《工业控制系统信息安全》专刊第二辑连载
——工业控制系统信息安全标准研究进展

作者:重庆邮电大学工业物联网与网络化控制教育部重点实验室 王浩,陈瑞祥,王平,王朝美
  点击数:6687  发布时间:2016-01-07 09:47
分享到: QQ空间 新浪微博 腾讯微博 微信 更多
伴随着信息化、智能化、数字化和网络化的发展,互联网等公共网络的接入打破了工业控制系统以往的封闭性。与此同时,与IT网络的互联给工业控制网络带来了更多的安全威胁与挑战。解决工业控制系统信息安全问题,迫切需要完善技术标准作支撑。本文从工业控制系统面临的安全威胁出发,阐述了 国际工业控制系统信息安全标准的主要成果,分析了我国工业控制系统信息安全标准研究现状,为我国建立完善的工业控制网络安全标准体系提供了参考依据,推动国家工业控制系统信息安全防护体系的建设,保障国民生产的安全。
关键词:安全威胁 ,研究进展 ,安全标准 ,工业控制系统


    4 结语

    伴随着“工业4.0”概念的提出,工业控制系统将会朝着信息化、网络化、智能化、数字化的方向发展。然而,也因如此,工业控制系统会面临更多的安全问题,只要充分考虑工业控制系统的运行特点,分析系统中的安全威胁,及时制定更为全面的安全标准协议,为安全技术的研究和开发提供可靠的基础,在不远的将来,一定可以在这一场崭新的网络攻防战中占据先机和主动。


参考文献:

[1] 北京神州绿盟信息安全科技股份有限公司.2013工业控制系统及其安全性研究报告[R]. http://www.nsfocus.com/report/NSFOCUS_ICS_Security_Report_20130624.pdf, 2014-10-10.

[2] ICS-CERT_Monitor_April-June2013_3[Z].

[3] ICS-CERT_Monitor_Jan-Mar2013[Z].

[4] European Network and Information Security Agency, Protecting Industrial Control Systems - Recommendations for Europe and Member States[R], Heraklion,Crete, Greece, 2011.

[5] International Organization for Standardization, Information Technology - Security Techniques - Code of Practice for Information Security Management[S]. ISO/IEC 27002:2005,Geneva, Switzerland, 2005.

[6] U.S. Department of Defense, Risk Management Framework (RMF) for DoD Information Technology (IT), Department of Defense Instruction 8510.01[S]. Washington, DC, 2014.

[7] National Institute of Standards and Technology, Personal Identity Verification (PIV) of Federal Employees and Contractors, FIPS PUB 201-2[S]. Gaithersburg, Maryland, 2013.

[8] National Institute of Standards and Technology, Standards for Security Categorization of Federal Information and Information Systems, FIPS PUB 199[S]. Gaithersburg, Maryland, 2004.

[9] National Institute of Standards and Technology, Minimum Security Requirements for Federal Information and Information Systems, FIPS PUB 200[S]. Gaithersburg, Maryland, 2006.

[10] National Institute of Standards and Technology, Industrial Control System Security (ICS)[S]. Gaithersburg, Maryland (csrc.nist. gov/groups/SMA/fisma/ics), 2014.

[11] K. Stouffer, J. Falco and K. Scarfone, Guide to Industrial Control Systems (ICS) Security, NIST Special Publication 800-82, National Institute of Standards and Technology[S]. Gaithersburg,
Maryland, 2011.

[12] National Institute of Standards and Technology, Security and Privacy Controls for Federal Information Systems and Organizations, NIST Special Publication 800-53, Revision 4[S]. Gaithersburg, Maryland, 2013.

[13] M. Wilson, D. de Zafra, S. Pitcher, J. Tressler and J. Ippolito, Information Technology Security Training Requirements: A Roleand Performance-Based Model, NIST Special Publication 800-16, National Institute of Standards and Technology[S]. Gaithersburg, Maryland, 1998.

[14] M. Swanson, J. Hash and P. Bowen, Guide for Developing Security Plans for Federal Information Systems, NIST Special Publication 800-18, Revision 1, National Institute of Standards and Technology[S]. Gaithersburg, Maryland, 2006.

[15] National Institute of Standards and Technology, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach, NIST Special Publication
800-37, Revision 1[S]. Gaithersburg, Maryland, 2010.

[16] International Electrotechnical Commission, Industrial Communication Networks - Network and System Security-Part 1-1: Terminology, Concepts and Models, IEC/TS 62443-1-1 ed1.0[S]. Geneva, Switzerland, 2009.


[17] International Society of Automation, Security for Industrial Automation and Control Systems, Part 2-1: Industrial Automation and Control System Security Management System, ISA-62443-2-1
(99.02.01)[S]. Research Triangle Park, North Carolina, 2012.

[18] International Society of Automation, Security for Industrial Automation and Control Systems, Part 3-2: Security Risk Assessment and System Design, ISA-62443-3-2[S]. Research Triangle Park,
North Carolina, 2013.


[19] C. Alcaraz and J. Lopez, Analysis of requirements for critical control systems[J]. International Journal of Critical Infrastructure Protection, 2012, 5(3-4): 137 - 145.


[20] Swedish Emergency Management Agency, Guide to Increased Security in Process Control Systems for Critical Societal Functions[S]. Stockholm, Sweden, 2008.


作者简介

王浩(1975-),男,重庆人,教授,博士,现就职于重庆邮电大学工业物联网与网络化控制教育部重点实验室,主要研究方向为工业控制网络安全,无线自组网安全。

陈瑞祥(1992-),男,重庆人,重庆邮电大学在读研究生,主要研究方向为工业物联网安全数据融合,工业控制网络安全。

王平(1963-),男,重庆人,教授,博士,现任重庆邮电大学自动化学院院长,主要研究方向为工业以太网技术、无线控制网络技术、智能检测技术与仪表、物流自动化方面等。


王朝美(1991-),男,湖北人,重庆邮电大学在读研究生,主要研究方向为工业控制网络安全。


上一页 1 2 下一页
相关文章


热点新闻
推荐产品