摘要
2023年,勒索病毒仍然威胁着全球工业控制系统安全,地缘政治冲突加剧导致工控系统成为敌对双方网络攻击的重要战场,供应链攻击再度成为工控系统的软肋.工控系统安全行业关注度持续提升,各国围绕工控系统安全展开大规模演习;工控系统安全政策、标准相继出台,相关行业有规可循、有法可依;软硬件漏洞仍然是工控系统"硬伤",而"离地攻击"则可绕开漏洞实施"低成本、大威胁"攻击;研究人员开发了新型攻击手段,深度横向移动攻击、PLC勒索病毒使得威胁直指工控系统控制层,模块化、功能强大的工控系统攻击工具Pipedream为攻击者指明攻击路径;工控系统安全防护技术持续迭代更新,安全厂商和研究机构相继推出安全监控平台、可信DCS、攻击取证工具、轻量级密码算法、零信任机制传感器,网络安全逐渐被考虑纳入工控系统设计环节,功能安全、信息安全一体化协同设计取得突破;在PLC运行时安全测试、协议实现正确性测试、协议逆向分析技术、攻击检测技术方面都有创新性研究成果;新兴技术如人工智能、数字孪生、大语言模型等为工控系统安全带来机遇;工控安全外溢到卫星系统,欧美等国开始为网络战的空天战场作准备.
Abstract
In 2023 the ransomware virus still threatened the security of global industrial control systems(ICSs),intensified geopolitical conflicts made the ICS become an important battlefield for hostile cyberattacks,and the supply chain once again became the soft underbelly of ICSs.Fortunately,much more attention was paid to ICS security and large-scale exercises were carried out by countries worldwide.Besides,there were many documents launched by authorities for ICS policies and standards.For techniques,vulnerabilities were newly found and the defense approaches were evolving.Specifically,the software and hardware vulnerabilities were still the unavoidable weakness of ICSs.The"living-off-the-land attack"did not use vulnerabilities but enabled"low-cost,big threat"operations over ICSs.Besides,there were novel attacks such as deep lateral move attack on the control level,the PLC ransomware virus,and the attack toolkit Pipedream.Security vendors and research institutions launched security-specific monitoring platforms for ICSs,produced the trustful DCS,developed the forensics tools,proposed the lightweight cryptographic algorithms,and designed zero trust mechanism sensors.The idea of"secure by design"was gradually taken into the design of ICSs.There were also advanced researches on runtime PLC security testing,protocol implementation correctness testing,protocol reverse analysis,and attack detection.The emerging technologies,such as artificial intelligence,digital twin,and large language model,brought opportunities to the ICS security.Moreover,the ICS security had spillover to satellite systems,and the Europe and US began to prepare for the battlefield of cyber warfare in the space.
NETL
NSTL
万方数据