АНАЛИЗ ПРОБЛЕМ КИБЕРБЕЗОПАСНОСТИ В АСУ ТП - Проблемы Информационных Технологий

АНАЛИЗ ПРОБЛЕМ КИБЕРБЕЗОПАСНОСТИ В АСУ ТП - Проблемы Информационных Технологий

АНАЛИЗ ПРОБЛЕМ КИБЕРБЕЗОПАСНОСТИ В АСУ ТП - Проблемы Информационных Технологий

АНАЛИЗ ПРОБЛЕМ КИБЕРБЕЗОПАСНОСТИ В АСУ ТП - Проблемы Информационных Технологий

АНАЛИЗ ПРОБЛЕМ КИБЕРБЕЗОПАСНОСТИ В АСУ ТП - Проблемы Информационных Технологий
АНАЛИЗ ПРОБЛЕМ КИБЕРБЕЗОПАСНОСТИ В АСУ ТП - Проблемы Информационных Технологий
НАЦИОНАЛЬНАЯ АКАДЕМИЯ НАУК АЗЕРБАЙДЖАНА

№2, 2021

АНАЛИЗ ПРОБЛЕМ КИБЕРБЕЗОПАСНОСТИ В АСУ ТП

Имамвердиев Ядигар Н.

Автоматизированные системы управления технологическими процессами (АСУ ТП) широко используются для управления и мониторинга производства, снабжения электроэнергией, водоснабжения и очистки, нефтяной и нефтехимической промышленности, ядерной энергетики, транспортных систем, железных дорог и метрополитенов, они являются мозгом и основой операций в этих важнейших национальных инфраструктурах. Нарушение работы критически важной инфраструктуры может иметь быстрое и возрастающее воздействие на общество, усугубляемое высокой степенью взаимозависимости между критически важными инфраструктурами. В 2009 году вредоносное ПО Stuxnet продемонстрировало реальность и серьезность кибербезопасности АСУ ТП. В связи с широким применением концепции Индустрия 4.0 кибербезопасность АСУ ТП приобретает особую актуальность. В статье представлена краткая информация о сущности и компонентах АСУ ТП, дан краткий анализ текущего состояния их кибербезопасности. Исследования по оценке кибербезопасности АСУ ТП анализируются в областях управления рисками, методов обнаружения и анализа вредоносного программного обеспечения, технологий honeynet для мониторинга кибербезопасности и создания тестовых стендов для оценки кибербезопасности, а также для открытых исследовательских проблем в этих областях. Основные методы исследования: моделирование, сравнительные и описательные методы, методы аналогии, анализа и синтеза; основные исследовательские подходы − систематический, комплексный и ситуативный. Ожидается, что результаты будут полезны при формировании и развитии инфраструктуры кибербезопасности промышленных систем управления в стране, совершенствовании научных исследований в области кибербезопасности SIS, а также разработке и практической реализации комплекса мер для национальной информации (стр.16-29).

Ключевые слова: автоматизированные системы управления технологическими процессами, SCADA, PLC, критическая национальная инфраструктура, кибербезопасность.
DOI : 10.25045/jpit.v12.i2.02
Литература
  • Benias N., Markopoulos A.P. A review on the readiness level and cyber-security challenges in Industry 4.0 / South Eastern European Design Automation, Computer Engineering, Computer Networks and Social Media Conference, 2017, pp. 1–5.
  • Macaulay T., Singer B.L. Cybersecurity for industrial control systems: SCADA, DCS, PLC, HMI, and SIS. Auerbach Publications, 2011, 203 p.
  • Krotofil M., Gollmann D. Industrial control systems security: What is happening? / Proc. of the 11th IEEE International Conference on Industrial Informatics, 2013, 670–675.
  • Angle M.G., Madnick S., Kirtley J.L., Khan S. Identifying and anticipating cyberattacks that could cause physical damage to industrial control systems // IEEE Power and Energy Technology Systems Journal, 2019, vol. 6, no.4, pp. 172–182.
  • Xu Y., Yang Y., Li T., Ju J., Wang Q. Review on cyber vulnerabilities of communication protocols in industrial control systems / IEEE Conference on Energy Internet and Energy System Integration, 2017, pp. 1–6.
  • Morris T.H., Gao W. Industrial control system cyber attacks / Proc. of the 1st International Symposium for ICS & SCADA Cyber Security Research, 2013, pp. 22–29.
  • Bencsáth B., Pék G., Buttyán L., Felegyhazi M. The cousins of Stuxnet: Duqu, Flame, and Gauss // Future Internet, 2012, vol. 4, no.4, pp. 971–1003.
  • Karnouskos S. Stuxnet worm impact on industrial cyber-physical system security / Proc. of the 37th Annual Conference of the IEEE Industrial Electronics Society, 2011, pp. 4490-4494.
  • Hemsley K., Fisher R. A history of cyber incidents and threats involving industrial control systems / International Conference on Critical Infrastructure Protection, 2018, pp. 215–242.
  • McLaughlin S., Konstantinou C., Wang X., Davi L., Sadeghi A.R., Maniatakos M., Karri R. The cybersecurity landscape in industrial control systems // Proceedings of the IEEE, 2016, vol. 104, no.5, pp. 1039–1057.
  • Peng Y., Jiang C., Xie F., Dai Z., Xiong Q., Gao Y. Industrial control system cybersecurity research // Journal of Tsinghua University Science and Technology, 2012, vol. 52, no.10, pp. 1396–1408.
  • Bhamare D., Zolanvari M., Erbad A., Jain R., Khan K., Meskin N. Cybersecurity for industrial control systems: A survey // Computers & Security, 2020, vol. 89, Article 101677, 23 p.
  • Asghar M. R., Hu Q., Zeadally S. Cybersecurity in industrial control systems: Issues, technologies, and challenges // Computer Networks, 2019, vol. 165, Article 106946, 16 p.
  • Alladi T., Chamola V., Zeadally S. Industrial control systems: Cyberattack trends and countermeasures // Computer Communications, 2020, vol. 155, pp. 1-8.
  • Rubio J. E., Alcaraz C., Roman R., Lopez J. Current cyber-defense trends in industrial control systems // Computers & Security, 2020, vol. 87, Article 101561, 12 p.
  • Babu B., Ijyas T., Muneer P., Varghese J. Security issues in SCADA based industrial control systems / Proc. of the 2nd International Conference on Anti-Cyber Crimes,2017, pp. 47–51.
  • Knowles W., Prince D., Hutchison D., Disso J.F.P., Jones K. A survey of cyber security management in industrial control systems // International Journal of Critical Infrastructure Protection, 2015, vol. 9, pp. 52–80.
  • Eckhart M., Brenner B., Ekelhart A., Weippl E.R. Quantitative security risk assessment for industrial control systems: Research opportunities and challenges // Journal of Internet Services and Information Security, 2019, vol. 9, no.3, pp. 52–73.
  • Cherdantseva Y., Burnap P., Blyth A., Eden P., Jones K., Soulsby H., Stoddart K. A review of cyber security risk assessment methods for SCADA systems // Computers & Security, 2016, vol. 56, pp. 1–27.
  • Guo Y., Lou X., Bajramovic E., Waedt K. Cybersecurity risk analysis and technical defense architecture: Research of ICS in nuclear power plant construction stage /  of the 3rd IAEA International Conference on Nuclear Security: Sustaining and Strengthening Efforts, 2020, 9 p.
  • Cárdenas A.A., Amin S., Lin Z.S., Huang Y.L., Huang C.Y., Sastry S. Attacks against process control systems: risk assessment, detection, and response / Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security,2011, pp. 355–366.
  • Abdo H., Kaouk M., Flaus J.M., Masse F. A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie–combining new version of attack tree with bowtie analysis // Computers & Security, 2018, vol. 72, pp. 175–195.
  • Stouffer K., Lightman S., Pillitteri V., Abrams M., Hahn A. Guide to industrial control systems (ics) security – NIST Special Publication (SP) 800-82 revision 2. NIST, Tech. Report, 2015, 247 p.
  • Komatwar R., Kokare M. A survey on malware detection and classification // Journal of Applied Security Research, 2020, pp. 1–31.
  • Fovino I.N., Carcano A., Masera M., Trombetta A. An experimental investigation of malware attacks on SCADA systems // International Journal of Critical Infrastructure Protection, 2009, vol. 2, no.4, pp. 139–145.
  • Peng Y., Liang J., Xu G. Malware detection method for the industrial control systems / Proc. of the 4th International Conference on Cloud Computing and Intelligence Systems, 2016, pp. 255–259.
  • Jain G., Raghuwanshi S., Vishwakarma G. Hardware trojan: Malware detection using reverse engineering and SVM / International Conference on Intelligent Systems Design and Applications, 2017, pp. 530–539.
  • Zhang J., Qin Z., Yin H., Ou L., Hu Y. IRMD: malware variant detection using opcode image recognition / IEEE 22nd International Conference on Parallel and Distributed Systems, 2016, pp. 1175–1180.
  • Di Pinto A., Dragoni Y., Carcano A. TRITON: The first ICS cyber attack on safety instrument systems / Proc. Black Hat USA, 2018, pp. 1–26.
  • Zimba A., Wang Z., Chen H. Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems // ICT Express, 2018, vol. 4, no.1, pp. 14–18.
  • Zonouz S., Rrushi J., McLaughlin S. Detecting industrial control malware using automated PLC code analytics // IEEE Security & Privacy, 2014, vol. 12, no.6, pp. 40–47.
  • Jiang Y., Yin S., Kaynak O. Data-driven monitoring and safety control of industrial cyber-physical systems: Basics and beyond // IEEE Access, 2018, vol. 6, pp. 47374-47384.
  • Arnold C., Butts J., Thirunarayan K. Detecting integrity attacks on industrial control systems / International Conference on Critical Infrastructure Protection, 2014, pp. 3–13.
  • Liu J., Zhang W., Ma T., Tang Z., Xie Y., Gui W., Niyoyita J.P. Toward security monitoring of industrial cyber-physical systems via hierarchically distributed intrusion detection // Expert Systems with Applications, 2020, 23 p.
  • Kravchik M., Shabtai A. Detecting cyber attacks in industrial control systems using convolutional neural networks / Proceedings of the Workshop on Cyber-Physical Systems Security and Privacy, 2018, pp. 72–83.
  • Huda S., Yearwood J., Hassan M. M., Almogren A. Securing the operations in SCADA-IoT platform based industrial control system using ensemble of deep belief networks // Applied Soft Computing, 2018, vol. 71, pp. 66-77.
  • Hosic J., Lamps J., Hart D H. Evolving decision trees to detect anomalies in recurrent ICS networks / World Congress on Industrial Control Systems Security, 2015, pp. 50–57.
  • Hu Y., Yang A., Li H., Sun Y., Sun L. A survey of intrusion detection on industrial control systems // International Journal of Distributed Sensor Networks, 2018, vol. 14, no.8, 14 p.
  • Dutta N., Jadav N., Dutiya N., Joshi D. Using honeypots for ICS threats evaluation / Recent Developments on Industrial Control Systems Resilience, 2020, pp. 175–196.
  • Guarnizo J.D., Tambe A., Bhunia S.S., Ochoa M., Tippenhauer N.O., Shabtai A., Elovici Y. Siphon: Towards scalable high-interaction physical honeypots / Proc. of the 3rd ACM Workshop on Cyber-Physical System Security, 2017, pp. 57–68.
  • Serbanescu A.V., Obermeier S., Yu D.Y. ICS threat analysis using a large-scale honeynet / The 3rd International Symposium for ICS & SCADA Cyber Security Research, 2015, pp. 20–30.
  • Antonioli D., Agrawal A., Tippenhauer N.O. Towards high-interaction virtual ICS honeypots-in-a-box / Proc. of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, 2016, pp. 13–22.
  • Fan W., Du Z. Fernández D. Taxonomy of honeynet solutions / SAI Intelligent Systems Conference, 2015, pp. 1002–1009.
  • Antonioli D., Tippenhauer N.O. MiniCPS: A toolkit for security research on CPS networks // of the 1st ACM Workshop on Cyber-Physical Systems Security and Privacy, 2015, pp. 91–100.
  • Abe S., Tanaka Y., Uchida Y., Horata S. Developing deception network system with traceback honeypot in ICS network // SICE Journal of Control, Measurement, and System Integration, 2018, vol. 11, no.4, pp. 372–379.
  • Jicha A., Patton M., Chen H. SCADA honeypots: An in-depth analysis of Conpot / IEEE Conference on İntelligence and Security İnformatics, 2016, pp. 196–198.
  • Buza D. I., Juhász F., Miru G., Félegyházi M., Holczer T. CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot / International Workshop on Smart Grid Security, 2014, pp. 181–192.
  • Cao J., Li W., Li J., Li B. Dipot: A distributed industrial honeypot system / International Conference on Smart Computing and Communication, 2017, pp. 300–309.
  • Holm H., Karresand M., Vidström A., Westring E. A survey of industrial control system testbeds / Nordic Conference on Secure IT Systems, 2015, pp. 11–26.
  • Green B., Derbyshire R., Knowles W., Boorman J., Ciholas P., Prince D., Hutchison D. ICS testbed Tetris: Practical building blocks towards a cyber security resource / Proc. of the 13th USENIX Workshop on Cyber Security Experimentation and Test, 2020, pp. 1–13.
  • Keliris, A., Konstantinou, C., Tsoutsos, N. G., Baiad, R., Maniatakos, M. Enabling multi-layer cyber-security assessment of Industrial Control Systems through hardware-in-the-loop testbeds / Proc. of the 21st Asia and South Pacific Design Automation Conference, 2016, pp. 511–518.
  • Hallaq B., Nicholson A., Smith R., Maglaras L., Janicke H., Jones K. CYRAN: a hybrid cyber range for testing security on ICS/SCADA systems / Cyber Security and Threats: Concepts, Methodologies, Tools, and Applications, 2018, pp. 622–637.
  • Craggs B., Rashid A., Hankin C., Antrobus R., Serban O., Thapen N. A reference architecture for IIoT and industrial control systems testbeds / Living in the Internet of Things, 2019, 8 p.
  • Christiansson H., & Luiijf E. Creating a European SCADA security testbed / International Conference on Critical Infrastructure Protection, 2007, pp. 237–247.
  • Korkmaz E., Dolgik, A., Davi, M., Skormi, V. Industrial control systems security testbed / Proc. of the 11th Annual Symposium on Information Assurance, 2016, pp. 1–6.
  • Vaughn Jr, R.B., Morris T. Addressing critical industrial control system cyber security concerns via high fidelity simulation / Proc. of the 11th Annual Cyber and Information Security Research Conference, 2016, pp. 1–4.