摘要
为应对当前全球日益严峻的工业控制系统安全威胁态势,本文以完成工业网络复杂场景下的威胁检测与应急响应任务为目标,基于“准备、检测、抑制、根除、恢复、跟踪”通用应急响应流程,综合运用了帕累托法则、多层架构、分类分级等研究方法与设计思想,设计一套多场景下的工控安全应急响应系统。此系统可覆盖大规模跨域攻击事件的实际场景与技术需求,实现面向多网域的集团层、面向单一网域的产线层以及面向多企业网域的供应链层等不同级别工控安全事件的快速设备接入、全面数据采集、准确检测识别、深度融合分析、实时远程支援等技术效果。该系统可提高我国工业信息安全综合防护能力与应急响应能力。
In order to deal with the current global increasingly severe industrial control system security threat situation, this paper aims to complete the threat detection and emergency response tasks in complex industrial network scenarios, based on the general emergency response process of “preparation, detection, containment, eradication, recovery, and follow-up”, comprehensively using the Pareto principle, multi-layer structure, classification and classification and other research methods and design ideas. The Industrial Control Security Emergency Response System for Multi-Scenario Integration is designed, which can cover the actual scenarios and technical requirements of large-scale cross-domain attack events, apply to group level for multi-domain, production line level for single domain and supply chain level for multi-enterprise domain, designs a multi-scenario industrial control security emergency response system to achieve rapid equipment access, comprehensive data collection,accurate detection and identification, deep fusion analysis, real-time remote support and other technical effects. It improves national industrial information security comprehensive protection capabilities and emergency response capabilities.
作者
郝志强
杨佳宁
张晓帆
Hao Zhiqiang;Yang Jianing;Zhang Xiaofan(China Industrial Control Systems Cyber Emergency Response Team,Beijing,100040)
出处
《工业信息安全》
2022年第8期6-11,共6页
Industry Information Security
关键词
工业信息安全
工控安全
应急响应
勒索病毒
系统设计
Industrial Information Security
Industrial Control System Security
Emergency Response
Ransomware
System Design