Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e ›...
Transcript of Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e ›...
![Page 1: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/1.jpg)
Dr. Xiao Junfang
Electronic Technology Information Research
Institute, Ministry of Industry and Information (ETIRI)
Information Security Risk Analysis of
Industrial Control System
![Page 2: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/2.jpg)
Information Security Situation of Industrial Control Systems
Information Security Risks of Industrial Control Systems
Suggestion of Strengthening the Security of Industrial Control Systems
ETIRI
![Page 3: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/3.jpg)
Information Security Situation of Industrial Control Systems
ETIRI
![Page 4: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/4.jpg)
Source from ICS-CERT
1. The number of vulnerabilities remains high, and the attack difficulty is decreasing
ETIRI
![Page 5: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/5.jpg)
Hackers can find industrial control systems with the following three ways at least:
1. Search through google and other
web search engines. 2. Search through host search
engine such as Shodan. 3. Match the network fingerprint
characteristics on private protocol
and port for
communication
industrial control
through online
monitoring platform.
1. The number of vulnerabilities remains high, and the attack difficulty is decreasing
ETIRI
![Page 6: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/6.jpg)
1. The number of vulnerabilities remains high, and the attack difficulty is decreasing
ETIRI
![Page 7: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/7.jpg)
197
257 245
295 290
0
50
100
150
200
250
300
350
2012年 2013年 2014年 2015年 2016年
2. Industrial Control System Information Security incidents are frequent,
and the scope of influence is wide
ETIRI
Source from ICS-CERT
![Page 8: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/8.jpg)
In 2011, the virus Duqu attacked the energy
industries in the Middle East and Europe.
In 2012, the energy industry in the Middle
East was infected with the virus Flame.
In 2010, the virus Stuxnet attacked the
Bushehr Nuclear Power Plant in Iran
2. Industrial Control System Information Security incidents are frequent,
and the scope of influence is wide
In 2014, the energy industry in Europe and
America was infected with the malware Havex.
ETIRI
![Page 9: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/9.jpg)
Ukrainian power grid blackout by “blackenergy”
2. Industrial Control System Information Security incidents are frequent,
and the scope of influence is wide
ETIRI
half of the US Internet down by DDoS attack
![Page 10: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/10.jpg)
3. The ransomware attack against industrial control system is worth
paying attention
The number of recorded ransomware families largely increased by 748%.
2015 2016
3800000
638000000
The number of traceable ransomware attacks
ETIRI
![Page 11: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/11.jpg)
In 2016, the subway system in San
Francisco was attacked by blackmail software.
In 2017, a global large-scale "Wannacry"
infection incident occurred.
In the future, ransomware attacks are very likely to influence the industrial control system.
.
ETIRI
3. The ransomware attack against industrial control system is worth
paying attention
![Page 12: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/12.jpg)
Information Security Risks of Industrial Control Systems
ETIRI
![Page 13: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/13.jpg)
1. The connection of ICS to Internet has become prevalent, and the traditional information
security threats continue to penetrate into ICS
ETIRI
![Page 14: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/14.jpg)
2. The traditional information security protection mode is difficult to
protect the ICS security effectively
characteristic of IT security: Confidentiality,
integrity, availability
IT security protection mode is no longer
applicable
ETIRI
![Page 15: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/15.jpg)
3.The security protection means of industrial control system are required
to meet the system’s characteristics of high availability and real-time
performance
The industrial control systems in petroleum refining, power and other sectors with
automatic process should run continuously for 7*24 hours.
ETIRI
![Page 16: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/16.jpg)
4. Enterprises’ consciousness of industrial control system security is weak
and their management and protection capabilities are not enough
Weak consciousness Lack of Management mechanism
ETIRI
![Page 17: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/17.jpg)
Suggestion of Strengthening the Security of Industrial Control Systems
We do We hope
Risks Assessment
Simulation Test
Threat Monitoring
Technical Research Fight against cybercrime
Standard development
Technical exchanges
Information sharing
ETIRI
![Page 18: Information Security Risk Analysis of Industrial Control ... › english › tratop_e › tbt_e › tbtrisk... · Source from ICS-CERT 1. The number of vulnerabilities remains high,](https://reader033.fdocuments.us/reader033/viewer/2022060422/5f1907213d19901d74249ffd/html5/thumbnails/18.jpg)
ETIRI