بررسی انواع راه‌کارهای افزایش امنیت در سیستم‌های کنترل صنعتی و زیرساخت‌های حیاتی

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشگاه صنعتی امیرکبیر

2 دانشگاه صنعتی امیرکبیر / پژوهشکده پدافند غیرعامل

چکیده

امروزه توسعه اقتصادی و سیاسی یک جامعه در گرو کارآمدی زیرساخت‌های حیاتی نظیر انرژی، آب، فن­آوری اطلاعات و ارتباطات، بانکداری، آموزش و پژوهش، حمل‌ و ‌نقل، بهداشت و درمان و ... است. کنترل و پایش در زیرساخت‌های حیاتی و واحدهای صنعتی، توسط یک سیستم کنترل تحت شبکه و هوشمند انجام می‌گیرد. بزرگترین تهدید برای این سیستم‌ها، حملات هدف‌دار مانند حملات سایبری است که در آن مهاجم، راه­برد حمله‌ خود را با هدف آسیب­رساندن به سیستم تحت کنترل متناسب می‌کند. به­منظور دست­یابی به جامعه‌ای امن، توسعه زیرساخت‌های حفاظت­شده، امن‌سازی اطلاعات حیاتی و تولید سیستم‌های کنترل مقاوم در برابر حملات سایبری بسیار حائز اهمیت است. راه­برد کلان بیشتر اسناد مهم و پرکاربرد در زمینه امنیت سیستم­های کنترل صنعتی برمبنای "راه­برد دفاع در عمق" استوار است. به­منظور اجرای راه­برد کلان دفاع در عمق، راه­کارهای گسترده‌ای پیشنهاد شده است. بنابراین، هدف این مقاله، بحث و توضیح این راه­کارها در قالب دو دسته‌ پایه‌ای و ساختاری و با بررسی استانداردهای بین‌المللی و مستندات معتبر از جمله مقاله‌های علمی است. توجه به اشتباهات رایج در اتخاذ تدابیر امنیتی و اجتناب از آن‌ها به منظور دست­یابی به یک سیستم امن، بسیار حائز اهمیت است. از این­رو در بخش انتهایی مقاله، به برخی از آن‌ها اشاره می‌شود.

کلیدواژه‌ها

عنوان مقاله [English]

Review of the Types of Strategies to Improve Security of Industrial Control Systems and Critical Infrastructure

چکیده [English]

Nowadays, economic and political development of a society depends on the performance of critical infrastructure such as energy, water, ICT, banking, research and education, transportation, health and treatment, etc. Control and monitoring of critical infrastructure and industrial systems are performed by intelligent network control systems. Major threats to critical infrastructure and industrial control systems are targeted attacks such as cyber ones in which the attacker tailors its strategy for industrial control systems. In order to achieve a secure community, development of protected infrastructure, securing the critical information, and construction of intrinsically secure control systems are absolutely essential. There are a vast number of solutions to security of industrial control systems. The aim of this paper is to classify the solutions into two categories, namely basic strategies and structural strategies. Moreover, some of the common pitfalls and mistakes in the employment of security solutions are addressed.       

کلیدواژه‌ها [English]

  • Industrial Control System and Critical Infrastructure
  • Cyber Attack
  • Defense in Depth- Basic Strategies
  • Structural Strategies

مراجع

  1. G. Manimaran, A. Hann, and P. Sauer, “Cyber-physical systems security for smart grid,” Future Grid Initiative White Paper, Power systems engineering research center publication (PSERC), 2012.##
  2. A. Afshar, A. Termehchy, A. Golshan, A. Aghaeeyan, and H. Shahriyari, “Survey on Cyber Security of Industrial Control Systems,” Journal of Control, vol. 8, no. 1, Spring 2014. (in Persion)##
  3. http://searchsecurity.techtarget.com/definition/defense-in-depth, accessed on 07/07/2018.##
  4. P. Wade, P. Malkewicz, and J. Novak, “Industrial Cyber Security: From the Perspective of the Power Sector,” Presented at DEFCON 18, Riviera Hotel, Las Vegas NV, July 29th-August 1st 2010.##
  5. U.S. Department of Homeland Security (DHS), “Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies,” Control Systems Security Program (CSSP), US-CERT Defense in Depth, October 2009.##
  6. ISA, “ANSI/ISA–62443-1-1 (99.01.01) Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts, and Models,” 2007.##
  7. A. Afshar, A. Termehchy, A. Golshan, A. Aghaeeyan, S. Soleimani, and H. Shahriyari, “Comprehensive Conceptual Model of Control System's Vulnerabilities,” journal of Passive Defence, vol. 24, no. 6, pp. 23-32, winter 2015. (in Persion)##
  8. ISA, “ANSI/ISA-62443-1-1, (ANSI/ISA-99.00.01-2007) Security for Industrial Automation and Control Systems Terminology, Concepts and models,” 2007.##
  9. Stouffer, Keith, Joe Falco, and Karen Scarfone, “Guide to Industrial Control Systems (ICS) Security,” NIST special publication 800.82, 2011.##
  10. http://isa99.isa.org, ISA99: Developing the Vital ISA/IEC 62443 Series of Standards on Industrial Automation and Control Systems (IACS) Security, accessed on 07/07/2018.##
  11. U.S. Department of Homeland Security (DHS), “Chemical Facility Anti-Terrorism Standards (CFATS),” 2006.##
  12. IEC, TR, “62210: Power system control and associated communications–Data and communication security,” International Electrotechnical Commission, 2003.##
  13. PA Consulting Group, “NISCC: Good Practice Guide: Process Control and SCADA Security,” October 2005.##
  14. American Chemistry Council’s Chemical Information Technology Council (ChemITC) ™, “Chemical Sector Cyber Security Program; Guidance for Addressing Cyber Security in the Chemical Industry,” Version 3.0, 2006.##
  15. http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx, accessed on 07/07/2018.##
  16. U.S. Nuclear Regulatory Commission, “Cyber security programs for nuclear facilities,” Regulatory Guide 5.71, 2010.##
  17. NERC-CIP Cyber Security Standards, “Standard CIP-005-3a- Cyber Security- Electronic Security Perimeter(s),”##.
  18. NERC-CIP Cyber Security Standards, “Standard CIP-006-3c- Cyber Security-Physical Security of Critical Cyber Assets,”.##
  19. http://www.bomara.com/G arrett/wp_nerc_cip_compliance.html, accessed on 07/07/2018.##
  20. http://embedded.communit ies.intel.com, accessed on 07/07/2018.##
  21. F. Igor Nai, A. Carcano, M. Masera, and A. Trombetta, “Design and implementation of a secure modbus protocol,” Critical Infrastructure Protection III, Springer Berlin Heidelberg, pp. 83-96, 2009.##
  22. I. Eusgeld, F. Freiling, and R. H. Reussner, “Dependability Metrics: GI-Dagstuhl Research Seminar; Dagstuhl Castle, Germany; October 5-November 1, 2005,” Advanced Lectures, vol. 4909, Springer 2008.##
  23. IEEE Standards Association; WGC6; P1711 - Standard for a Cryptographic Protocol for Cyber Security of Substation Serial Links.##
  24. Department of Homeland Security, “Control Systems Communications Encryption Primer,” U.S. Department of Homeland Security (DHS), 2009.##
  25. P. Tsang Patrick and W. S. Sean, “YASIR: A low-latency, high-integrity security retrofit for legacy SCADA systems,” In Proceedings of The Ifip Tc 11 23rd International Information Security Conference, Springer US, pp. 445-459, 2008.##
  26. C. Rasika, C. Hauser, and D. E. Bakken, “Long-lived authentication protocols for process control systems,” International Journal of Critical Infrastructure Protection, vol. 3, no. 3, pp. 174-181, 2010.##
  27. A. Saurabh, “On cyber security for networked control systems,” Ph.D. Thesis, University of California, Berkeley, 2011.##
  28. D. Wei. and K. Ji, “Resilient industrial control system (RICS): Concepts, formulation, metrics, and insights,” IEEE 3rd International Symposium on Resilient Control Systems (ISRCS), 2010.##
  29. C. G. Rieger, D. I. Gertman, and Miles A. McQueen, “Resilient control systems: next generation design research,” IEEE 2nd Conference on Human System Interactions, 2009.##
  30. R. Arghandeh, Alexandra. Von Meier, L. Mehrmanesh, and Lamine Mili, “On the definition of cyber-physical resilience in power systems,” Renewable and Sustainable Energy Reviews 58, pp. 1060-1069, 2016.##
  31. https://www.tofinosecurity.com/products/tofino-security-appliance, accessed on 07/07/2018.##
  32. http://www.siemens.com/entry/cc/en/, accessed on 07/07/2018.##
  33. http://www.abb.com/, accessed on 07/07/2018.##
  34. http://www.emerson.com/Accessed on 07/07/2018##.
  35. Termehchy, Atefeh, “Control of  cyber attacks damages to critical infrastructure,” M.Sc. Thesis, Amirkabir University of Technology, Iran, 2013.(in Persion)##
  36. D. Knapp Eric and J. T. Langill, “Industrial network security: securing critical infrastructure networks for Smart Grid, SCADA, and other industrial control systems,” Syngress, 2014.##

فایل ها

سابقه مقاله

  • تاریخ دریافت: 04 خرداد 1395
  • تاریخ بازنگری: 12 اسفند 1397
  • تاریخ پذیرش: 28 شهریور 1397

هم رسانی

ارجاع به این مقاله

آمار