工控系统主流通信协议脆弱性分析及防护措施

Vulnerability Analysis and Corresponding Security Precautions of Mainstream Communication Protocol for Industrial Control System

面对工控系统安全的威胁,对Modbus、CIP、IEC104和OPC四种主流通信协议的脆弱性展开分析,进而提出针对性的防护措施。分析表明,以上协议存在缺乏认证和授权机制、缺少完整性和机密性校验等共性问题。为实现有效安全防护,提出:1)根据不同协议的特性采取指标监测、定制化防护手段;2)在协议的开发应用阶段自定义完整性校验和身份认证等机制;3)实行纵深防御机制,采用工业防火墙、入侵检测技术等外围技术来弥补协议的先天性问题。综合研究工控系统主流通信协议的脆弱性,采取共性与个性相结合的防护措施,将有效保障石油等行业工控系统的安全运行,推进信息化与工业化深度融合。

Based on the threat situation in the security field of industrial control system, the vulnerability of 4 mainstream communication protocols, namely, Modbus, CIP, IEC104 and OPC are analyzed, and their corresponding security precautions are put forward. The above protocols have common problems including lack of authentication an authorization mechanism, and lack of integrity and confidentiality verification. In order to achieve effective protection, firstly, it is necessary to adopt index monitoring and customized protection means as per the characteristics of respective protocols; use peripheral technologies including industrial firewall and intrusion detection technology to make up the congenital problems of these protocols; secondly, one should customize the mechanism of integrity verification and identity authentication in the development and application stage of these protocols; The three is to implement the defense mechanism in depth, using industrial firewall, intrusion detection technology and other peripheral technology to make up for the inherent problems of the agreement. Focusing on the vulnerability of the mainstream communication protocols for industrial control system, the security precautions integrating the commonness and individuality will effectively guarantee the safe operation of the industrial control system in the fields including petroleum, and promote the deep integration of information and industrialization.