With the deep integration of industrialization and informatization, intelligent industrial control systems are becoming more and more important in various industries involving national economy and people's livelihood, such as power, transportation, petrochemical, municipal, and manufacturing. Security threats from information networks will gradually become industrial control systems. (IndustrialControlSystem, referred to as ICS) is the biggest security threat. Domestic authorities and users are also paying more and more attention to the safety of ICS. In 2013, a large number of work on industrial control system safety has been done in China. The safety standards related to industrial control systems are being developed. Power, petrochemical, manufacturing, tobacco and other industries have been under the guidance of the competent national authorities. Inspection, rectification. In this kind of industrial safety and ecological environment, the Chinese version of the Control Engineering reporter and Dr. Li Hongpei of the domestic security expert NSFOCUS have conducted in-depth exchanges and discussed the safety risks and countermeasures of the industrial control system.
Timely discovery of ICS vulnerability
With the rapid development of the deep integration of industrialization and informatization in China, mature IT and Internet technologies are being continuously introduced into industrial control systems, which is inevitably required to break the industrial control system by interconnecting, intercommunicating and interoperating with other systems. Relatively closed. Unlike traditional IT information system software, which has strict security software development specifications and security testing procedures during development, industrial control system development only pays attention to system function implementation and lacks corresponding security considerations. In the existing industrial control system, it is inevitable that there will be no Less vulnerable to system security vulnerabilities or system configuration problems, and the vulnerability of these systems may be exploited by intruders outside the system, which may interfere with system operation, steal sensitive information, and may cause serious security incidents.
Dr. Li introduced: As of December 2013, the MSC's security vulnerability database contains 386 ICS-related vulnerabilities. The National Information Security Vulnerability Sharing Platform (CNVD) has released more than 500 ICS-related vulnerabilities. The overall number of ICS vulnerabilities is still growing, and the number of vulnerabilities has slowed down in 2013.
In the face of fragile industrial control systems, safety protection work urgently needs to receive the attention it deserves. Dr. Li said: Security protection is a system engineering, including work from technology to management. The most important of these is the detection and discovery of the vulnerability of the industrial control system. Only when the vulnerability of the industrial control system is discovered in time can the corresponding security reinforcement and protection work be further implemented. We believe that security industry manufacturers and industrial control system manufacturers should establish cooperation mechanisms as soon as possible, establish national or industry-level vulnerability information sharing platforms and professional offensive and defensive research teams on industrial control systems, and develop vulnerable systems suitable for industrial control systems as soon as possible. Sex scanning equipment.
Vulnerability scanners for industrial control systems support common industrial control systems in addition to vulnerability detection for common general-purpose operating systems, databases, application services, and network devices, as well as traditional IT system vulnerability scanners. The agreement identifies equipment assets of industrial control systems and detects vulnerabilities and configuration hazards in industrial control systems. By using the industrial control system scanner to perform vulnerability scanning before and during the maintenance of industrial control system equipment, the vulnerability of the industrial control system can be discovered in time, and the safety status of the industrial control system itself can be known so that it can be provided in a timely manner. Sexual security reinforcement and safety protection measures.
Pay attention to the detection and protection of APT attacks
In recent years, the security threats of industrial control systems have changed: from single-handed to organized groups – from attacking individuals to attacking groups to attacking groups; attack motives are no longer technical breakthroughs, but more utilitarian – economic, The drive of politics and ideology is more obvious. In addition, attacks against industrial control systems, whether in large-scale cyber warfare or in general cybercrime, can be found in the shadow of Advanced Persistent Threat (APT). Since the advent of the APT in 2010, the security industry has reported dozens of APT attacks. For example, in 2010, the Iranian nuclear power plant suffered a Stuxnet attack. In 2011, the global chemical industry was stolen by Nitro. In 2012, the Middle East energy industry was erased by hard disk data and master boot records by Shamoon.
Among the ICS public vulnerabilities, more than half of the new vulnerabilities in 2013 were high-risk. APT attacks have become an important means of attacking ICS. Dr. Li explained that, in a nutshell, APT refers to an organization with the appropriate capabilities and intentions to launch persistent and effective threats against specific entities. Strictly speaking, APT can flexibly combine a variety of new attack techniques and methods, surpassing the traditional characterization signature-based security mechanism, and can penetrate for a specific target for a long time, and lurk for a long time without being discovered. A well-organized behavior with a large amount of financial support, excellent management capabilities and a large number of high-end talents.
It is generally believed that APT attacks include five stages: intelligence gathering, breakthrough defense, establishment of a stronghold, hidden horizontal penetration, and completion of tasks. In this regard, NSFOCUS gives advice on detection and protection:
(1) All-round protection against puddle attacks. The breakthrough defense technology based on the puddle + website hanging horse method has become more and more fierce, and there has been a new attack method with single hole and multiple puddles. In response to this trend, on the one hand, it is hoped that webmasters will pay attention to website vulnerability detection and hacking detection; on the other hand, users (especially employees who have access to industrial control equipment) should try to use relatively safe web browsing. Install security patches in a timely manner, preferably deploying a mature host intrusion prevention system.
(2) Prevent social engineering attacks and block CC channels. Among the various links and participants in the operation of industrial control systems, people are often the weakest link, so it is very necessary to strive to improve employees' safety awareness through periodic safety training courses. In addition, it is also necessary to strengthen the behavior of technically blocking attackers to establish CC channels after breaking through defense lines through social engineering. It is recommended to deploy a trusted network intrusion prevention system.
(3) Industrial control system component vulnerabilities and backdoor detection and protection. Any industrial control system components used in the industrial control system industry should be assumed to be unsafe or malicious. Before going online, strict vulnerability, backdoor detection, and configuration verification must be performed to avoid as much as possible of known or existing in industrial control systems. Unknown security flaws. Among them, the detection of unknown security defects (backdoor or system undeclared function) is relatively difficult. Currently, the static analysis method of system code or the dynamic analysis method based on virtual execution of the system is combined.
(4) Detection and audit of abnormal behavior.
Dr. Li emphasized that the above-mentioned listed APT breakthrough defense lines and various new technologies and methods used in the completion of the mission phase, as well as other new technologies and methods that have emerged or are about to appear, are intuitively manifested as an anomalous behavior. It is recommended to deploy an industrial control audit system to comprehensively collect the original traffic of the network equipment related to the industrial control system and the logs on each terminal and server. Combine the behavior-based business audit model to comprehensively analyze the collected information to identify possible abnormalities in the discovered services. Traffic and abnormal operation behavior, found some clues of APT attacks, and may even restore the entire APT attack scenario.
Industrial control system security is different from traditional information security. It usually focuses on physical security and functional security. The safe operation of the system is the responsibility of the relevant production department, and the information department is only in a subordinate position. With the deep integration of information technology and industrial technology and the threat of potential cyber warfare, industrial control systems will shift from traditional physical security and functional security to information system security. Dr. Li believes that ensuring the safety of the industrial control system related to the national economy and the people's livelihood has been upgraded to the height of the national security strategy. Together with the particularity of the interdisciplinary and cross-industry application of the industrial control system, the safety guarantee system for establishing the industrial control system must pass the state and industry. Regulatory departments, industrial control system users, industrial control system providers, information security vendors and other aspects work together.
(Finish)Gear Oil,Gear Box Oil,Gear Lubricant,Industrial Gear Oil
Hangzhou Xingang Lubrication Technology Co., Ltd. , https://www.newlubes.com