以物理行为管理促进《工业控制系统网络安全防护指南》实践
Promoting the Practice of the Guidelines for Industrial Control System Network Security Protection with Physical Behaviour Management
马霄 1宋锐1
作者信息
摘要
随着《工业控制系统网络安全防护指南》发布,控制系统网络安全建设备受关注.本文指出控制系统与通用信息系统安全对象存在差异,攻击多聚焦于控制器,传统安全措施难以满足需求.基于此,本文阐述了控制系统物理行为识别的意义与方法,通过将离线数据字典与监测结合,以寄存器地址关联变量,解析出物理变量数值并形成策略,进而提出基于物理行为的安全处置方法,参考阈值和数据变化率区间等构建安全模型,综合多包报文内容识别异常.本文还探讨了结合物理行为的辅助决策运营方法,明确安全运营目标为安全生产,物理行为识别结果可作网络安全与业务逻辑媒介,通过分析设备运行、控制逻辑、外部影响等状态实现风险识别与处置,最终强调网络安全应与产业融合互相促进.
Abstract
With the release of the Guidelines for Industrial Control System Network Security Protection,control system network security construction has attracted much attention.This paper points out that there are differences between control system and general information system security object,its communication and operation and maintenance are independent,the attack mostly focuses on the controller,and the traditional security measures are difficult to meet the demand.Based on this,the significance and method of physical behaviour identification of control systems are described,and by combining the offline data dictionary with monitoring to associate variables with register addresses,the values of physical variables are parsed out and policies are formed.Then,a security disposal method based on physical behaviour is proposed,which constructs a security model with reference to thresholds and data change rate intervals,and identifies anomalies by integrating the contents of multi-packet messages.At the same time,it discusses the auxiliary decision-making operation method combined with physical behaviour,makes it clear that the goal of safety operation is safe production,and the result of physical behaviour identification can be used as the medium of network security and business logic,and achieves the risk identification and disposal by analysing the state of equipment operation,control logic,external influence,etc.,and ultimately stresses that network security should be integrated with industry to promote.
关键词
控制系统/网络安全/物理行为识别与处置Key words
Control Systems/Cyber Security/Physical Behaviour Identification and Disposal引用本文复制引用
出版年
2024
NETL
NSTL
万方数据