DOI QR코드

DOI QR Code

A Efficient Network Security Management Model in Industrial Control System Environments

산업제어시스템 환경에서 효과적인 네트워크 보안 관리 모델

  • Kim, Il-Yong (Department of IT Policy Management, Soongsil University) ;
  • Lim, Hee-Teag (Department of IT Policy Management, Soongsil University) ;
  • Ji, Dae-Bum (Department of IT Policy Management, Soongsil University) ;
  • Park, Jae-Pyo (Graduate School of Information Science, Soongsil University)
  • 김일용 (숭실대학교 대학원 IT정책경영학과) ;
  • 임희택 (숭실대학교 대학원 IT정책경영학과) ;
  • 지대범 (숭실대학교 대학원 IT정책경영학과) ;
  • 박재표 (숭실대학교 정보과학대학원)
  • Received : 2018.01.24
  • Accepted : 2018.04.06
  • Published : 2018.04.30

Abstract

The industrial control system (ICS) has operated as a closed network in the past, but it has recently been linked to information and communications services and has been causing damage due to cyber attacks. As a countermeasure, the Information Communication Infrastructure Protection Act was enacted, but it cannot be applied to various real control environments because there is only a one-way policy-from a control network to a business network. In addition, IEC62443 defines an industrial control system reference model as an international standard, and suggests an area security model using a firewall. However, there is a limit to linking an industrial control network, operating as a closed network, to an external network only through a firewall. In this paper, we analyze the security model and research trends of the industrial control system at home and abroad, and propose an industrial control system security model that can be applied to the actual interworking environments of various domestic industrial control networks. Also, we analyze the security of firewalls, industrial firewalls, network connection equipment, and one-way transmission systems. Through a domestic case and policy comparison, it is confirmed that security is improved. In the era of the fourth industrial revolution, the proposed security model can be applied to security management measures for various industrial control fields, such as smart factories, smart cars, and smart plants.

Keywords

Industrial Security;ICS Security;SCADA Security;ICS Reference Model;Industrial Control System

References

  1. National Intelligence Service, Ministry of Science, ICT and Future Planning, Korea Communications Commission, Ministry of the Interior and Safety, Financial Service Commission, 2017 National information Security White Paper, 04. 2017.
  2. Ministry of Science, ICT and Future Planning Announcement 2013-37, Baseline for Vulnerability Analysis and Evaluation in the Critical Information Communication Infrastructure, 08. 2013.
  3. National Security Research Institute, Requirements for Industrial Control System, 2017. 11.
  4. IEC TS 62443-1-1:2009, Industrial communication networks - Network and system security - Part 1-1: Terminology, concepts and models, Jul. 2009.
  5. ISA-62443-1-1, Security for Industrial Automation and Control System, Mar. 2017.
  6. NIST SP 800-82, Guide to Industrial Control System Security, May. 2015.
  7. Jun-Hyeong Oh, Young-In You, Kyung-Ho Lee, "Computer Emergency in Infrastructure and ICS Standards Trends," Review of KIISC, vol. 27, no. 2, pp. 5-11. 04. 2017.
  8. David Kuipers, Mark Fabro, Control Systems Cyber Security : Defense in Depth Strategies, INL/EXT-06-11478, May 2006.
  9. ISA-95.00.01-CDV3, Enterprise-Control System Integration, Part 1: Models and Terminology, 2008.
  10. Belden Inc., Tofino Security Appliance. https://www.tofinosecurity.com
  11. Moxa Inc., https://www.moxa.com/
  12. Crystal Group Inc., https://www.crystalrugged.com/
  13. Tofino Security White paper. Using ANSI/ISA-99 Standards to Improve Control System Security, May. 2012.
  14. NNSP Co. Ltd., http://nnsp.co.kr
  15. Waterfall Security Solutions Ltd., https://waterfall-security.com/
  16. Owl Cyber Defence Solution, https://www.owlcyberdefense.com/
  17. IT Security Certification Center, Requirements for Government IT Security Products, 2014.
  18. Hanssak Co. Ltd., http://www.hanssak.co.kr
  19. SQLsoft Co. Ltd., http://www.sqisoft.com
  20. Hunesion Co. Lted., http://www.hunesion.com/