Information security risk assessment method oriented to typical metallurgy process control system

Abstract

The invention provides an information security risk assessment method oriented to a typical metallurgy process control system and belongs to the technical field of industrial control system information security. The system robustness under different attack modes and policies is analyzed by establishing an attack model under the typical scenes of the metallurgy process, and therefore, the security risk assessment on the typical metallurgy process control system in different attack modes and a failure mode can be realized. Based on the risk theory, the method is used for performing the security risk assessment by use of a random probability algorithm by defining the metallurgy process control system as a physical information fusion system; from the two aspects of the occurrence probability and the influence of attack sources or failure sources, a security assessment method based on risk indexes is developed. Quantitative estimation is performed based on risk indexes; a security incident set is created based on the established physical information fusion model and attack model, and then the security incident set is combined with the calculated robustness assessment indexes for the quantitative estimation, and therefore, the weak security links in the control system can be located conveniently.

Description

technical field [0001] The invention belongs to the technical field of information security of industrial control systems, and in particular relates to an information security risk assessment method for typical metallurgical process control systems. Background technique [0002] The metallurgical industry is a pillar industry of my country's national economy and a basic industry related to the national economy and people's livelihood. The high integration of automation and informatization has become the development trend of the metallurgical industry, and the control network system based on Ethernet has been widely used. With the increasingly complex and advanced hacking methods and technologies, attacks targeting industrial control systems emerge in an endless stream. As a complex mixed process industry, the security situation of the metallurgical industry is relatively severe, mainly in the following aspects: [0003] (1) The process and control network are more complicat...

AI Technical Summary

Problems solved by technology

[0003] (1) The process and control network are relatively complex

Metallurgical enterprises are typical mixed-process enterprises. Metallurgical enterprises have the typical characteristics of industrial production processes, including continuous and discrete mixing, physical changes and chemical changes; Coupling between each other, involving a large number of automation equipment and subsystems, the control system network topology is relatively large, the complexity is high, and the security risk is relatively large

[0004] (2) High cost of single equipment

[0005] (3) Complex information security management

Due to the large-scale control network and strong process coupling in the metallurgical industry, it is difficult to define the security boundary; because it is closely connected with the physical world, the network has high requirements for real-time performance, availability, and business continuity [7]; metallurgical enterprises are big polluters, ene

Images