摘要
工业控制系统(Industrial Control Systems,ICSs)是关系国计民生的关键基础设施系统。针对工业控制系统的网络攻击可造成严重的经济损失和社会负面效应。随着工业互联网的发展,越来越多的工业控制系统接入互联网,在提高生产效率的同时,也使得工业控制系统面临着更加严峻的网络攻击威胁态势。由此,企业会部署各类安全措施,以期有效保护系统。然而,由于“攻防不对等”,防御者普遍缺乏对于攻击的有效了解,所部署安全措施的防护效果无法做出有效的评估,从而难以做出改进。ICS ATT&CK(Adversarial Tactics,Techniques and Common Knowledge)框架的提出,为工控领域提供了统一的攻击战术、技术知识库。该框架可有效指导工业控制系统的安全防护建设。本文针对工业控制系统所面临的检测能力评估、防护策略制定、威胁狩猎等难题,结合美国国家标准和技术协会(NIST)提出的IPDRR(Identify-Protect-Detection-Respond-Recover)能力模型、钻石模型(Diamond Model)等,探索利用ICS ATT&CK框架制定更加稳健的工业控制系统安全防护策略,为企业的网络安全防护体系建设提供借鉴和指导。
Industrial Control Systems(ICSs)are critical systems related to national economy and people’s livelihood.Cyberattack on ICSs can cause serious economic loss and social negative effect.With the development of industrial Internet,more and more ICSs are connected to the Internet,which not only improves the production efficiency,but also makes ICSs face more serious cyberthreats.Therefore,enterprises would deploy various security measures to pursue effective protection.Due to the“inequality of attack and defense”,defenders generally lack a comprehensive understanding of cyberattacks,and the effectiveness of the deployed security measures cannot be evaluated,making it impossible to improve cybersecurity.The ICS ATT&CK(adversarial tactics,techniques and common knowledge)framework,proposed by MITRE,provides a unified adversary tactics and techniques knowledge base based on real-world observations for industrial control field.This framework can effectively guide the construction of cybersecurity protection for ICSs.Aiming at the problems faced by ICSs,such as detection capability evaluation,defense strategy development and threat hunting,this paper explores how to use the ICS ATT&CK framework to improve ICS cybersecurity combining IPDRR(Identify-Protect-Detection-Respond-Recover)and diamond model.This may provide reference and guidance for the construction of cybersecurity protection for enterprises.
作者
杨子怡
李璇
Yang Ziyi;Li Xuan(College of Electrical Engineering&New Energy,China Three GorgesUniversity,Yichang Hubei,443002;Nsfocus Technologies Group Co.,Ltd.,Bejing,100089)
出处
《工业信息安全》
2023年第1期18-26,共9页
Industry Information Security
关键词
工业控制系统
ATT&CK
检测能力评估
防护策略制定
威胁狩猎
Industrial Control Systems,ATT&CK
Detection Capability Evaluation
Defense Strategy Development
Threat Hunting
