CN115755847A - Industrial control system grade protection evaluation method and system - Google Patents
Industrial control system grade protection evaluation method and system Download PDFInfo
- Publication number
- CN115755847A CN115755847A CN202211443941.3A CN202211443941A CN115755847A CN 115755847 A CN115755847 A CN 115755847A CN 202211443941 A CN202211443941 A CN 202211443941A CN 115755847 A CN115755847 A CN 115755847A
- Authority
- CN
- China
- Prior art keywords
- industrial control
- evaluation
- equipment
- library
- index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 129
- 238000000034 method Methods 0.000 claims abstract description 39
- 230000008569 process Effects 0.000 claims description 20
- 238000004458 analytical method Methods 0.000 claims description 19
- 238000001514 detection method Methods 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 12
- 238000013507 mapping Methods 0.000 claims description 9
- 238000012423 maintenance Methods 0.000 claims description 5
- 238000012550 audit Methods 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 claims description 3
- 238000011161 development Methods 0.000 claims description 3
- 238000007689 inspection Methods 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 3
- 238000005520 cutting process Methods 0.000 abstract description 5
- 238000004519 manufacturing process Methods 0.000 description 5
- 238000007726 management method Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000009776 industrial production Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000002411 adverse Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a method and a system for evaluating industrial control system grade protection, wherein the method comprises the following steps: determining an evaluation object, an evaluation index and an unsuitable item of an industrial control system; and based on the evaluation object and the evaluation index, evaluating the field control equipment in the running state, obtaining an evaluation record and analyzing the evaluation record. The invention is used for supporting the selection of the grade protection evaluation index, supporting the selection of the general index and the industrial control expansion index, and accurately selecting the evaluation index and describing the cutting reason of the unsuitable item.
Description
Technical Field
The invention relates to the technical field of industrial control systems, in particular to a method and a system for evaluating the grade protection of an industrial control system.
Background
The industrial control system is widely applied to important fields relating to national safety, such as electric power, petrifaction, traffic, municipal administration, novel intelligent manufacturing and the like, once a safety problem occurs, the influence is not only the economic loss of an enterprise, but also the national safety and social public interests are damaged, and the importance of the industrial control system is self-evident. Under the large background of the two-way integration, the industrial control system gradually changes from an early closed independent state to an open state, an important mission born by the industrial control system gradually becomes an object of network attack, and the information security problem of the industrial control system is increasingly highlighted.
Industrial Control Systems (ICS) are a general term for several types of control systems, including data acquisition and supervisory control Systems (SCADA), distributed Control Systems (DCS), and other control systems, such as Programmable Logic Controllers (PLC), which are often used in the industrial sector and key infrastructure. Industrial control systems are mainly composed of process stages, operational stages, and communication networks between and within the stages, and for large-scale control systems, also include a management stage. The process level comprises a controlled object, field control equipment, a measuring instrument and the like, the operation level comprises an engineer and an operator station, a human-computer interface, configuration software, a control server and the like, the management level comprises a production management system, an enterprise resource system and the like, and the communication network comprises a commercial Ethernet, an industrial Ethernet, a field bus and the like.
A functional hierarchy model of a typical industrial control system is shown in fig. 1. The hierarchical model divides the functions of the industrial control system into five levels, namely a 4 th enterprise resource layer, a 3 rd production management layer, a 2 nd process monitoring layer, a 1 st field control layer and a 0 th field device layer from top to bottom, and the hierarchical division also reflects different requirements of different functional levels of the industrial control system on the real-time performance of data communication and the time requirement of data recording. The process monitoring layer comprises functions and systems related to monitoring and controlling the process, and the process monitoring layer system is a system for providing human-computer interface functions of operators, providing alarming, collecting process history records and the like. The system is mainly used for collecting and monitoring data in different aspects in the production process in a centralized manner, is an easily-used control system upper data display platform with friendly configuration, and builds an easily-used human-machine interface (HMI), so that the functions of monitoring, controlling, analyzing, alarming and the like of industrial production are realized. And the field control layer comprises a safety protection system and a basic control system which are directly used for an industrial control process, such as an industrial automatic control system used for completing continuous control, sequential control, batch control and discrete control. Control systems directly used for industrial control processes include, but are not limited to, DCS, PLC, RTU, etc., safety protection systems such as SIS safety instrumented systems, etc. The field device layer, which includes the industrial control physical process actually participating in industrial production and business, relates to the production facilities such as sensors and actuators, etc. directly connected to the process and industrial equipment and controlled by the field control layer control system.
The basic system in the field of network security in China is network security level protection, the 2019 level protection standard is upgraded to level protection 2.0, industrial control is listed in the standard range, the expansion requirements are listed separately according to the characteristics of an industrial control system, and the requirement content of 'safety general requirements + industrial control safety expansion requirements' is formed. The grade protection evaluation work is carried out according to technical indexes in GB/T22239-2019 basic requirements for information security technology network safety grade protection and GB/T28448-2019 requirements for information security technology network safety grade protection evaluation.
The industrial control system has the characteristics of high requirements on availability and real-time performance, long system life cycle and high requirements on service continuity, and the following problems need to be solved in the implementation of the protection and evaluation activities such as the industrial control system and the like:
(1) The selection of evaluation indexes is very important. Before the industrial control system is evaluated, the evaluation index of the object to be evaluated is selected according to the characteristics of the industrial control system, and a cutting reason needs to be given to some unselected evaluation indexes. However, in practical application, an evaluation person is often unfamiliar with the working mode of the industrial control system, and there are obstacles to selection of evaluation indexes of an evaluation object of a field control layer, and the problems of inaccurate selection or insufficient cutting reasons of unsuitable items exist.
(2) The industrial control system usually runs continuously, the normal work of the industrial control system cannot be influenced by the protection evaluation, and the detection of terminal equipment deployed at a field control layer cannot be implemented frequently. In general, in the evaluation of industrial control field control equipment, terminal equipment cannot acquire evaluation information completely by checking configuration because the terminal equipment does not have a human-computer interaction interface; meanwhile, the system has real-time working requirements, a simulation environment cannot be built on site, and permeation and scanning detection cannot be carried out on the control equipment.
(3) The traditional evaluation work is to manually judge the type of network equipment and compile evaluation records according to standard requirements, the evaluation and analysis work depends on the personal ability of evaluation personnel, the evaluation personnel often have poor understanding on an industrial control system, errors can occur when evaluation indexes are in accordance with analysis, the evaluation time is too long, and the whole evaluation time is not efficient.
Disclosure of Invention
The invention aims to provide a method and a system for evaluating the grade protection of an industrial control system aiming at the real-time working characteristics of the industrial control system, so as to carry out safety detection on field control layer equipment and improve the evaluation accuracy and the evaluation efficiency.
In order to achieve the purpose, the invention provides the following scheme:
a method for evaluating industrial control system level protection comprises the following steps:
determining an evaluation object, an evaluation index and an unsuitable item of an industrial control system;
and evaluating the field control equipment in the running state based on the evaluation object and the evaluation index to obtain an evaluation record, and analyzing the evaluation record.
Preferably, the evaluation object of the industrial control system includes: the device comprises a process monitoring layer and a field control layer, wherein the process monitoring layer is consistent with the general evaluation requirement, and the field control layer evaluation object needs to consider control layer devices and network interconnection devices which play a role in determining the safety of the grading system.
Preferably, the determination of the evaluation object and the evaluation index and the inappropriate item of the industrial control system comprises the following steps:
determining an evaluation object and an evaluation index of the industrial control system according to an industrial control extended index search library, and completing confirmation and description of an inapplicable item in the evaluation index by referring to descriptions of the inapplicable item in different scenes in the industrial control extended index search library, wherein the industrial control extended index search library is three typical grading object samples, mapping relations between the evaluation object and the evaluation index, and indication inapplicability of the index, which are respectively established for an SCADA (supervisory control and data acquisition) system, a DCS (distributed control system) system and a PLC (programmable logic controller) system.
Preferably, the establishing of the mapping relationship between the evaluation object and the evaluation index includes:
and establishing an index mapping relation between a safety general requirement and an industrial control safety extension requirement for each evaluation object, definitely establishing a relevant relation with a corresponding scene, and establishing scene-based analysis and explanation on the unsuitable item.
Preferably, the evaluating the field control device in the operating state includes:
respectively establishing an industrial control equipment fingerprint library and an industrial control equipment leak library, obtaining a three-dimensional fingerprint of a running field control equipment, and sending the three-dimensional fingerprint to a problem analysis module, wherein the problem analysis module is used for comparing the three-dimensional fingerprint with information in the industrial control equipment fingerprint library, determining the equipment state, and inquiring through the industrial control equipment leak library to obtain leak information of the industrial control system to be detected; the vulnerability information comprises vulnerability number and vulnerability severity.
Preferably, establishing the industrial control equipment fingerprint library includes:
acquiring the characteristic attribute of the industrial control equipment, acquiring the equipment fingerprint of the industrial control equipment based on the characteristic attribute, and establishing an industrial control equipment fingerprint library of different equipment types; the characteristic attributes comprise equipment names, equipment models, firmware version numbers, affiliated manufacturers, protocol port numbers and MAC addresses.
Preferably, the establishing of the industrial control equipment leak library includes:
carrying out safety detection on industrial control equipment stored in a working condition equipment library, recording detected safety loopholes, and establishing an industrial control equipment leakage library; the detection method comprises a configuration checking method and a vulnerability scanning method.
Preferably, the configuration checking method performs security configuration check on equipment in the industrial control system to be detected, and the content of the security configuration check includes basic information of the equipment to be checked, account information, an account password policy, user permission, security audit, a shared directory, running service, a running process, an installed update program, installed software, port information, network card information, access control and vulnerability information;
the vulnerability scanning method uses an automatic scanning tool to carry out one-by-one inspection and test on known vulnerabilities, open services or open interface characteristics of an operating system, application software and a network system of industrial control equipment, verifies whether the system has potential security vulnerabilities and utilizable vulnerabilities, and records the inspected vulnerabilities.
In order to achieve the above object, the present invention further provides a rating protection evaluation system for an industrial control system, including:
an acquisition module: the system comprises a back terminal system and a fingerprint acquisition module, wherein the back terminal system is used for acquiring fingerprints of field control equipment in a running state and sending the fingerprints to the back terminal system;
rear terminal system: the system is used for determining the state of the equipment and inquiring through a knowledge base to obtain vulnerability information of the industrial control system of the field control equipment;
a knowledge base: the system is used for summarizing and analyzing safety problems and integrally evaluating safety control;
a reporting module: and the evaluation record is formed according to the equipment state and the vulnerability information.
Preferably, the rear terminal system includes:
an index configuration module: the system is used for selecting and determining an evaluation object, an evaluation index and inapplicability;
a problem analysis module: the system is used for summarizing and analyzing safety problems by combining the industrial control equipment fingerprint library and the industrial control equipment leak library to obtain an analysis result;
an expert evaluation module: an overall evaluation for safety control based on the analysis result;
a knowledge base maintenance module: the system is used for maintaining the industrial control expansion index search library, the industrial control equipment fingerprint library and the industrial control equipment leak library according to the service development.
The beneficial effects of the invention are as follows:
1. the invention is used for supporting the selection of the grade protection evaluation index, supporting the selection of the general index and the industrial control expansion index, and accurately selecting the evaluation index and describing the cutting reason of the unsuitable item;
2. the invention supports the evaluation of the terminal equipment of the field control layer and records the detection result;
3. the invention comprehensively analyzes the evaluation indexes, reduces evaluation errors and improves evaluation efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a diagram of a functional level model of an exemplary industrial control system in accordance with the background of the present invention;
fig. 2 is a schematic structural diagram of a grade protection evaluation system of the industrial control system according to the embodiment of the invention;
fig. 3 is a schematic diagram of an industrial control extended index reference library according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to make the aforementioned objects, features and advantages of the present invention more comprehensible, the present invention is described in detail with reference to the accompanying drawings and the detailed description thereof.
The embodiment provides an industrial control system level protection evaluation method which comprises the following steps:
1. and selecting an evaluation object and an evaluation index of the industrial control system according to the industrial control extended index reference library, and determining the inapplicability and the description thereof.
(1) Construction and maintenance industrial control expansion index reference library (as figure 3)
The industrial control expansion index reference library respectively establishes mapping relations and index inapplicability explanations of three typical grading object samples, evaluation objects and evaluation indexes aiming at an SCADA system, a DCS system and a PLC system. Especially for constructing common dispatching system, transformer substation, wind power plant, etc
The mapping relation between the evaluation object and the evaluation index is an index mapping relation for establishing a safety general requirement and an industrial control safety expansion requirement for each evaluation object, definitely establishes a relevant relation with a corresponding scene, and establishes scene-based analysis and explanation for partial unsuitable items.
The evaluation object of the industrial control system mainly comprises a process monitoring layer and field control layer equipment, wherein the process monitoring layer is consistent with the general evaluation requirement, and the field control layer evaluation object needs to fully consider control layer equipment, network interconnection equipment and the like which play a role in determining the safety of the grading system. When the evaluation index is selected for the evaluation object of the field control layer, the evaluation index is selected from the safety general requirement and the industrial control safety expansion requirement under the guidance of an industrial control expansion index reference library; meanwhile, the descriptions of the unsuitable items of different scenes in the industrial control extended index reference library are required to be referred to, and confirmation and description of the unsuitable items in the evaluation index are completed.
2. And forming an evaluation record for the field control equipment in the running state by referring to the industrial control equipment fingerprint library and the industrial control equipment leak library.
Industrial control systems are generally high in availability requirements, and general safety measures may influence continuous operation of the industrial control system, for example, an account for a basic function should not be locked, and even cannot be operated for a short time; deployment of security measures should not significantly increase latency to affect system response time; for a high availability control system, a security failure should not interrupt basic functions, etc.
The patent introduces an evaluation method suitable for equipment of a field control layer, such as a PLC, various acquisition devices and a protection device.
(1) Establishing industrial control equipment fingerprint library
And establishing an industrial control equipment fingerprint library which comprises characteristic attributes of industrial control equipment such as PLC, DPU, acquisition devices and the like of domestic and foreign well-known manufacturers such as Siemens, schneider, rockwell, ABB and the like, wherein the characteristic attributes can be equipment name, equipment model, firmware version number, affiliated manufacturer, protocol port number, MAC address and the like. After device fingerprints of a plurality of devices are acquired, a fingerprint library of each device type is established.
(2) Construction of industrial control equipment cave depot
And carrying out safety detection on the industrial control equipment stored in the industrial control equipment library in advance, recording the detected safety loopholes, and establishing a hole library of the industrial control equipment. Detection methods typically include configuration checking methods and vulnerability scanning methods.
Configuration checking method
And carrying out safety configuration check on equipment in the industrial control system to be detected. The security configuration checking content mainly comprises basic information of checking equipment, account information, account password strategy, user permission, security audit, shared directory, running service, running process, installed updating program, installed software, port information, network card information, access control, vulnerability information and the like.
Such as: and (3) setting up a detection environment, extracting a file system in the PLC in a programmer or firmware extraction mode, and checking whether the file system has improper configurations such as blank password account configuration, sensitive information leakage, unnecessary service opening and the like.
Vulnerability scanning method
And (3) using a special automatic scanning tool to carry out one-by-one inspection and test on the characteristics of known bugs, open services or open interfaces and the like of an operating system, application software and a network system of the industrial control equipment, and verifying whether the system has potential security bugs and exploitable vulnerabilities. And recording the detected vulnerability.
(3) And forming an evaluation record for the field control equipment in the running state by referring to the industrial control equipment fingerprint library and the industrial control equipment leak library, and finishing the field evaluation work.
The acquisition module acquires fingerprints of the running field control equipment and gives the fingerprints to a problem analysis module of the system. The problem analysis module is responsible for comparing information of the industrial control equipment fingerprint library and determining the equipment state; and inquiring in an industrial control equipment leak library, and obtaining the leak information of the industrial control system to be detected, wherein the leak information comprises the quantity of leaks and the severity of the leaks.
The present embodiment further provides a system for evaluating level protection of an industrial control system, as shown in fig. 2, including:
an acquisition module: the system comprises a back terminal system and a fingerprint acquisition module, wherein the back terminal system is used for acquiring fingerprints of field control equipment in a running state and sending the fingerprints to the back terminal system;
rear terminal system: the system is used for determining the state of the equipment and inquiring through a knowledge base to obtain vulnerability information of the industrial control system of the field control equipment;
a knowledge base: the system is used for summarizing and analyzing safety problems and integrally evaluating safety control;
a reporting module: and the evaluation record is formed according to the equipment state and the vulnerability information.
The industrial control system grade protection evaluation system provides an acquisition module and a report module for evaluation personnel; the background system comprises an index configuration module, a problem analysis module, an expert evaluation module and a knowledge base maintenance module; the knowledge base comprises an industrial control expansion index retrieval base, an industrial control equipment fingerprint base and an industrial control equipment leak base.
The assessment personnel select an assessment object and an assessment index according to the guidance of the index configuration module, then carry out on-site assessment, collect and record assessment results through the collection module, and gather and analyze main safety problems through the problem analysis module in combination with the industrial control equipment fingerprint library and the industrial control equipment leak library; the overall evaluation of the safety control is carried out through the expert evaluation module, the industrial control system usually has higher availability requirements, if some devices need to implement safety measures, the continuous operation of the devices can be stopped, and the safety measures should not have adverse effects on the basic functions of the industrial control system with high availability in principle, for example, an account for the basic functions should not be locked, and even cannot be operated for a short time; deployment of security measures should not significantly increase latency to affect system response time; for a high availability control system, a security failure should not interrupt basic functions, etc.
The knowledge base maintenance module is required to maintain the industrial control expansion index retrieval base, the industrial control equipment fingerprint base and the industrial control equipment leak base according to business development.
The method is used for supporting selection of the grade protection evaluation indexes, supporting selection of the general indexes and the industrial control expansion indexes, and accurately selecting the evaluation indexes and describing cutting reasons of unsuitable items. And the evaluation and the recording of the detection result of the terminal equipment of the field control layer are supported. And the evaluation indexes are comprehensively analyzed, so that the evaluation error is reduced, and the evaluation efficiency is improved.
The above-described embodiments are only intended to describe the preferred embodiments of the present invention, and not to limit the scope of the present invention, and various modifications and improvements made to the technical solution of the present invention by those skilled in the art without departing from the spirit of the present invention should fall within the protection scope defined by the claims of the present invention.
Claims (10)
1. The industrial control system grade protection evaluation method is characterized by comprising the following steps:
determining an evaluation object, an evaluation index and an unsuitable item of an industrial control system;
and evaluating the field control equipment in the running state based on the evaluation object and the evaluation index to obtain an evaluation record, and analyzing the evaluation record.
2. The industrial control system level protection evaluation method according to claim 1, wherein the evaluation objects of the industrial control system comprise: the system comprises a process monitoring layer and field control layer equipment, wherein the process monitoring layer is consistent with general evaluation requirements, and control layer equipment and network interconnection equipment which determine the safety of a grading system need to be considered as an evaluation object of the field control layer.
3. The industrial control system level protection evaluation method according to claim 1, wherein determining evaluation objects, evaluation indexes and inappropriate items of the industrial control system comprises:
determining an evaluation object and an evaluation index of the industrial control system according to an industrial control extended index search library, and referring to descriptions of unsuitable items in different scenes in the industrial control extended index search library to complete confirmation and description of the unsuitable items in the evaluation index, wherein the industrial control extended index search library is three typical grading object samples, mapping relations of the evaluation object and the evaluation index and indication of index inadaptability, which are respectively established for an SCADA system, a DCS system and a PLC system.
4. The industrial control system grade protection evaluation method according to claim 3, wherein establishing the mapping relationship between the evaluation object and the evaluation index comprises:
establishing an index mapping relation between a safety general requirement and an industrial control safety expansion requirement for each evaluation object, definitely establishing a relevant relation with a corresponding scene, and establishing scene-based analysis and explanation on the unsuitable item.
5. The industrial control system grade protection evaluation method according to claim 1, wherein the evaluation of the field control device in the operating state comprises:
respectively establishing an industrial control equipment fingerprint library and an industrial control equipment leak library, obtaining a three-dimensional fingerprint of a running field control equipment, and sending the three-dimensional fingerprint to a problem analysis module, wherein the problem analysis module is used for comparing the three-dimensional fingerprint with information in the industrial control equipment fingerprint library, determining the equipment state, and inquiring through the industrial control equipment leak library to obtain leak information of the industrial control system to be detected; the vulnerability information comprises vulnerability number and vulnerability severity.
6. The industrial control system grade protection evaluation method according to claim 5, wherein the establishing of the industrial control device fingerprint library comprises:
acquiring the characteristic attribute of the industrial control equipment, acquiring the equipment fingerprint of the industrial control equipment based on the characteristic attribute, and establishing an industrial control equipment fingerprint library of different equipment types; the characteristic attributes comprise equipment names, equipment models, firmware version numbers, affiliated manufacturers, protocol port numbers and MAC addresses.
7. The industrial control system grade protection assessment method according to claim 5, wherein the establishing of the industrial control equipment leak library comprises:
carrying out safety detection on the industrial control equipment stored in the working condition equipment library, recording detected safety loopholes, and establishing the industrial control equipment leak library; the detection method comprises a configuration checking method and a vulnerability scanning method.
8. The industrial control system grade protection evaluation method according to claim 7, wherein the configuration checking method performs security configuration check on the equipment in the industrial control system to be detected, and the content of the security configuration check includes basic information of the equipment to be checked, account information, an account password policy, user permission, security audit, shared directory, running service, running process, installed update program, installed software, port information, network card information, access control, and vulnerability information;
the vulnerability scanning method uses an automatic scanning tool to carry out one-by-one inspection and test on known vulnerabilities, open services or open interface characteristics of an operating system, application software and a network system of industrial control equipment, verifies whether the system has potential security vulnerabilities and utilizable vulnerabilities, and records the inspected vulnerabilities.
9. A grade protection evaluation system of an industrial control system is characterized by comprising:
an acquisition module: the system comprises a back terminal system and a fingerprint acquisition module, wherein the back terminal system is used for acquiring fingerprints of field control equipment in a running state and sending the fingerprints to the back terminal system;
a rear terminal system: the system is used for determining the state of the equipment and inquiring through a knowledge base to obtain the vulnerability information of the industrial control system of the field control equipment;
a knowledge base: the system is used for summarizing and analyzing safety problems and integrally evaluating safety control;
a reporting module: and the evaluation record is formed according to the equipment state and the vulnerability information.
10. The industrial control system rating and protection evaluation system of claim 9, wherein the back end sub-system comprises:
an index configuration module: the system is used for selecting and determining an evaluation object, an evaluation index and inapplicability;
a problem analysis module: the system is used for summarizing and analyzing safety problems by combining the industrial control equipment fingerprint library and the industrial control equipment leak library to obtain an analysis result;
an expert evaluation module: an overall evaluation for safety control based on the analysis result;
a knowledge base maintenance module: the system is used for maintaining the industrial control expansion index search library, the industrial control equipment fingerprint library and the industrial control equipment leak library according to business development.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211443941.3A CN115755847A (en) | 2022-11-18 | 2022-11-18 | Industrial control system grade protection evaluation method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211443941.3A CN115755847A (en) | 2022-11-18 | 2022-11-18 | Industrial control system grade protection evaluation method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115755847A true CN115755847A (en) | 2023-03-07 |
Family
ID=85373044
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211443941.3A Pending CN115755847A (en) | 2022-11-18 | 2022-11-18 | Industrial control system grade protection evaluation method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115755847A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101562535A (en) * | 2009-05-22 | 2009-10-21 | 公安部第三研究所 | Closed loop type information system security class assessment tool |
| CN111881452A (en) * | 2020-07-17 | 2020-11-03 | 哈尔滨工业大学(威海) | Safety test system for industrial control equipment and working method thereof |
| CN112184091A (en) * | 2020-12-01 | 2021-01-05 | 杭州木链物联网科技有限公司 | Industrial control system security threat assessment method, device and system |
| CN113315767A (en) * | 2021-05-26 | 2021-08-27 | 国网山东省电力公司电力科学研究院 | Electric power Internet of things equipment safety detection system and method |
| CN113704767A (en) * | 2021-08-10 | 2021-11-26 | 北京凌云信安科技有限公司 | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system |
| CN115102769A (en) * | 2022-06-24 | 2022-09-23 | 国家石油天然气管网集团有限公司 | SCADA system access authentication method, device, equipment and storage medium |
| CN115150143A (en) * | 2022-06-24 | 2022-10-04 | 国家石油天然气管网集团有限公司 | Industrial control equipment network access authentication method, device, equipment and storage medium |
-
2022
- 2022-11-18 CN CN202211443941.3A patent/CN115755847A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101562535A (en) * | 2009-05-22 | 2009-10-21 | 公安部第三研究所 | Closed loop type information system security class assessment tool |
| CN111881452A (en) * | 2020-07-17 | 2020-11-03 | 哈尔滨工业大学(威海) | Safety test system for industrial control equipment and working method thereof |
| CN112184091A (en) * | 2020-12-01 | 2021-01-05 | 杭州木链物联网科技有限公司 | Industrial control system security threat assessment method, device and system |
| CN113315767A (en) * | 2021-05-26 | 2021-08-27 | 国网山东省电力公司电力科学研究院 | Electric power Internet of things equipment safety detection system and method |
| CN113704767A (en) * | 2021-08-10 | 2021-11-26 | 北京凌云信安科技有限公司 | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system |
| CN115102769A (en) * | 2022-06-24 | 2022-09-23 | 国家石油天然气管网集团有限公司 | SCADA system access authentication method, device, equipment and storage medium |
| CN115150143A (en) * | 2022-06-24 | 2022-10-04 | 国家石油天然气管网集团有限公司 | Industrial control equipment network access authentication method, device, equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 卢凯 等: "工业控制***信息安全等级保护测评方案研究", 《信息网络安全 2016增刊》, pages 107 - 111 * |
| 陈雪鸿 等: "工业控制***安全等级保护测评研究", 《信息安全研究》, vol. 6, no. 3, pages 272 - 278 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107239705B (en) | Non-contact type industrial control system or equipment static vulnerability detection system and detection method | |
| CN102005818B (en) | Method for detecting consistency of SCD (System Configuration Document) and IED (Intelligent Electronic Device) model on line | |
| CN111756582B (en) | Service chain monitoring method based on NFV log alarm | |
| CN107545349A (en) | A kind of Data Quality Analysis evaluation model towards electric power big data | |
| CN109146093A (en) | A kind of electric power equipment on-site exploration method based on study | |
| CN106787169B (en) | Method for diagnosing telemetering fault of transformer substation by using multiple data source comparison technology | |
| CN104933631A (en) | Power distribution network operation online analysis and evaluation system | |
| CN109063885A (en) | A kind of substation's exception metric data prediction technique | |
| CN111654323B (en) | Intelligent optical link operation and maintenance management method and device | |
| CN111627199A (en) | Hydropower station dam safety monitoring system and monitoring method | |
| CN113048072A (en) | Intelligent detection system for pump station | |
| CN110097275A (en) | A kind of family change relational checking method and device based on platform area power failure data | |
| CN115599750A (en) | Intelligent substation virtual circuit checking method, system, equipment and storage medium | |
| CN111968356A (en) | Intelligent building energy consumption monitoring system and method | |
| CN117151445B (en) | Power grid dispatching knowledge graph management system and dynamic updating method thereof | |
| CN117251810A (en) | Substation equipment state evaluation early warning system and method based on digital twin platform | |
| CN117614115A (en) | Substation debugging and acceptance checking system and method based on artificial intelligence | |
| CN115755847A (en) | Industrial control system grade protection evaluation method and system | |
| CN112348306A (en) | TitanOS artificial intelligence development method and device for power distribution operation inspection | |
| CN109298698B (en) | Full-automatic monitoring system for energy consumption of public building | |
| CN113946941B (en) | Method and device for generating internet of things acquisition model of power distribution station room | |
| CN115794624A (en) | Closed-loop testing method and system for single automation device of intelligent substation | |
| CN115438093A (en) | Power communication equipment fault judgment method and detection system | |
| CN110162562B (en) | Intelligent delineation system and method and intelligent substation | |
| CN114114122A (en) | Intelligent distribution transformer terminal assembly line production verification method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20230307 |