04 Industrial control system security risks and protection
Industrial control system security vulnerability
According to the “Information Security technology Network security level protection Basic Requirements” (GB/T 22239-2019), the industrial control system is divided into production management layer, process monitoring layer, field control layer and field equipment layer, involving a variety of components, applications and communication protocols, if one link is not in place, it may lead to the entire industrial control system is attacked and affect production. Vulnerability is both managerial and technical:
Vulnerabilities at the management level include: imperfect security policies and systems, unclear security responsibilities, weak security awareness, imperfect security publicity and training, inadequate management and supervision, lack of supply chain management mechanism, insufficient data protection and backup management, and lack of emergency response mechanism.
Technical vulnerabilities include: improper security architecture design, outdated operating systems, delayed security patches, improper access control, improper protection against viruses or malicious programs, insecure communication protocols, inadequate network boundary protection, improper system configuration, weak physical and environmental protection, and missing or short log retention periods.
Industrial control system security threats
Threats can come from outside or inside the business, can be malicious or non-malicious, and can be caused by human or non-human factors such as natural disasters.
In terms of human factors, external threats mainly refer to attackers taking advantage of the vulnerability of the industrial control system to launch attacks through viruses (such as Stuxnet virus, ransomware virus), phishing and other means (such as APT-Advanced Persistent Threat attack) to penetrate the industrial control system network. Performing unauthorized operations or malicious damage. Attackers may include malware publishers, phishing or spammers, botnet operators, criminal groups, and more.
The threat of internal human factors mainly refers to disgruntled internal employees or industrial spies who take advantage of the defects in the management or technology of the industrial control system to delete the core data of the enterprise for malicious retaliation, or steal the core secrets of the enterprise for their own interests and sell them to competitors. In addition, due to the objective vulnerability of the industrial control system, when personnel access or operate the industrial control system, they may also cause damage and impact on the industrial control system because of non-malicious subjective wishes, such as misoperation.