摘要
电力工控系统是国家关键基础设施的重要组成部分,其安全性关系到国家的战略安全,已成为网络攻击的重要目标。随着"互联网+"和"两化融合"国家战略规划的大规模推进,以及信息安全攻击手段的日新月异,电力工控系统信息安全面临更复杂的内外部威胁。目前,电力工控系统安全面临着工控协议安全机制缺失或不足、产品测评和漏洞验证深度不够等问题,文章提出了动静结合的工控协议脆弱性分析技术,构建了半实物仿真验证平台,实现了电力工控系统工具模拟验证,能够深层次发现电力工控协议自身的脆弱性,探讨解决电力工控系统恶意攻击机理不明确和验证手段缺失的难题,可为电力工控系统的攻击与防护研究提供支撑。
Electric power industrial control system is an important part of the national key infrastructure, and its security has relation with the national strategic security, which becomes an important target of network attacks. With the large-scale advance of national strategic planning for "Internet plus" and "two fusion", as well as attacks becoming more sophisticated with each passing day, power industrial control system information security is facing more complex internal and external threats. At present, the security of power industrial control system faces several problems, such as lack of security mechanism of industrial control protocol, product evaluation and vulnerability verification is not enough and so on. This paper presents an industrial protocol vulnerability analysis based on combination of static and dynamic analysis and constructs a hardware-in-the-loop simulation platform. Also, it deeply helps to discover the vulnerability of the power industrial control protocol. This paper discusses the solution to the malicious attack towards electric power industrial control system and the lacking of evaluation methods, which provides the basis for the research of attack and protection for electric power industrial control system.
出处
《电力信息与通信技术》
2017年第6期9-14,共6页
Electric Power Information and Communication Technology
基金
国家电网公司科技项目"面向电力工控系统的攻击仿真验证技术研究"(52110417001B)
关键词
电力工业控制系统
工控协议
攻击仿真
信息安全
industrial control system of electric power
industrial control protocol
attack simulation
information security
