石化企业工业控制系统非网联接

doi:10.3969/j.issn.1006-2475.2014.02.046

计算机与现代化

石化企业工业控制系统非网联接

(1.长沙理工大学电气与信息工程学院，湖南长沙 410015； 2.中国水电工程顾问集团中南勘测设计研究院，湖南长沙 410014)

收稿日期:2013-09-18 出版日期:2014-02-14 发布日期:2014-02-14
作者简介:马钧(1974-)，男，湖南长沙人，长沙理工大学电气与信息工程学院讲师，硕士，研究方向：网络信息安全；佘军(1981-)，男，湖南长沙人，中国水电工程顾问集团中南勘测设计研究院工程师，学士，研究方向：网络信息安全。
基金资助:
湖南省科技厅科技计划一般项目(2012GK3053)

Non-network Connection for Industrial Control Systems of Petrochemical Enterprises

(1. School of Electrical and Information Engineering, Changsha University of Science and Technology, Changsha 410015, China;

2. Hydro-China Zhongnan Engineering Corporation, Changsha 410014, China)

Received:2013-09-18 Online:2014-02-14 Published:2014-02-14

摘要/Abstract

摘要： 石化企业工业控制系统在与接入因特网的其他信息系统联网时有可能受到来自外部网络的攻击。为了实现石化企业工业控制系统与其他网络之间安全的数据交换，本文提出一种利用非网结构进行单向传输的设计方案；论述单向数据传输的原理和采用的安全策略，并对非网联接进行安全性测试。测试结果显示，该非网联接方案能够有效地防止来自外部网络的黑客、木马、病毒等对工业控制系统的攻击，保护石化企业工业控制系统安全运行。

关键词: 工业控制系统, 网络攻击, 非网联接, 单向数据传输； SCADA

Abstract: When industrial control systems (ICS) in petrochemical enterprise access other information systems connected to Internet, they may suffer cyber attacks from external networks. In order to achieve secure data exchange between ICS of petrochemical enterprise and its corporate networks, a non-network formula which employed unilateral data transmission method is discussed in this paper. It discusses the principles of unilateral data transmission method and many security policies employed. In addition, the paper offers tests to prove that non-network formula can protect ICS in petrochemical enterprise from being tampered or attacked by hackers, Trojans or virus from Internet, and the design could ensure the safe running of ICS in petrochemical enterprises.

Key words: industrial control systems (ICS), cyber attack, non-network connection, unilateral data transmission, SCADA

中图分类号:

TP393.08

马钧1，佘军2. 石化企业工业控制系统非网联接[J]. 计算机与现代化, doi: 10.3969/j.issn.1006-2475.2014.02.046.

MA Jun1, SHE Jun2.

Non-network Connection for Industrial Control Systems of Petrochemical Enterprises

[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2014.02.046.

参考文献 14

[1]	杨榛,浦伟光,隋志军,等. 化工流程工业中计算机的应用技术与进展[J]. 计算机与应用化学, 2010,27(2):139-144.
[2]	NIST SP 800-82, Guide to Industrial Control Systems (ICS) Security[S].
[3]	李战宝,张文贵,潘卓. 美国确保工业控制系统安全的做法及对我们的启示[J]. 信息网络安全, 2012(8):51-53.
[4]	Yoshihiro Hashimoto, Takeshi Toyoshima, Shuichi Yogo, et al. Safety securing approach against cyber-attacks for process control system[J]. Computers & Chemical Engineering, 2013,57:181-186.
[5]	Lim I H, Hong S, Choi M S, et al. Security protocols against cyber attacks in the distribution automation system[J]. IEEE Transactions on Power Delivery, 2010,25(1):448-455.
[6]	Vinay M Igure, Sean A Laughter, Ronald D Williams. Security issues in SCADA networks[J]. Computers & Security, 2006,25(7):498-506.
[7]	Janakiraman S, Vasudevan V. An intelligent distributed intrusion detection system using genetic algorithm[J]. Journal of Convergence Information Technology, 2009,4(1):70-76.
[8]	Hu Liang, Wang Wenbo, Zhao Kuo. The design and implementation of trusted communication protocol for intrusion prevention system[J]. Journal of Convergence Information Technology, 2011,6(3):55-62.
[9]	张志檩. 石化企业管控一体化的发展趋势[J]. 自动化博览, 2010(S1):45-50.
[10]	崔玉华,李俊杰. 利用MES实现炼化企业管控一体化[J]. 油气田地面工程, 2010,29(6):92.
[11]	新疆油田公司技术发展处. 新疆油田生产自动化系统现状[J]. 数字石油和化工, 2006(11):23-37.
[12]	马钧,廖力清,凌玉华. 一种基于Linux的双主板网络物理隔离技术[J]. 电子技术, 2004,31(3):25-28.
[13]	Ma Jun, She Jun. Research on cyber security segregation for industrial control systems[J]. International Journal of Digital Content Technology and Its Applications, 2011,5(8):9-15.
[14]	刘建伟,王育民. 网络安全:技术与实践[M]. 北京:清华大学出版社, 2005:1-10.

石化企业工业控制系统非网联接

Non-network Connection for Industrial Control Systems of Petrochemical Enterprises

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献 14

相关文章 3

编辑推荐

Metrics

本文评价

[1]	王红凯1，黄益彬2，马志程3. 电网信息安全设备联动关键技术[J]. 计算机与现代化, 2017, 0(2): 57-60.
[2]	糜旗1，2，朱杰1，2，徐超2，宗俊珺2. 基于APT网络攻击的技术研究[J]. 计算机与现代化, 2014, 0(10): 92-94,122.
[3]	赵智勇. 网络攻击过程剖析[J]. 计算机与现代化, 2012, 8(08): 55-56.