An analysis of the recent major security incidents related to industrial control systems,revealed that most had been caused by company employees.Therefore,enterprise security management systems have been developed to ...An analysis of the recent major security incidents related to industrial control systems,revealed that most had been caused by company employees.Therefore,enterprise security management systems have been developed to focus on companies’personnel.Nonetheless,several hacking incidents,involving major companies and public/financial institutions,were actually attempted by the cooperative firms or the outsourced manpower undertaking maintenance work.Specifically,institutions that operate industrial control systems(ICSs)associated with critical national infrastructures,such as traffic or energy,have contracted several cooperative firms.Nonetheless,ICT’s importance is gradually increasing,due to outsourcing,and is the most vulnerable factor in security.This paper proposes a virtualized security management scheme for the resident cooperative firms in the industrial control infrastructure.Since such companies often cannot afford adequate investment in security,the scheme is to let an ICS company provide the virtualized system.One of its merits is the convenience of controlling a VDI server at the center.The cooperative firms were classified,based on their respective security levels,and statistics were collected throughout a four-year period for the results.This paper analyzes the policies and virtualization systems that have been applied to the security of the partner companies,which engaged in ICS security.A suitable model for ICS security was then proposed by analyzing their effects on the system efficiencies,based on the comparisons of the security inspection results obtained before and after virtualization.The proposed system is expected to contribute to industrial safety.展开更多
基金This research was supported by the Energy Cloud R&D Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Science,ICT(NRF2019M3F2A1073385).
文摘An analysis of the recent major security incidents related to industrial control systems,revealed that most had been caused by company employees.Therefore,enterprise security management systems have been developed to focus on companies’personnel.Nonetheless,several hacking incidents,involving major companies and public/financial institutions,were actually attempted by the cooperative firms or the outsourced manpower undertaking maintenance work.Specifically,institutions that operate industrial control systems(ICSs)associated with critical national infrastructures,such as traffic or energy,have contracted several cooperative firms.Nonetheless,ICT’s importance is gradually increasing,due to outsourcing,and is the most vulnerable factor in security.This paper proposes a virtualized security management scheme for the resident cooperative firms in the industrial control infrastructure.Since such companies often cannot afford adequate investment in security,the scheme is to let an ICS company provide the virtualized system.One of its merits is the convenience of controlling a VDI server at the center.The cooperative firms were classified,based on their respective security levels,and statistics were collected throughout a four-year period for the results.This paper analyzes the policies and virtualization systems that have been applied to the security of the partner companies,which engaged in ICS security.A suitable model for ICS security was then proposed by analyzing their effects on the system efficiencies,based on the comparisons of the security inspection results obtained before and after virtualization.The proposed system is expected to contribute to industrial safety.