2014.
[14]
Kleinmann A, Amichay O, Wool A, et al‍. Stealthy deception attacks against SCADA systems [M]‍. Cham: Springer International Publishing, 2017: 93‒109.
[15]
Hu Y, Sun Y Y, Wang Y C, et al‍. An enhanced multi-stage semantic attack against industrial control systems [J]‍. IEEE Access, 1809, 7: 156871‒156882.
[16]
Kalle S, Ameen N, Yoo H, et al‍. CLIK on PLCs! attacking control logic with decompilation and virtual PLC [C]‍. San Diego: 2019 Workshop on Binary Analysis Research, 2019.
[17]
Govil N, Agrawal A, Tippenhauer N O‍. On ladder logic bombs in industrial control systems [M]‍. Cham: Springer International Publishing, 2017: 110‒126.
[18]
Alsabbagh W, Langendörfer P‍. Patch now and attack later-exploiting S7 PLCs by time-of-day block [C]‍. Victoria: 2021 4th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS), 2021.
[19]
Klick J, Lau S, Marzin D, et al‍. Internet-facing PLCs—A new back orifice [EB/OL]‍. [2023-06-20]‍. https://www.blackhat.com/docs/us-15/materials/us-15-Klick-Internet-Facing-PLCs-A-New-Back-Orifice-wp.pdf.
[20]
Spenneberg R, Brüggemann M, Schwartke H‍. PLC-blaster: A worm living solely in the PLC [EB/OL]‍. [2023-06-20]‍. https://www.blackhat.com/docs/asia-16/materials/asia-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC-wp.pdf.
[21]
Yoo H, Ahmed I‍. Control logic injection attacks on industrial control systems [M]‍. Cham: Springer International Publishing, 2019: 33‒48.
[22]
Keliris A, Maniatakos M‍. ICSREF: A framework for automated reverse engineering of industrial control systems binaries [C]‍. San Diego: 2019 Network and Distributed System Security Symposium, 2019.
[23]
Castellanos J H, Ochoa M, Cardenas A A, et al‍. AttkFinder: Discovering attack vectors in PLC programs using information flow analysis [C]‍. ZOOM: 24th International Symposium on Research in Attacks, Intrusions and Defenses, 2021.
[24]
Liu Y, Ning P, Reiter M K‍. False data injection attacks against state estimation in electric power grids [J]‍. ACM Transactions on Information and System Security, 2011, 14(1): 1‒33.
[25]
Sedjelmaci H, Senouci S M, Ansari N‍. A hierarchical detection and response system to enhance security against lethal cyber-attacks in UAV networks [J]‍. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2018, 48(9): 1594‒1606.
[26]
Yu J J Q, Hou Y H, Li V O K‍. Online false data injection attack detection with wavelet transform and deep neural networks [J]‍. IEEE Transactions on Industrial Informatics, 2018, 14(7): 3271‒3280.
[27]
Liu X, Li Z Y‍. Local load redistribution attacks in power systems with incomplete network information [J]‍. IEEE Transactions on Smart Grid, 2014, 5(4): 1665‒1676.
[28]
Liu X, Bao Z, Lu D, et al‍. Modeling of local false data injection attacks with reduced network information [J]‍. IEEE Transactions on Smart Grid, 2015, 6(4): 1686‒1696.
[29]
Tajer A‍. False data injection attacks in electricity markets by limited adversaries: Stochastic robustness [J]‍. IEEE Transactions on Smart Grid, 2019, 10(1): 128‒138.
[30]
Bishop A N, Savkin A V‍. On false-data attacks in robust multi-sensor-based estimation [C]‍. Santiago: 2011 9th IEEE International Conference on Control and Automation (ICCA), 2011.
[31]
Yu Z H, Chin W L‍. Blind false data injection attack using PCA approximation method in smart grid [J]‍. IEEE Transactions on Smart Grid, 2015, 6(3): 1219‒1226.
[32]
杨安, 孙利民, 王小山, 等‍. 工业控制系统入侵检测技术综述 [J]‍. 计算机研究与发展, 2016, 53(9): 2039‒2054.
[33]
López-Morales E, Rubio-Medrano C, Doupé A, et al‍. HoneyPLC: A next-generation honeypot for industrial control systems [C]‍. New York: The 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020.
[34]
黄家辉, 冯冬芹, 王虹鉴‍. 基于攻击图的工控系统脆弱性量化方法 [J]‍. 自动化学报, 2016, 42(5): 792‒798.
[35]
周明, 吕世超, 游建舟, 等‍. 工业控制系统安全态势感知技术研究 [J]‍. 信息安全学报, 2022, 7(2): 101‒119.
[36]
Zonouz S, Rrushi J, McLaughlin S‍. Detecting industrial control malware using automated PLC code analytics [J]‍. IEEE Security & Privacy, 2014, 12(6): 40‒47.
[37]
Guo S J, Wu M, Wang C‍. Symbolic execution of programmable logic controller code [C]‍. Paderborn: The 2017 11th Joint Meeting on Foundations of Software Engineering, 2017.
[38]
Zheng Y W, Davanian A, Yin H, et al‍. FIRM-AFL: High-throughput greybox fuzzing of iot firmware via augmented process emulation [C]‍. Berkeley: The 28th USENIX Conference on Security Symposium, 2019.
[39]
Luo Z X, Zuo F L, Jiang Y, et al‍. Polar [J]‍. ACM Transactions on Embedded Computing Systems, 2019, 18(5s): 1‒22.
[40]
Chen Y Q, Poskitt C M, Sun J, et al‍. Learning-guided network fuzzing for testing cyber-physical system defences [C]‍. San Diego: The 34th IEEE/ACM International Conference on Automated Software Engineering, 2019.
[41]
李欣格, 胡晓娅, 周纯杰, 等‍. 面向工业控制系统全生命周期的脆弱性多维协同分析 [J]‍. 控制与决策, 2022, 37(11): 2827‒2838.
[42]
BCS 2022方滨兴: 在冬奥防护中, "四蜜"探查结构塑造了更加强大的防护模式 [EB/OL]‍. (2022-07-13)[2023-08-18]‍. https://bcs.qianxin.com/2022 /news/detail?id=55.
基金
中国工程院咨询项目“工业互联网安全技术战略研究”(2022-JB-04);国家自然科学基金项目(62072130)
PDF(1767 KB)

Accesses

Citation

Detail
段落导航
相关文章

/