This article is selected from the Chinese Academy of Engineering journal “China Engineering Science”, 2023, Issue 6
Authors: Sun Yanbin, Wang Hongyi, Tian Zhihong, Fang Binxing
Source: Research on the Development of Security Protection Technology for Industrial Control Systems [J]. China Engineering Science, 2023, 25(6): 126-136.
Editor’s Note
With the deep integration of industrialization and informatization, industrial control systems are gradually transitioning from traditional closed isolation to open interconnection, integrating with technologies such as 5G, the Internet of Things, and the Industrial Internet, effectively enhancing the production efficiency and flexibility of industrial enterprises. However, the open interconnection scenario further highlights the security issues of industrial control systems, increasing the cybersecurity risks of industrial control systems, necessitating an improvement in the cybersecurity protection technology level of industrial control systems.
Academician Fang Binxing’s research team from the Chinese Academy of Engineering published an article titled “Research on the Development of Security Protection Technology for Industrial Control Systems” in the Chinese Academy of Engineering journal “China Engineering Science” 2023, Issue 6. The article focuses on the security protection issues of industrial control systems, analyzes the uniqueness and challenges faced by industrial control system security protection, summarizes the main attack techniques on industrial control systems, and outlines the current development status of the “self-defense mode” security protection system represented by boundary protection and deep defense. In response to the security challenges faced by industrial control systems, the article proposes key tasks and key technology research paths from two aspects: autonomous controllable security and a new industrial control security protection system, namely establishing an autonomous controllable security ecosystem for industrial control systems and a baseline protection mechanism based on “restrictors”, exploring a security protection system for industrial control systems that combines “self-defense mode + guardian mode”, providing references for the research and application of industrial control system security protection.
1. Introduction
With the deep integration of industrialization and informatization, industrial control systems are gradually transitioning from traditional closed isolation to open interconnection, integrating with fifth-generation mobile communication (5G), the Internet of Things, and the Industrial Internet, effectively enhancing the production efficiency and flexibility of industrial enterprises. However, the open interconnection scenario further highlights the security issues of industrial control systems, increasing the cybersecurity risks of industrial control systems, especially in traditional industrial control systems in relatively closed environments. Cyber unknown threats represented by Advanced Persistent Threat (APT) attacks are increasing, showing a trend of intensified competition and confrontation between nations.As critical information infrastructure directly related to industrial production, industrial control systems have become primary targets for APT attacks, facing attack threats characterized by persistence, targeting, latency, concealment, and unknowns, directly affecting the industrial production process, covering multiple industrial fields such as military and civilian, necessitating an enhancement of the security protection level of industrial control systems.
Industrial control systems are directly related to industrial production and prioritize availability, encompassing cyberspace and physical space, with complex scenarios, receiving widespread attention from major countries worldwide. The United States, Europe, and other countries and regions have started early in strategic deployment and policy planning for industrial control system security protection, possessing certain advantages. The United States has formulated a series of policies and standards to strengthen the security of industrial control systems, such as the “Critical Infrastructure Information Security Act” (2001), which lists energy and other critical industrial infrastructures as important protection objects; the National Institute of Standards and Technology (NIST) released the “Industrial Control Systems Security Guidelines” (NIST SP800-82, 2011), providing guidance for the security assurance of industrial control systems; and established specialized industrial control system cybersecurity emergency response teams and multiple national laboratories responsible for the security assurance and research of industrial control systems. Germany also places great importance on industrial security, launching the “Digital Strategy 2025” (2016), which clarifies the importance of industrial control system security and proposes a series of measures to promote relevant technology research and standard formulation. The European Union Agency for Cybersecurity published the “Industrial Control Systems Cybersecurity White Paper” (2013), providing guidance for industrial enterprises to implement security defense measures. China has always attached great importance to cybersecurity issues, adhering to bottom-line thinking, focusing on preventing and resolving major risks, and establishing effective security protection systems and methods for industrial control systems to effectively respond to and mitigate major security risks of industrial control systems, ensuring national cybersecurity. Although research and management of industrial control system security in China started late, it has developed rapidly. In 2011, the Ministry of Industry and Information Technology issued the “Notice on Strengthening the Information Security Management of Industrial Control Systems”, clarifying the relevant requirements for industrial control system security management. In 2019, China implemented the “Information Security Technology – Basic Requirements for Cybersecurity Level Protection” (GB/T 22239—2019, referred to as Level Protection 2.0), incorporating industrial control system security into the level protection system. The 14th Five-Year Plan outlines the need to maintain the safety of important infrastructures such as water conservancy, electricity, water supply, oil and gas, transportation, communication, networks, and finance, with industrial control systems as a key focus for future security protection. In 2022, China released the “Information Security Technology – Security Protection Requirements for Critical Information Infrastructure” (GB/T 39204—2022), which stipulates security control measures for critical information infrastructure in identification analysis, security protection, detection, and assessment; as the first officially released security protection standard for critical information infrastructure in China, it provides operational guidance for better security protection work for critical information infrastructure.
In terms of research on security protection technology and systems for industrial control systems, methods such as programmable logic controller (PLC) program security analysis, industrial behavior anomaly detection, and industrial control protocol security analysis have been proposed. However, mainstream methods still rely on traditional security protection technologies, proposing host protection, firewalls, intrusion detection, honeypots, and trusted computing technologies aimed at industrial control systems, establishing a security protection system represented by deep defense and proactive defense. Existing industrial control system security protection faces two challenges: on one hand, the current security protection system struggles to comprehensively address concealed unknown APT attacks; on the other hand, it is difficult to apply to attacks targeting physical spaces and across information domains and physical domains, making it unable to directly solve industrial control system security issues. The article analyzes the basic composition of industrial control systems and the security protection challenges they face, outlines the current development status of industrial control system security protection technology, clarifies the key tasks and key technologies of industrial control system security protection technology, and explores new security protection systems, methods, and future development paths, aiming to provide references for enhancing the security protection capabilities of industrial control systems.
2. Basic Composition of Industrial Control Systems and Security Protection Challenges Faced
(1) Basic Composition of Industrial Control Systems
Industrial control system abstract models often adopt hierarchical architectures, including the Purdue model, IEC62264-1 standard hierarchical structure model, etc. The industrial control system-related level protection requirements in China’s Level Protection 2.0 standard reference the IEC 62264-1 hierarchical structure model. Taking this model as an example, industrial control systems can be divided into five layers from top to bottom (see Figure 1): enterprise resource layer, production management layer, process monitoring layer, field control layer, and field device layer. The enterprise resource layer provides decision-making and operational means for enterprises; the production management layer manages the production process; the process monitoring layer mainly collects and monitors production process data and utilizes human-machine interface (HMI) systems for human-machine interaction; the field control layer collects and controls field sensing devices and execution devices through control devices such as PLCs, distributed control systems (DCS), and remote terminal units (RTU); the field device layer mainly involves various process sensing devices and execution device units, perceiving and operating the production process. The IEC 62264-1 hierarchical model is a general hierarchical model, and although the actual industrial control network architecture in fields such as power, metallurgy, and petrochemicals may differ from it, such as requiring some layers to be flattened, this model still covers most industrial control scenarios and has high reference value.
Figure 1 IEC 62264-1 Industrial Control System Hierarchical Model
Divided by the production management layer, the enterprise resource layer and production management layer mostly adopt general technologies related to the information domain, while other layers mostly adopt technologies unique to industrial control systems. Attacks on the enterprise resource layer and production management layer of industrial control systems are similar to traditional network attacks targeting information systems; therefore, industrial control system security can mainly focus on the field device layer, field control layer, and process monitoring layer, while network attacks targeting these three layers usually pose serious harm to control devices and industrial sites.
Unlike traditional information networks, the uniqueness of industrial control systems is mainly reflected in:① Integration of Informatization and Automation.Industrial control systems integrate information systems and automation systems, requiring information systems to provide intelligent collection, monitoring, management, and decision-making, while also needing automation systems to achieve automatic and efficient control of field industrial devices. ② Spatial Interconnectivity.Industrial control systems encompass both cyberspace and physical space, where decisions made in cyberspace can affect actions in physical space, and the state of physical space can also influence decisions made in cyberspace. ③ Priority of Availability.Industrial control systems were initially designed to be isolated from external networks without considering security issues, closely related to industrial production, with devices dispersed and requiring uninterrupted operation at all times, making it difficult to resolve security issues through production stoppages. Therefore, attacks targeting industrial control systems exhibit characteristics that span both cyberspace and physical space, significantly differing from traditional network attack techniques, necessitating optimization of security protection technologies.
(2) Challenges Faced by Industrial Control System Security Protection Technologies
The existing industrial control system security protection system exhibits the following characteristics when responding to network attacks.① Asymmetry of Network Attack and Defense Technologies.Network attack technologies only need to breach a certain point of the industrial control system, while network protection technologies must consider the entire industrial control system, placing the defender at a natural disadvantage. Additionally, the asymmetry of threat intelligence further exacerbates the asymmetry in technical levels. Most critical industrial control devices in China are sourced from foreign suppliers, making them susceptible to malicious backdoors and trojans, and security issues of industrial control systems can only be studied in a “black box” manner, putting them at a disadvantage in attack-defense confrontations; at the same time, there are technical barriers between different industrial control device manufacturers, making attack-defense technologies difficult to generalize. ② Strong Confrontational Nature of Attack and Defense Processes.Attacks on industrial control systems exhibit organized and group characteristics, with attacking organizations often possessing multiple zero-day vulnerabilities and backdoors in the target system/devices, even being able to forge legitimate credentials, making the attack process relatively concealed, employing diverse attack methods, and exhibiting strong confrontation capabilities, causing China’s industrial control system security protection to struggle to cope. ③ Tight Coupling of Security Protection.The deep defense and proactive defense measures adopted by industrial control systems are often designed, developed, and deployed in a tightly coupled manner, forming a “self-defense mode” that ensures industrial control systems can respond to threats through their own security capabilities, but this protection mode can have a certain invasive impact on industrial control systems in industrial control scenarios, making it difficult to respond quickly to unknown attacks. ④ High Latency of Security Updates.Industrial control devices and systems require continuous operation, and there are many old industrial control devices in China that lack maintenance. To ensure stable operation, such devices cannot be easily modified, as it may affect production. When these industrial control systems encounter security issues, they often cannot immediately shut down for updates, leading to relatively delayed updates.
The aforementioned characteristics of industrial control system security protection pose challenges of “lack of understanding” and “lack of control” in attack-defense confrontations.
1. The “Lack of Understanding” Dilemma Faced by Industrial Control Systems
Currently, core devices, firmware, software, protocols, etc., in China’s industrial sector are vertically monopolized by foreign suppliers. In the field of critical industrial control devices such as PLCs, Siemens AG has a strong competitive advantage in the medium and large PLC market, accounting for about 44% of China’s PLC market size; Rockwell Automation has an absolute advantage in the large PLC product market. Due to the complexity and diversity of industrial scenarios and varying demands, the devices and communication protocols applicable in different scenarios differ, making it difficult to form unified standards, facing issues such as dedicated CPUs, closed-source operating systems, and fragmented protocols. This exclusivity and exclusiveness make it difficult for China to make breakthroughs in certain core areas. At the same time, foreign suppliers have established a complete vertical ecosystem covering hardware, firmware, software, and protocols to maintain their market and technical advantages, employing independent, exclusive, and non-public standards and protocols, making it difficult for other manufacturers’ products to integrate. For example, in the industrial field, there are various standard protocols for communication, such as RS-232, RS-485, CAN, Modbus, PROFINET, Modbus TCP, UMAS, S7comm, S7comm-Plus, PPI, DNP3, Omron FINS, Melsec, etc. The current situation has led to a long-term reliance on imports for core technologies and devices in China’s industrial control field, with key technologies being “choked”, making the industry vulnerable to technological blockades and sanctions, and industrial security being controlled by others.
The “lack of understanding” dilemma also severely impacts the network security of industrial control systems. A large number of specialized software/hardware industrial control devices (systems) in Chinese enterprises have long been monopolized by foreign suppliers, with relevant design schemes, operational mechanisms, source codes, testing schemes, device maintenance data, etc., not being publicly available, leading to security analysis being conducted only in a “black box” manner, making it difficult to understand the internal mechanisms of relevant devices (systems), posing significant security risks, and making it challenging to discover potential vulnerabilities and backdoors; while foreign suppliers fully grasp the devices (systems) and their vulnerabilities, even being able to preset backdoors to monitor communication data or launch attacks. In attack-defense confrontations, the “lack of understanding” of security protection objects makes it difficult to detect a large number of unknown threats, and one may even fall into the “trap of vulnerabilities” set by the opponent.
2. The “Lack of Control” Dilemma Faced by Industrial Control Systems
From the perspective of attack-defense confrontations, China’s industrial control system security protection technologies lack breakthrough progress and innovative technologies.Currently, the attack methods, scales, and targets against industrial control systems exhibit distinct organizational, large-scale, and targeted characteristics, making it difficult for existing industrial control system security protection technologies to effectively respond, facing the “lack of control” problem;attacks against industrial control systems are highly concealed and pose significant threats, with attack methods being difficult to predict, leading to industrial control systems facing “unknown unknown” network attacks. Meanwhile, the slow update cycle of industrial control system devices, with many old devices present, makes it challenging to rely on the system’s inherent security capabilities to address unknown security threats. The existing “self-defense mode” security protection system, which has gradually established inherent security protection capabilities within industrial control systems, has alleviated the urgent need for industrial control security protection to a certain extent. However, the “self-defense mode” security protection system’s construction of security capabilities from within the industrial control system may adopt certain invasive security measures, impacting industrial production, while the protective capabilities against threats require time to gradually establish, making it impossible to respond quickly. Therefore, it is urgent to form protective capabilities externally without affecting the original architecture of industrial control systems, to compensate for the shortcomings of the existing “self-defense mode” system with a “guardian mode” security protection system.
Industrial control systems are directly related to industrial sites, making it difficult to implement security testing, attack-defense drills, and technical verification directly on industrial control systems, relying heavily on industrial control testbeds to replicate industrial scenarios. Therefore, the lack of available testbed platforms has become one of the important factors restricting the development of industrial control system security protection. Currently, the construction, management, and operation of industrial control network testbeds in China lack top-level planning, facing issues such as repeated construction and dispersed resources that are difficult to share, failing to fully tap and leverage their potential to serve industrial control system security protection.
3. Current Development Status of Industrial Control System Security Protection Technologies
Industrial control system security protection technologies are closely related to the development of attack technologies, with both spiraling upwards in confrontation. Based on the introduction of typical industrial control system attack technologies, the current development status of industrial control system security protection technologies is outlined.
(1) Industrial Control System Attack Technologies
Attacks on industrial control systems are often highly concealed and unknown attacks, which can severely disrupt the normal operation of industrial sites. Industrial control system attacks mainly focus on the process monitoring layer, field control layer, and field device layer.According to the hierarchical order, industrial control system attacks can be divided into upper computer attacks, industrial control protocol attacks, control logic attacks, and false data injection attacks, mainly achieving data theft, control, and damage to industrial production through means such as illegal address access, illegal control command issuance, malicious control logic injection, and data tampering.
1. Upper Computer Attacks
The upper computer connects with industrial control devices (such as PLCs, DCS) to collect industrial site data through control devices and issue control commands or control logic based on the industrial site conditions. The general process of upper computer attacks is shown in Figure 2. Since industrial control systems are located in internal networks, attackers enter the internal network through social engineering, penetration, and other means, launching attacks on upper computers using known or zero-day vulnerabilities to achieve illegal control of upper computers. Once the upper computer is controlled, attackers can directly send control commands to industrial control devices or inject malicious control logic, thereby controlling or disrupting the industrial production process. At the same time, to achieve concealment, attackers may also tamper with or collect industrial site data, leading managers to mistakenly believe that the industrial site is operating normally. Typical upper computer attacks include Stuxnet attacks, BlackEnergy virus attacks, and Triton attacks.
Figure 2 Upper Computer Attack
2. Industrial Control Protocol Attacks
Industrial control protocols (specifications) are standards for the transmission of data or control commands within industrial control systems, with upper computers and control devices exchanging information according to protocol specifications. Industrial control protocols are often proprietary protocols of industrial control device manufacturers and lack security considerations, with many industrial control protocols lacking effective authentication, encryption, and other security mechanisms.
Industrial control protocol attacks first conduct protocol reverse engineering to obtain protocol formats and semantics, further discovering security vulnerabilities in industrial control protocols through vulnerability mining methods, such as lack of write protection, plaintext password transmission, small key space, and one-way authentication. Attackers construct malicious clients, utilizing protocol vulnerabilities to bypass PLC security checks and establish connections with PLCs, thereby gaining control over PLCs. Attackers can also implement man-in-the-middle attacks (see Figure 3) by hijacking communications between upper computers and PLCs, masquerading as upper computers and PLCs to establish connections with each other, issuing illegal commands or attack payloads to PLCs, and using tampered or forged protocol response messages to conceal the attack. Existing research has conducted security analysis on industrial control protocols such as S7comm-plus, IEC 60870-5-104, and Modbus, verifying replay, man-in-the-middle, and other attacks.
Figure 3 Man-in-the-Middle Attack on Industrial Control Protocols
3. Control Logic Attacks
Control logic refers to the control programs running on industrial control devices such as PLCs and DCS, written and compiled by engineers and downloaded to industrial control devices, using industrial operational data as input to output control actions according to certain control logic, thereby ensuring the stable operation of industrial production. Control logic attacks generally involve implanting malicious control logic programs or segments into industrial control devices to tamper with their control processes, typical examples being Stuxnet viruses, logic bombs, and time interruption control logic attacks. Some malicious control logic possesses internal network propagation capabilities, spreading malicious logic programs within the internal network through control device communication modules, such as illegal gateways or PLC worm viruses constructed using malicious control logic. Additionally, some attack methods focus on reverse analysis and modeling of control logic programs, finding more attack strategies targeting industrial sites through control logic analysis to enhance attack effectiveness and improve attack concealment, such as control flow attacks and process-aware attacks.
4. False Data Injection Attacks
False data injection attacks deceive upper computers or PLC devices by tampering with industrial sensor data to influence industrial control decisions. As shown in Figure 4, once a sensor is compromised by an attacker, the attacker can use the sensor to inject false industrial site data into the industrial control system. Both PLCs and upper computers use collected data as input, conducting on-site control or decision-making based on control logic or state estimation algorithms. If some industrial site data is injected with false values by attackers, it will lead to control and decision errors in PLCs or upper computers, directly affecting industrial production. The effectiveness of false data injection attacks is related to the amount of information the attacker possesses about the industrial control system topology and critical data. Based on the amount of information the attacker has about the industrial control system, false data injection attacks can be classified into global data injection attacks, local data injection attacks, and blind data injection attacks.
Figure 4 False Data Injection Attack
In summary, industrial control system attack technologies primarily aim to control or disrupt industrial production processes, combining penetration attacks, hidden attacks, and other means, with related attacks being more concealed and threatening. The premise for attacks on industrial control systems is the need to possess a large amount of background knowledge and security intelligence, such as network topology, industrial control protocols, known vulnerabilities, zero-day vulnerabilities, hidden backdoors, control processes, etc.Currently, China’s industrial control ecosystem is relatively closed, and foreign vertical monopolies and other adverse factors restrict the enhancement of attack deterrence capabilities and the ability to discover potential attack threats.
(2) Industrial Control System Security Protection Technologies
Based on the publicly available attack technologies, research on attack technologies targeting industrial control systems has delved deep into the internal workings of industrial control systems, relying on a single technical level for “one-to-one” attack-defense confrontations is insufficient to cope with the ever-emerging attack methods, especially since attacking organizations may still possess a large number of undisclosed attack methods. Therefore,the focus of industrial control system security protection lies in constructing an appropriate security protection system, comprehensively utilizing various protection technologies to achieve an overall protective effect.
1. Key Technologies for Industrial Control System Security Protection
Industrial control system security protection technologies have adopted and improved existing traditional technologies such as host protection, firewalls, intrusion detection, and honeypots.The focus of industrial control upper computer security protection is on the secure operation monitoring of industrial control configuration software and programming software.On the basis of traditional firewall technologies, industrial control systems have incorporated technologies such as “whitelisting” and deep packet inspection of industrial control protocols to analyze and filter proprietary industrial control traffic; intrusion detection mainly employs traditional or intelligent methods to conduct attack detection based on industrial control traffic, protocols, and operational states; industrial control honeypot technology is primarily used for threat capture in industrial control systems, with its capture effectiveness relying on the degree of interaction of the honeypot, thus research focuses on high-fidelity simulation of industrial control protocols, industrial control logic, and industrial sites to construct high-interaction industrial control honeypots.
New industrial control security protection methods have been proposed targeting the unique devices, software, and scenarios of industrial control systems (such as PLC programs and industrial sites), such as constructing attack graphs for industrial control systems, situational awareness for industrial control systems, PLC program security analysis, industrial behavior anomaly detection, and industrial control vulnerability mining (protocol, software, and firmware). Additionally, attack prediction methods based on high-fidelity models of physical systems can automatically discover attack behaviors that lead to unsafe states in physical systems through software simulation fuzz testing.
In terms of improving the security flaws of industrial control systems, various secure industrial control protocols, such as S7comm-Plus and CIP Security, have been proposed; at the device level, the research focus is on integrating trusted computing technologies with industrial control devices to construct a secure and trusted operating environment.
2. Industrial Control System Security Protection System
The development trend of industrial control system security protection systems is shifting from purely boundary protection and passive protection to a combination of deep defense, proactive defense, and various protection systems.The focus of industrial control system boundary protection is on network boundary isolation, utilizing firewalls, security gateways, and network isolation devices for regional isolation, such as the security protection of power systems, which considers boundary protection as an important part of its protection system, implementing a security protection strategy of “security zoning, dedicated networks, lateral isolation, and vertical authentication”.The main problem with industrial control system boundary protection is the blind trust in the effectiveness of boundary protection, making it difficult to detect advanced persistent attacks represented by APT.
The deep defense system of industrial control systems employs diverse, multi-layered, and in-depth security measures to ensure network security. In terms of network architecture, it combines boundary protection with vertical layering and horizontal partitioning, adopting different security protection methods based on the business and security needs of different regions/layers; in terms of protection objects, it adopts differentiated security protection methods layer by layer based on the differences in protection objects such as devices, hosts, networks, applications, and data; in terms of protective capabilities, it employs protection-detection-response-recovery (PDRR) and identification-protection-detection-response-recovery (IPDRR) security protection models, utilizing identification, protection, detection, response, and recovery capabilities to respond to network attacks at different threat stages.
Based on different protection methods, industrial control system protection systems can be divided into passive protection and proactive protection. Passive protection refers to the protection system that responds to network attacks after they occur by taking protective measures, such as firewalls, intrusion detection, and malicious code scanning. Proactive protection, on the other hand, involves discovering security threats in advance through threat capture, trusted measurement, and mimicry protection technologies before an attack is implemented, and transferring or eliminating potential threats. Proactive protection is usually combined with deep defense to construct a diverse security protection system. Currently, the industrial control system security protection system is developing from passive protection towards a combination of proactive and passive protection.
4. Key Tasks and Research Paths for Industrial Control System Security Protection Technologies
(1) Key Tasks for Industrial Control System Security Protection
1. Ensure Autonomous Security and Control
Currently, there is significant room for domestic production of relevant software and hardware for industrial control systems in China. Taking PLC devices as an example, the domestic market is mainly dominated by foreign brands such as Siemens, Mitsubishi, Omron, Rockwell, and Schneider, making it urgent to achieve autonomous security and control of industrial control systems.To address the “lack of understanding” dilemma caused by uncontrollable industrial devices, research can be conducted from two aspects: solving the uncontrollable issues themselves and addressing the security risks arising from uncontrollable situations.① The existing “chimney-style” vertical monopoly in the industrial sector makes China’s core technologies for industrial control system software/hardware reliant on imports, with ecological vertical monopolies and security issues being controlled by others. Therefore, it is advisable to draw on the development history of horizontal integration in computer systems to establish a horizontal ecological model for industrial control systems at the levels of CPU, operating systems, industrial control protocols, and industrial software (see Figure 5), thereby creating rapid development opportunities in the industrial control field and fundamentally solving the “lack of understanding” problem. ② Establish bottom-line thinking and solutions; for industrial devices that are not autonomously controllable, explore response methods in scenarios where key devices are controlled by others and “must be used”, such as connecting “restrictors” (e.g., audit boxes, network testbeds, etc.) in series at the ports of imported devices to monitor and control the “illegal” behaviors of imported devices in real-time.
Figure 5 Horizontal Integration of Industrial Control System Ecosystem
2. Construct a New Type of Industrial Control System Security Protection System
China’s industrial control system security protection system often draws on the IPDRR security protection model, establishing protective capabilities from within industrial control systems, which belongs to the self-defense protection mode, lacking deep integration with industrial control systems and effective means to address unknown attacks, leading to the “lack of control” problem.To address the “lack of control” dilemma, research can be conducted from two aspects: deepening the existing “self-defense mode” and promoting a new type of “guardian mode” security protection system.
Deepening the existing “self-defense mode” security protection system. Industrial control system security is a fusion of information security and functional safety; therefore, the “self-defense mode” security protection system should consider both aspects of security, studying the information security threats posed by hackers, organized crime, and other human factors to industrial control systems; it should also consider the functional structure and operational characteristics of industrial control systems, analyzing functional safety issues caused by the disruption of field devices and process flows, as well as the security issues arising from the combination of functional safety threats and information security threats, conducting protection from the perspectives of control networks, control systems, and control processes, and studying the security issues of the fusion of information domains and functional domains from the perspective of the entire lifecycle of industrial control systems.
Based on the “self-defense mode”, explore the construction of a “guardian mode” security protection system. Currently, researchers have constructed the “Shield Cube” guardian mode security protection system and applied it in industrial control scenarios, effectively enhancing the protection capabilities of industrial control systems. Therefore, based on this, future efforts can be made to construct a “Four Honey” threat perception system covering industrial control systems and the Internet of Things, establishing a full-process threat perception, achieving non-invasive, full-process threat detection; conducting cross-domain correlation analysis, studying full-domain attack assessments from the perspective of the fusion of information security and functional safety through internal cross-domain correlations within the information domain and external cross-domain correlations between information and functional domains; exploring the “edge-end network territory” three-dimensional control method for resolving conflicts between functional safety and information security, excavating functional safety baselines, and establishing three-dimensional control capabilities for the fusion of dual security through functional safety risk assessments and human-in-the-loop mechanisms.
In addition, the new industrial control network testbed is also an important development direction for industrial control security development, exploring the combination of industrial control network testbeds with new technologies such as digital twins to construct replicable, high-fidelity network testbeds.
(2) Research Paths for Key Technologies in Industrial Control System Security Protection in China
1. Research Paths for Autonomous and Controllable Security Key Technologies
It is recommended that industry authorities strengthen top-level planning, formulate development plans for autonomous and controllable key infrastructure in the industrial sector, and enhance policy incentives and resource guidance in strategic planning, standard formulation, key technology breakthroughs, platform construction, and demonstration application promotion.Actively construct a horizontally integrated industrial control system ecosystem, aggregating resources from research institutes, enterprises, and universities, establishing long-term stable communication and cooperation mechanisms, optimizing research assessment mechanisms, and ensuring intellectual support and material guarantees during the development process of autonomous and controllable industrial control system ecosystems.
To address the uncontrollable risks of industrial control devices, promote the integration of autonomous and controllable open-source RISC-V intelligent control chips with the industrial manufacturing sector, advance research on autonomous secure industrial operating systems (firmware), industrial control protocols, and industrial software, and promote the construction of an autonomous secure horizontal industrial control system ecosystem. Research the security testing and evaluation technologies for industrial control systems to achieve scientific and accurate quantitative assessments of the security of industrial control systems.
Explore baseline security assurance mechanisms for non-autonomous controllable industrial control devices, promote full-process monitoring and access control technologies for imported device behaviors, encourage the installation of “restrictors” for imported devices to ensure that their behaviors are fully monitored and controlled, and gradually form institutional norms. Focus on conducting security analyses of non-autonomous controllable industrial control devices from multiple aspects and channels to enhance device control capabilities.
2. Research Paths for New Industrial Control System Security Protection Key Technologies
Establish a comprehensive top-level design for industrial control systems’ security in the context of 5G and artificial intelligence integration scenarios, formulate security protection policies combining the “self-defense mode” and “guardian mode”, and explore new types of industrial control system security protection systems and their key technologies.In light of the characteristics of dual security fusion in industrial control systems, research technologies for threat perception, attack detection, and response disposal under the dual security fusion background, comprehensively considering communication networks, control systems, and industrial sites, to construct a “self-defense mode” security protection technology system that integrates information domains and functional domains throughout their lifecycle. Research the “guardian mode” security defense system in industrial control scenarios, deeply integrating it with the actual needs of industrial control systems, breaking through full-process attack perception, cross-domain correlation assessments of information and functional domains, and establishing a three-dimensional “guardian mode” security protection system across functional and information domains. Combined with network testbed monitoring and high-fidelity simulation capabilities, focus on establishing capabilities for testbed attack monitoring, intelligence collection, and full-process attack perception. Promote the rapid application of non-invasive “guardian mode” protection technologies to enhance the security protection capabilities of industrial control systems.
Based on digital twin technology, construct industrial control network testbed technologies and testbed scenario restoration technologies to form replicable, high-fidelity, and rapid restoration industrial control network testbeds. Promote key technology research for federated industrial control network testbeds, establishing distributed, multi-point interactive industrial control network testbeds. Fully utilize the characteristics of full-process monitoring and threat scenario reproduction of network testbeds to study application technologies such as security crowdsourcing, operational monitoring, and risk assessment based on testbeds, enhancing the security protection capabilities of industrial control systems from multiple aspects. To support technology verification and talent cultivation, it is recommended to coordinate important industrial control network testbed resources at the national level, establish public service testbeds for different application needs, formulate testbed resource sharing mechanisms, and explore testbed sharing technologies, such as distributed testbed technologies, to optimize the utilization of network testbed resources.
5. Conclusion
This article analyzes the security issues of industrial control systems, summarizing the “lack of understanding” and “lack of control” dilemmas faced by industrial control system security protection, and the current development status of industrial control attack and protection technologies, revealing that China still has shortcomings in autonomous controllable security and responding to highly concealed unknown threats. Therefore,to address the issue of autonomous controllable security, it is proposed to construct a horizontally integrated industrial control system ecosystem based on open-source RISC-V chips and a baseline assurance mechanism for imported devices based on “restrictors”; to address highly concealed unknown threats, a new security protection system combining “self-defense mode + guardian mode” is proposed, analyzing relevant key tasks and key technology research paths.
Security is a continuous confrontation process. With the promotion of new technologies and applications such as the industrial Internet and 5G, industrial control systems will face a series of new problems, including expanded attack surfaces, blurred network boundaries, decreased isolation intensity, and massive heterogeneous terminals, further intensifying security challenges. Regardless of how things change, autonomous control remains the premise and foundation of security.Given the priority of availability in industrial control systems, research on security protection technologies should always be premised on not affecting industrial production; therefore, the “guardian mode” network security protection technology, with its non-invasive advantages, will be one of the important protective technology systems in the future.
Note: The content of this article has been slightly adjusted; if needed, please refer to the original text.
Author Introduction
Fang Binxing
Cybersecurity expert, academician of the Chinese Academy of Engineering.
Mainly engaged in research on network and information security technologies.
☟ If you need to read the full text, please click on “Read the original text” at the end of the article.
☟ For more readings, please click the links below to view.
Research on the Development of New Network Architectures
Research on the Development of Integrated Information Networks for Land, Sea, Air, and Space
Research on Content and Address Dual-Driven Networks
Note: The paper reflects the progress of research results and does not represent the views of the “China Engineering Science” journal.