发电厂DCS网络安全评估与防护  被引量:4

Network Security Evaluation and Protection of DCS in Power Plant

在线阅读下载全文

作  者:蔡钧宇 苏烨 尹峰 陈波 CAI Junyu;SU Ye;YIN Feng;CHEN Bo(State Grid Zhejiang Electric Power Research Institute,Hangzhou 310014,China)

机构地区:[1]国网浙江省电力有限公司电力科学研究院

出  处:《浙江电力》2019年第11期109-114,共6页Zhejiang Electric Power

基  金:国网浙江省电力有限公司科技项目(5211DS17000Z)

摘  要:针对发电厂DCS(分散控制系统)信息安全评估项目,提出了基于在线资产发现与核心设备自定义测试例漏洞检测相融合的安全评估方法。在线资产发现目的是实现动态DCS网络架构的生成和发现潜在静默设备甚至非法联网设备;核心设备的漏洞扫描旨在发现设备之间通信的安全漏洞,特别是常规测试无法检测到的隐患。检测发现发电厂DCS网络存在不同严重程度的安全漏洞,在自定义测试中还发现了控制器在通信过程中缺乏认证机制的缺陷,检测结果验证了所提安全评估方法是有效的。Aiming at the information security assessment project of DCS(distributed control system) in power plant, this paper proposes a security assessment method based on the integration of online asset discovery and core equipment customization test case vulnerability detection. The purpose of online asset discovery is to realize the generation of dynamic DCS network architecture and to find potential silent devices or even illegal networking devices;the vulnerability scanning of core devices aims to find security vulnerabilities in communication between devices, especially hidden dangers that cannot be detected by conventional testing. It is found that there are security vulnerabilities of various levels in the DCS network of the power plant. In the customized test, it is also found that the controller lacks authentication mechanism in the communication process. The test results verify the effectiveness of the security evaluation method proposed in this paper.

关 键 词:分散控制系统 安全评估 在线资产发现 漏洞扫描 自定义测试例 

分 类 号:TP273.5[自动化与计算机技术—检测技术与自动化装置]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象