industrial background
For our country, the important issue facing the security of industrial control systems is the issue of independent controllability, and our country relies heavily on foreign equipment and technology in the field of industrial control. According to the survey and statistics of China Industrial Information Research Network, among the more than 5,000 important industrial control systems in the country, more than 95% of the industrial control system operating systems use foreign products; in my country's industrial control system products, foreign products have occupied most of them. In the market, for example, the market share of PLC domestic products is less than 1%, and 95% of the logic controllers used in the industry come from foreign brands such as Schneider (France), Siemens (Germany), and Fanuc (Japan).
Taking Yangzhou City as an example, since January 2014, a survey on the basic situation of important industrial control systems in key industries has been launched throughout the city. Statistics show that 24 enterprises in the city have a total of 1,213 key industrial control systems, mainly belonging to the chemical and electric power industries. and urban public utility services. The programmable logic controller (PLC) produced by Germany's Siemens company and the distributed control system (DCS) produced by my country's Zhejiang Zheda Central Control Co., Ltd. are widely used in industrial enterprises in Yangzhou, and the PLC produced by Germany's Siemens company accounts for all surveyed enterprises. 87% of the total number of industrial control systems, accounting for more than 95% of the total number of PLC applications in all surveyed enterprises.
Industrial control system (hereinafter referred to as industrial control system) is an important part of national infrastructure and the core of industrial infrastructure. It is widely used in oil refining, chemical industry, electric power, power grid, water plant, transportation, water conservancy and other fields. Its availability and real-time High security requirements and long system life cycle are the key targets of information warfare. At present, my country is in a stage of rapid development in related fields such as industrial control system network security technology research and industrial development, and its protection capabilities and emergency response capabilities are relatively low. In particular, a large number of foreign products are used in key industrial control systems, and the security of key systems is controlled by others. The industrial control system of important infrastructure has become the target of external penetration attacks.
legal level
At present, my country has incorporated the information network security of critical infrastructure into the "Network Security Law of the People's Republic of China".
Among them, Article 21 states that the country implements a network security graded protection system. Network operators shall, in accordance with the requirements of the network security level protection system, perform the following security protection obligations, protect the network from interference, destruction or unauthorized access, and prevent network data from being leaked or stolen or tampered with:
(1) Formulate internal security management systems and operating procedures, determine the person in charge of network security, and implement network security protection responsibilities;
(2) Take technical measures to prevent computer viruses, network attacks, network intrusions and other acts that endanger network security;
(3) Take technical measures to monitor and record network operation status and network security incidents, and keep relevant network logs for no less than six months in accordance with regulations;
(4) Take measures such as data classification, backup and encryption of important data;
(5) Other obligations stipulated by laws and administrative regulations.
Among them, Article 31 of the state’s public communications and information services, energy, transportation, water conservancy, finance, public services, e-government and other important industries and fields, as well as other important industries and fields that may seriously endanger the country if they are damaged, lose their functions, or leak data. Key information infrastructure for security, national economy and people's livelihood, and public interest shall be protected on the basis of a network security graded protection system. The specific scope and security protection measures of critical information infrastructure shall be formulated by the State Council.
Industrial Control Network Security Features
First of all, industrial control network security is part of the critical infrastructure, and it is a critical part. Critical infrastructure includes public communication and information services, energy, transportation, water conservancy, finance, public services, e-government and other important industries and fields. Among them, industries such as energy, transportation, and water conservancy have industrial control systems. With the release of national policies such as "Internet +" and "Made in China 2025", the interconnection of industrial control systems with traditional IT networks and the Internet has become irresistible. Among them, network security issues are particularly prominent.
Industrial control networks include a variety of technological scenarios. Currently popular new technologies such as smart manufacturing, smart factories, smart cities, smart water conservancy, and smart power plants all belong to the category of industrial control network security. New technologies, new networks, and new directions will drive the development of these industries, but the security of networks, information, and data has become a new research direction.
Secondly, industrial control network security touches every corner of life. With the advent of the Internet of Things, data from all walks of life will be collected, processed, and summarized. Once a network security incident occurs, it will affect the whole body. Those who have experience in hacking or infiltration will know that the exposed network security incidents are only the tip of the iceberg. When a network security incident is revealed, all the internal data has been peeped.
Finally, industrial control network security is a multi-disciplinary, multi-technical, and multi-field cross-category. The basic major of the industrial control industry itself is automation major, which is a multidisciplinary interdisciplinary major, which involves computer, electrical and electronics, instrumentation, communication and information. Industrial control networks involve many industries, such as energy, transportation, and water conservancy. Multi-technology includes control technology, process technology, information technology, network technology, communication technology, storage technology and so on.
Overview of Industrial Control Network Security
"Industrial control" means "industrial control". Industrial control system (ICS, Industrial Control System) is a general term for a type of control system used in industrial production. It includes PLC control system (PLC, Programmable Logic Controller), distributed control system ( DCS, Distributed Control System), Supervisory Control and Data Acquisition (SCADA, Supervised Control And Data Acquisition) system, etc. The PLC control system is a control system composed of PLCs connected to each other. The loose connection between PLCs and PLCs makes it difficult to coordinate high-precision control. It is mainly used in small-scale production processes, such as filling lines, mail distribution lines, etc. . Distributed control system (DCS), also known as distributed control system, is used for large-scale continuous process control and is suitable for industrial sites with many measurement and control points, high precision and fast response speed, such as power generation, oil refinery, sewage treatment, chemical industry wait. Data Acquisition and Supervisory Control System (SCADA), also known as configuration monitoring software in China, mainly realizes the production process and thing management in the wide-area environment. Most of its specific control work also needs to rely on the control equipment in the field environment. Power systems, oil pipelines and rail transit, etc.
The industrial control system can be simply divided into two parts: the process control network and the field control network. A variety of key industrial control components are deployed in the process control network, and a remote transmission link is formed through the SCADA server (MTU) and the remote terminal unit (RTU).
The process control network is connected downward with the field control network. On the one hand, the fieldbus control and acquisition equipment (PLC or RTU) transmits the state of the field equipment to the process control network; on the other hand, it can also process some simple logic programs by itself to complete most of the control logic functions of the field control network, such as Flow and temperature, reading sensor data, etc.
The process control network is connected upwards to the enterprise information network. In the enterprise information network, the enterprise resource planning (ERP) server and the manufacturing execution system (MES) server are closely connected with the industrial control system.
In the enterprise information network, mail, Web, ERP and other services need to be connected to the Internet, while MES needs to be connected to the industrial control system to obtain various data of the production process and issue production tasks. Various viruses and Trojan horses use this channel to enter the enterprise information system, and then enter the industrial control system, which has become the main source of security threats to the industrial control system. With the rapid development of information technology, the widespread use of emerging technologies and applications such as wireless connections, mobile storage media (U disks), remote maintenance and upgrades in industrial control systems has introduced more security risks to industrial control systems.
Industrial control network security learning content
1. Industry characteristics
The traditional information system aims to use computer and Internet technology to realize data processing and information sharing, while the industrial control system aims to use computer, Internet, microelectronics and electrical technologies to make the production and manufacturing process of factories more automated, efficient and precise , and has controllability and visibility, it emphasizes the intelligent control, monitoring and management of industrial automation processes and related equipment.
2. Industrial control equipment
The traditional information system is a computer network composed of Internet protocols; the industrial control system is a multi-level network composed of PLC, RTU, DCS, SCADA and other industrial control equipment and systems.
3. Industrial control operating system
The operating systems commonly used in traditional information systems, such as Windows, UNIX, Linux, etc., have relatively strong protection functions; while industrial control systems widely use embedded operating systems, such as VxWorks, uCLinux, WinCE, etc., and may perform function reduction or custom made.
4. Network protocol
Traditional information systems mainly use TCP/IP stacks (application layer protocols HTTP, FTP, SMTP, etc.); industrial control systems generally use dedicated communication protocols or protocols (OPC, Modbus, DNP3, etc.) directly, or use them as TCP/IP used by the application layer.
5. Industrial real-time communication
Traditional information systems have relatively low requirements, information transmission allows delays, and most systems can tolerate short-lived, planned system maintenance; while industrial control systems have higher requirements, and cannot be easily shut down and restarted for recovery.
6. Industrial control security incidents
Unforeseen interruptions in information systems may cause mission losses, but there are gradually more mature fault response plans; and unexpected interruptions in industrial control systems may cause economic losses or environmental disasters, and the emergency response plans for faults are still very immature .
7. Industrial control security maintenance
The information system adopts a general-purpose system, which has good compatibility, easy software and hardware upgrades, and more frequent software system upgrades; while the industrial control system uses a proprietary system, which has poor compatibility and difficult software and hardware upgrades, and generally rarely upgrades the system.
Industrial Control Network Security Learning Route
The above-mentioned industrial control network security is a multi-disciplinary, multi-technical, multi-field cross content. When a beginner wants to start learning, gradually learning and in-depth learning, industrial control network security is a deep trap. It contains too much content, and here is only the tip of the iceberg of industrial control network security. I also hope that everyone can learn, communicate, discuss and make progress together.
First of all, as a security practitioner must master the basic skills: programming language. Suggest a learning route from assembly, C/C++ to Python.
Secondly, you must study "Computer Network Principles" and master basic network communication technologies.
In terms of automation, it is necessary to study "Programmable Logic Controller (PLC)" and master the basic principles of automation equipment.
The final systematic learning is based on the first three foundations, learning the basic content of industrial control network security. The recommended learning route is - automation software - protocol analysis - firmware analysis - vulnerability mining.
Automation software: automation software is divided into programming software, configuration software (SCADA software), real-time database and other automation software. It can be classified according to industry and manufacturer. After in-depth understanding, in-depth learning is carried out across manufacturers and industries.
Protocol analysis: Protocol analysis is divided into two categories: basic protocol and private protocol. The protocol can be divided into two levels: control protocol and communication protocol. Usually the protocol to be included includes two parts: control content and communication. Protocol analysis can also learn according to the link layer protocol and application layer protocol. The application layer protocol is more versatile.
Firmware analysis: It is similar to traditional firmware analysis, but embedded operating systems are widely used in industrial control systems, so the protocol content is more inclined to analyze the firmware of embedded operating systems.
Vulnerability mining: the most advanced learning content, you can basically enter this stage through the basics of the previous learning, and comprehensively use the above content to conduct penetration tests on equipment, software, networks, etc. in the industrial control system.