摘要
近年来,工业控制系统信息安全问题频发,工控系统信息安全问题日益严峻。随着信息化技术在核能开发中的应用日益增多,核电站工控系统信息安全面临着越来越多的挑战。采用有效的风险评估方法评判工控系统的安全程度,有助于发现工控系统的薄弱环节,从而对其进行改造提升。本文从典型的工控系统出发,基于其可用性、完整性和机密性的安全目标,在层次模型的基础上建立了信息安全风险评估模型,并根据模糊数学及层次分析法建立了信息安全风险评估流程。通过仿真案例说明了评估方法的有效性,并针对实例提出了改进措施。
Information security problems of industrial control system(ICS)has been occurred frequently and it is getting worse in recent years.As the information technology has been deeply applied in nuclear energy filed,the information security of ICS in nuclear power plant faces much threats and challenges.In order to discover the weakness of the ICS in the facility,it is favored to utilize efficient risk assessment methods to evaluate the security level.Based on the basic features of ICS and the security goals(availability,integrity and confidentiality),the information security risk assessment model is established based on the hierarchy model.Then, the assessment process is constructed according to the fuzzy analytic hierarchy process(FAHP)method.The effectiveness of the evaluation method is illustrated by a simulation example,and the improvement measures are proposed.
作者
苑晨亮
马亮
崔家文
完晓原
Yuan Chenliang;Ma Liang;Cui Jiawen;Wan Xiaoyuan(The Forth Research and Design Engineering Corporation of CNNC(Hebei Nuclear Security Engineering Technology Center),Shijiazhuang 050021,China)
出处
《核安全》
2019年第3期67-73,共7页
Nuclear Safety
关键词
核能
工控系统
信息安全
风险评估
层次分析法
nuclear energy
industrial control system
information security
risk assessment
FAHP