New Trend of Information Security in Industrial Control Systems

doi:10.3969/j.issn.1671-1122.2015.01.002

Abstract

Abstract:

With the rapid development of science and technology and the continuous fusion of industrialization and informatization, industrial control systems (ICSs) are more and more adopting standard, universal communication protocols and software/hardware systems, and being connected to the Internet in various manners. It breaks the original closure and exclusiveness of these systems, and causes security threats (such as viruses and trojans) to spread promptly into the field of industrial control. ICSs are encountered with increasingly serious information security threats that show different features from those of traditional IT systems. To briefly introduce the new trends and achievements in the field of ICS security research today, this paper presents the definition and 3-level architecture of ICSs, brings in the problem of ICS security, and elaborates the distribution and tendency of the security problem by detailed data. After that, this paper focuses on introducing the international conference ICS-CSR that is dedicated to the field of ICS information security from the viewpoint of academic research. By comparing the papers collected in the first and second ICS-CSR conferences, this paper investigates in detail on the issues of attackers and attack vectors, detection and response of cyber attacks, security modeling and vulnerability analysis of systems, and the socio-technical nature of ICSs, summarizes the main problems, ideas, approaches and conclusions in the research of ICS security, and presents the current situation and future direction of this field. Finally, this paper proposes the security concept of defense-in-depth, according to which a comprehensive defending system composed of boundary system, protection system and safety system is established aiming to provide ICSs with omni-directional, multi-layered and whole life-circle protection.

Key words: industrial control system, information security, access control, socio-technical, defense-in-deep

CLC Number:

TP309

Xiao-shan WANG, An YANG, Zhi-qiang SHI, Li-min SUN. New Trend of Information Security in Industrial Control Systems[J]. Netinfo Security, 2015, 15(1): 6-11.

Figures/Tables 7

References 14

[1]	北京神州绿盟信息安全科技股份有限公司. 2013工业控制系统及其安全性研究报告[EB/OL]., 2014-10-10.
[2]	ICS-CERT. ICS-CERT Monitor October/November/December2012[EB/OL]., 2014-10-10.
[3]	ICS-CERT. ICS-CERT Monitor April/May/June2013[EB/OL]. , 2014-10-10.
[4]	Michael Robinson.The SCADA threat landscape[C]// Proceedings of 1st International Symposium for ICS &SCADA Cyber Security Research, 2013:33-41.
[5]	Yasakethu S.L.P., Jiang J. Intrusion detection via machine learning for SCADA system protection[C]// Proceedings of 1st International Symposium for ICS &SCADA Cyber Security Research, 2013:101-105.
[6]	Provos N.A virtual honeypot framework[C]// Proceedings of the 13th Conference on USENIX Security Symposium, 2004:1-14.
[7]	Paul Baecher, Markus Koetter, Thorsten Holz, et al.The Nepenthes platform: An efficient approach to collect malware[C]//Proceedings of 9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006), 2006:165-184.
[8]	Nepenthes Development Team. Dionaea[EB/OL]. , 2011-05-15.
[9]	Kieran McLaughlin, Sakir Sezer, Paul Smith, et al. PRECYSE: Cyber-attack detection and response for industrial control systems[C]// Proceedings of the 2nd International Symposium for ICS &SCADA Cyber Security Research, 2014:67-71.
[10]	Laurens Lemaire, Jorn Lapon, Bart De Decker, et al.A SysML extension for security analysis of industrial control systems [C]//Proceedings of the 2nd International Symposium for ICS &SCADA Cyber Security Research, 2014: 1-9.
[11]	Robert Oates, Fran Thom, Graham Herries.Security-aware, model-based systems engineering with SysML[C]// Proceedings of the 1st International Symposium for ICS &SCADA Cyber Security Research, 2013:78-87.
[12]	Ivan Cibrario Bertolotti, Luca Durante, Tingting Hu, et al.A Model for the Analysis of Security Policies in Industrial Networks[C]// Proceedings of the 1st International Symposium for ICS &SCADA Cyber Security Research, 2013: 66-77.
[13]	Andrew John Charles Blyth. Role logic and its application to the analysis of process control systems from the Socio—Technical system perspective [C]//Proceedings of the 1st International Symposium for ICS &SCADA Cyber Security Research, 2013:42-47.
[14]	Benjamin Green, Daniel Prince, Utz Roedig, et al.Socio-Technical security analysis of industrial control systems (ICS)[C]//Proceedings of the 2nd International Symposium for ICS & SCADA Cyber Security Research, 2014:10-14.

[1]	Yifeng DU, Yuanbo GUO. A Dynamic Access Control Method for Fog Computing Based on Trust Value [J]. Netinfo Security, 2020, 20(4): 65-72.
[2]	Peng LIU, Qian HE, Wangyang LIU, Xu CHENG. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption [J]. Netinfo Security, 2020, 20(3): 90-97.
[3]	Lu YU, Senlin LUO. A Method of Internal Intrusion Detection of Database in RBAC Mode [J]. Netinfo Security, 2020, 20(2): 83-90.
[4]	Shengwei XU, Feijie WANG. Attribute-based Encryption Scheme Traced Under Multi-authority [J]. Netinfo Security, 2020, 20(1): 33-39.
[5]	Jinmiao WANG, Guowei WANG, Mei WANG, Ruijin ZHU. Achieving Privacy Preserving and Flexible Access Control in Fog Computing [J]. Netinfo Security, 2019, 19(9): 41-45.
[6]	Yihua ZHOU, Zhuqing LV, Yuguang YANG, Weimin SHI. Data Deposit Management System Based on Blockchain Technology [J]. Netinfo Security, 2019, 19(8): 8-14.
[7]	A-yong YE, Junlin JIN, Lingyu MENG, Ziwen ZHAO. Research on Access Control for Privacy Protection of Mobile Terminals [J]. Netinfo Security, 2019, 19(8): 51-60.
[8]	Wenli SHANG, Long YIN, Xianda LIU, Jianming ZHAO. Construction Technology and Application of Industrial Control System Security and Trusted Environment [J]. Netinfo Security, 2019, 19(6): 1-10.
[9]	Zhongyuan QIN, Yin HAN, Qunfang ZHANG, Xuejin ZHU. An Improved Scheme of Multi-PKG Cloud Storage Access Control [J]. Netinfo Security, 2019, 19(6): 11-18.
[10]	Wenli SHANG, Xiule ZHANG, Xianda LIU, Long YIN. Construction Method and Verification of Local Trusted Computing Environment in Industrial Control Network [J]. Netinfo Security, 2019, 19(4): 1-10.
[11]	Ruiying CHEN, Zemao CHEN, Hao WANG. Design and Optimization of Security Monitoring and Controlling Protocol in Industrial Control Systems [J]. Netinfo Security, 2019, 19(2): 60-69.
[12]	Fangbo CAI, Jingsha HE, Nafei ZHU, Song HAN. Research on Cascading Failure of Nodes in Distributed Access Control Model [J]. Netinfo Security, 2019, 19(12): 47-52.
[13]	Zongping LV, Lei DING, He SUI, Zhaojun GU. Network Security Risk Analysis of Industrial Control System Based on Time Automata [J]. Netinfo Security, 2019, 19(11): 71-81.
[14]	Xiangquan SHI, Jing TAO, Baokang ZHAO. A Network Access Control System in Virtualized Environments [J]. Netinfo Security, 2019, 19(10): 1-9.
[15]	Lin LI, Xuxia ZHANG. National Secret Substitution of zk-snark Bilinear Pair [J]. Netinfo Security, 2019, 19(10): 10-15.