摘要
简要地分析了电力行业工业控制系统面临的信息安全威胁,列出了电力行业工业控制系统主要的安全问题,并在此基础上建立了工业控制系统信息安全风险评估与管理模型,提出了工业控制系统信息安全风险评估的方法和流程,总结出了一套针对工业控制系统的信息安全风险评估解决方案,并阐述了关于风险评估和工业控制系统网络安全工作的一些新认识,进一步分析了工业控制系统网络安全脆弱性,借此提请有关单位和有关主管部门应进一步明确和规范工业控制系统信息安全风险评估工作的管理,加强有关评估标准、技术的研究,增加面向专业测评机构和用户单位的技术培训,推动我国工业控制系统信息风险评估工作的发展.
This paper briefly analyzed the information security threats faced by the industrial control system in the power industry. The main safety problems of industrial control system in electric power industry are listed. We also built an information security risk assessment and management model for industrial control systems, proposed methods and processes for information security risk assessment of industrial control systems. Hence, we summed up a set of information security risk assessment solutions for industrial control systems. Some new understandings about risk assessment and industrial control system network security are also discussed. The vulnerability of industrial control system network security is further analyzed. Therefore, the relevant units and relevant competent departments should further clarify and standardize the management of information security risk assessment of industrial control systems. Strengthen research on evaluation standards and technology. Increasing technical training for professional evaluation organizations and user units. Promoting the development of information risk assessment for industrial control systems in China.
作者
魏晓雷
刘龙涛
Wei Xiaolei;Liu Longtao(AVIC International E-Business Inc,Beijing 100176;Department of Information and Net-cvork Security,State Inforzrmtion Center,Beijing 100045)
出处
《信息安全研究》
2018年第10期904-913,共10页
Journal of Information Security Research
关键词
电力行业
工业控制系统
信息安全
风险评估
脆弱性
power industry
industrial control system
information security
risk assessment
vulnerability
