摘要
随着制造执行系统技术在烟草企业的广泛实施,烟草工业控制系统的信息安全越来越受到重视。为了给安全防护工作打下基础,烟草工业控制系统需要进行信息安全风险评估。论文以制丝线控制系统为目标,提出了基于模拟系统和脆弱性测试的工控系统风险评估方法,采用资产识别、威胁评估、以模拟系统为基础的脆弱性测试、综合评估等步骤,并实际应用在某卷烟厂的制丝集控系统中,取得了一定的成果。
AIong with the widespread impIementation of manufacturing execution system technoIogy in tobacco enterprises, the more and more at ention has been paid to the information security of tobacco industry controI system. In order to Iay the foundation for information security work, risk assessment need to be carried on the tobacco industry controI system. In this paper, for the siIk controI system, a risk assessment method based on simuIation system and vuInerabiIity testing has been proposed, which incIudes the asset identification, the threat assessment, the vuInerabiIity testing based on the approximate simuIation system, and the comprehensive assessment. And some success has been achieved in its practicaI appIication to the siIk controI system of one cigaret e factory.
关键词
烟草
工业控制系统
信息安全
风险评估
脆弱性测试
tobacco
industrial control system
information security
risk assessment
vulnerability testing