CN112116227A - Industrial control information security risk assessment model based on distributed inspection - Google Patents
Industrial control information security risk assessment model based on distributed inspection Download PDFInfo
- Publication number
- CN112116227A CN112116227A CN202010932482.XA CN202010932482A CN112116227A CN 112116227 A CN112116227 A CN 112116227A CN 202010932482 A CN202010932482 A CN 202010932482A CN 112116227 A CN112116227 A CN 112116227A
- Authority
- CN
- China
- Prior art keywords
- risk assessment
- inspection
- information security
- industrial control
- asset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
Abstract
The invention relates to the technical field of information security of industrial control systems, and discloses an industrial control information security risk assessment model based on distributed inspection, which comprises the following steps: s1: formulating an information security risk list according to the target to be evaluated; s2 selecting a risk assessment method, wherein the risk assessment method comprises a qualitative risk assessment method and a quantitative risk assessment method; s3: and acquiring a communication data packet of the industrial control system based on the information security risk list, analyzing the communication data packet, acquiring relevant elements of the system asset, storing the relevant elements to form an asset sample list, and collecting the system asset information in a field random spot check and retrieval mode. This industrial control information security risk assessment model based on collection and distribution formula inspection can solve and need the staff to carry out a large amount of manual operation parts at the inspection process at present, has not only reduced inspection efficiency, inspects accurate relatively poor problem moreover.
Description
Technical Field
The invention relates to the technical field of information security of industrial control systems, in particular to an industrial control information security risk assessment model based on distributed inspection.
Background
Industrial control systems (ICS for short) are widely applied to the fields of energy, municipal administration, chemical industry, transportation, water conservancy, national defense and scientific industry, food and drug, equipment manufacturing and other industries in China, more than half of important infrastructures related to the national civilization depend on the ICS to realize automatic operation, and the information security of the ICS becomes an important component of the national network security strategy.
Since the occurrence of the event of iran "earthquake network" in 2010, the state successively releases and implements legal regulations and policy regulations related to the evaluation of the safety risk of the series of industrial control information, such as the network security law of the people's republic of China, and the like, wherein: the network security law of the people's republic of China, key information infrastructure protection regulations (solicited opinions), network security level protection regulations (solicited opinions), industrial control system information security protection capability assessment work management method and the like all put forward definite requirements on the assessment of the information security risk of the industrial control system.
At present, a plurality of industrial control inspection and evaluation tools are available on the market, but a large number of manual operation parts are required by workers in the inspection process, so that the inspection efficiency is reduced, and the inspection accuracy is poor.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides an industrial control information security risk assessment model based on distributed inspection, which has the advantages of improving inspection efficiency and accuracy, and solves the problems that a large number of manual operation parts are required by workers in the inspection process, the inspection efficiency is reduced, and the inspection accuracy is poor.
(II) technical scheme
In order to achieve the purpose of improving the inspection efficiency and accuracy, the invention provides the following technical scheme: an industrial control information security risk assessment model based on distributed inspection comprises the following steps:
s1: formulating an information security risk list according to the target to be evaluated;
s2 selecting a risk assessment method, wherein the risk assessment method comprises a qualitative risk assessment method and a quantitative risk assessment method;
s3: based on the information security risk list, acquiring and analyzing a communication data packet of the industrial control system, acquiring related elements of system assets, storing the related elements to form an asset sample list, meanwhile, collecting system asset information in a field random spot check and retrieval mode, and comparing the asset sample list with the collected system asset information to ensure that the assets to be evaluated are error-free;
s4: automatically producing a corresponding inspection model for each system asset according to the selected risk assessment method;
s5: randomly distributing a responsible person for inspection for each system resource, and randomly distributing a plurality of inspectors with corresponding quantity according to the detection data volume, wherein each responsible person has a main task and a secondary task, and the main task specifically comprises the following steps: the system resource checking module is responsible for checking system resources corresponding to the checking model, and the secondary tasks specifically include: data spot check of detection results of other responsible persons responsible for random distribution;
s6: the method comprises the following steps that a responsible person distributes basic tasks to all inspectors, the inspectors execute the tasks after receiving the tasks, acquired data information is collected to the responsible person, and the responsible person uploads the data to an inspection model after confirming that the data are correct;
s7: and merging the data generated by the inspection models corresponding to the system assets, carrying out risk analysis, and finally outputting an integral risk assessment report.
Preferably, in the step S1, the information security risks in the list are prioritized by risk level and can be used to inform risk response decision.
Preferably, in the step S2, the qualitative risk assessment method specifically includes: the opinion of experienced employees and experts may be relied upon to provide information regarding the likelihood and severity of a particular risk affecting a particular asset, while the different levels of likelihood and severity are identified by general levels such as high, medium, and low.
Preferably, in the step S2, the quantitative risk assessment method specifically includes: there is a need for a large amount of data support that can provide probabilities of loss due to risk and vulnerability, such as information available, quantitative risk assessment can provide more accurate risk assessment results than qualitative risk assessment methods, where the phenomenon of accidents, and rapid threat activation based on recently provided data regarding industrial control system security threats is relatively rare, in which case quantitative risk assessment methods are more effective in assessing these risks.
Preferably, in the step S5, in the case that the responsible person performs the secondary task, the third responsible person is assigned to perform data collection again if the data of the spot check is determined to be erroneous.
Preferably, in the step S5, the basic tasks include inspection and evaluation of each asset in the asset list, survey of questionnaire form global to the system, and threat investigation; and the responsible person distributes the task package to the inspectors by using a single asset inspection object model, a single global questionnaire form investigation and a threat survey, and distributes the asset inspection object and the system global questionnaire form to each inspector to divide labor and execute inspection in parallel.
(III) advantageous effects
Compared with the prior art, the invention provides an industrial control information security risk assessment model based on distributed inspection, which has the following beneficial effects:
according to the industrial control information safety risk assessment model based on distributed inspection, an information safety risk list is formulated through analyzing an assessment target, a corresponding risk assessment method is selected, on-site spot check data and system data are obtained for comparison, the data false condition is avoided, in the distributed inspection process, inspection data of the other side are mutually checked through responsible persons, the occurrence of the bag-sheltered condition is avoided, collected data are input into an inspection model, the whole risk assessment report is reduced, the number of manual operation parts is small, the inspection efficiency is improved, and the inspection accuracy is improved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An industrial control information security risk assessment model based on distributed inspection comprises the following steps:
s1: formulating an information security risk list according to the target to be evaluated;
s2 selecting a risk assessment method, wherein the risk assessment method comprises a qualitative risk assessment method and a quantitative risk assessment method;
s3: based on the information security risk list, acquiring and analyzing a communication data packet of the industrial control system, acquiring related elements of system assets, storing the related elements to form an asset sample list, meanwhile, collecting system asset information in a field random spot check and retrieval mode, and comparing the asset sample list with the collected system asset information to ensure that the assets to be evaluated are error-free;
s4: automatically producing a corresponding inspection model for each system asset according to the selected risk assessment method;
s5: randomly distributing a responsible person for inspection for each system resource, and randomly distributing a plurality of inspectors with corresponding quantity according to the detection data volume, wherein each responsible person has a main task and a secondary task, and the main task specifically comprises the following steps: the system resource checking module is responsible for checking system resources corresponding to the checking model, and the secondary tasks specifically include: data spot check of detection results of other responsible persons responsible for random distribution;
s6: the method comprises the following steps that a responsible person distributes basic tasks to all inspectors, the inspectors execute the tasks after receiving the tasks, acquired data information is collected to the responsible person, and the responsible person uploads the data to an inspection model after confirming that the data are correct;
s7: and merging the data generated by the inspection models corresponding to the system assets, carrying out risk analysis, and finally outputting an integral risk assessment report.
The method comprises the steps of formulating an information safety risk list by analyzing an evaluation target, selecting a corresponding risk evaluation method, comparing field spot check data with acquired system data to avoid data false, in the distributed inspection process, mutually spot checking inspection data of opposite parties among responsible persons to avoid occurrence of package refuge, inputting collected data into an inspection model to acquire an integral risk evaluation report, and having few manual operation parts, thereby not only improving inspection efficiency, but also improving inspection accuracy.
In the step S1, the information security risks in this list are prioritized by risk level and can be used to inform risk response decisions.
In the step S2, the qualitative risk assessment method specifically includes: the opinion of experienced employees and experts may be relied upon to provide information regarding the likelihood and severity of a particular risk affecting a particular asset, while the different levels of likelihood and severity are identified by general levels such as high, medium, and low.
In the step S2, the quantitative risk assessment method specifically includes: there is a need for a large amount of data support that can provide probabilities of loss due to risk and vulnerability, such as information available, quantitative risk assessment can provide more accurate risk assessment results than qualitative risk assessment methods, where the phenomenon of accidents, and rapid threat activation based on recently provided data regarding industrial control system security threats is relatively rare, in which case quantitative risk assessment methods are more effective in assessing these risks.
In the step S5, in the secondary task executed by the responsible person, if the data obtained by the spot check is determined to have an error, the responsible person is assigned to perform data collection again, the data collected by the third responsible person is compared with the data collected by the first two responsible persons, if the data collected by the third responsible person is the same as the data collected by one of the responsible persons, the data is used, and if the data collected by the third responsible person is different from the data collected by the first two responsible persons, the fourth responsible person is called to perform data collection again until the same collected data is obtained.
In the step S5, the basic tasks include inspection and evaluation of each asset in the asset list, survey of questionnaires global to the system, and threat investigation; and the responsible person distributes the task package to the inspectors by using a single asset inspection object model, a single global questionnaire form investigation and a threat survey, and distributes the asset inspection object and the system global questionnaire form to each inspector to divide labor and execute inspection in parallel.
According to the industrial control information safety risk assessment model based on distributed inspection, an information safety risk list is formulated through analyzing an assessment target, a corresponding risk assessment method is selected, on-site spot check data and system data are obtained for comparison, the data false condition is avoided, in the distributed inspection process, inspection data of the other side are mutually checked through responsible persons, the occurrence of the bag-sheltered condition is avoided, collected data are input into an inspection model, an integral risk assessment report is obtained, manual operation is few, inspection efficiency is improved, and inspection accuracy is improved.
It is to be noted that the term "comprises," "comprising," or any other variation thereof is intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (6)
1. An industrial control information security risk assessment model based on distributed inspection is characterized by comprising the following steps:
s1: formulating an information security risk list according to the target to be evaluated;
s2 selecting a risk assessment method, wherein the risk assessment method comprises a qualitative risk assessment method and a quantitative risk assessment method;
s3: based on the information security risk list, acquiring and analyzing a communication data packet of the industrial control system, acquiring related elements of system assets, storing the related elements to form an asset sample list, meanwhile, collecting system asset information in a field random spot check and retrieval mode, and comparing the asset sample list with the collected system asset information to ensure that the assets to be evaluated are error-free;
s4: automatically producing a corresponding inspection model for each system asset according to the selected risk assessment method;
s5: randomly distributing a responsible person for inspection for each system resource, and randomly distributing a plurality of inspectors with corresponding quantity according to the detection data volume, wherein each responsible person has a main task and a secondary task, and the main task specifically comprises the following steps: the system resource checking module is responsible for checking system resources corresponding to the checking model, and the secondary tasks specifically include: data spot check of detection results of other responsible persons responsible for random distribution;
s6: the method comprises the following steps that a responsible person distributes basic tasks to all inspectors, the inspectors execute the tasks after receiving the tasks, acquired data information is collected to the responsible person, and the responsible person uploads the data to an inspection model after confirming that the data are correct;
s7: and merging the data generated by the inspection models corresponding to the system assets, carrying out risk analysis, and finally outputting an integral risk assessment report.
2. The distributed inspection-based industrial control information security risk assessment model according to claim 1, wherein: in the step S1, the information security risks in this list are prioritized by risk level and can be used to inform risk response decisions.
3. The distributed inspection-based industrial control information security risk assessment model according to claim 1, wherein: in the step S2, the qualitative risk assessment method specifically includes: the opinion of experienced employees and experts may be relied upon to provide information regarding the likelihood and severity of a particular risk affecting a particular asset, while the different levels of likelihood and severity are identified by general levels such as high, medium, and low.
4. The distributed inspection-based industrial control information security risk assessment model according to claim 1, wherein: in the step S2, the quantitative risk assessment method specifically includes: a large amount of data support is required that can provide a probability of loss due to risk and vulnerability.
5. The distributed inspection-based industrial control information security risk assessment model according to claim 1, wherein: in the step S5, when the responsible person performs the secondary task and determines that the data checked by the spot check is incorrect, a third responsible person is assigned to perform data re-collection.
6. The distributed inspection-based industrial control information security risk assessment model according to claim 1, wherein: in the step S5, the main tasks include inspection and evaluation of each asset in the asset list, survey of questionnaires global to the system, and threat investigation; and the responsible person distributes the task package to the inspectors by using a single asset inspection object model, a single global questionnaire form investigation and a threat survey, and distributes the asset inspection object and the system global questionnaire form to each inspector to divide labor and execute inspection in parallel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010932482.XA CN112116227A (en) | 2020-09-08 | 2020-09-08 | Industrial control information security risk assessment model based on distributed inspection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010932482.XA CN112116227A (en) | 2020-09-08 | 2020-09-08 | Industrial control information security risk assessment model based on distributed inspection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112116227A true CN112116227A (en) | 2020-12-22 |
Family
ID=73803162
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010932482.XA Pending CN112116227A (en) | 2020-09-08 | 2020-09-08 | Industrial control information security risk assessment model based on distributed inspection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112116227A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150301515A1 (en) * | 2013-01-08 | 2015-10-22 | Secure-Nok As | Method, Device and Computer Program for Monitoring an Industrial Control System |
| CN105045251A (en) * | 2015-05-27 | 2015-11-11 | 华中科技大学 | Demand analysis and integration method for function safety and information safety of industrial control system |
| CN108092981A (en) * | 2017-12-22 | 2018-05-29 | 北京明朝万达科技股份有限公司 | A kind of data security protection method and device |
| CN110794795A (en) * | 2019-11-27 | 2020-02-14 | 上海三零卫士信息安全有限公司 | Industrial control information security risk assessment model based on distributed inspection |
-
2020
- 2020-09-08 CN CN202010932482.XA patent/CN112116227A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150301515A1 (en) * | 2013-01-08 | 2015-10-22 | Secure-Nok As | Method, Device and Computer Program for Monitoring an Industrial Control System |
| CN105045251A (en) * | 2015-05-27 | 2015-11-11 | 华中科技大学 | Demand analysis and integration method for function safety and information safety of industrial control system |
| CN108092981A (en) * | 2017-12-22 | 2018-05-29 | 北京明朝万达科技股份有限公司 | A kind of data security protection method and device |
| CN110794795A (en) * | 2019-11-27 | 2020-02-14 | 上海三零卫士信息安全有限公司 | Industrial control information security risk assessment model based on distributed inspection |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108833416B (en) | SCADA system information security risk assessment method and system | |
| Carranza et al. | Mismatches between conservation outcomes and management evaluation in protected areas: A case study in the Brazilian Cerrado | |
| CN111859393B (en) | Risk assessment system and method based on situation awareness alarm | |
| CN107122483B (en) | Basic geographic information data quality inspection method, device and system | |
| US20070112667A1 (en) | System and method for providing a fraud risk score | |
| KR100755000B1 (en) | Security risk management system and method | |
| CN105516130A (en) | Data processing method and device | |
| CN108898311A (en) | A kind of data quality checking method towards intelligent distribution network repairing dispatching platform | |
| Aven | On how to conceptualise and describe risk | |
| CN113408114A (en) | Method and system for evaluating vulnerability threat degree of power monitoring system equipment | |
| CN113778806A (en) | Method, device, equipment and storage medium for processing safety alarm event | |
| Xie et al. | Optimum prioritisation and resource allocation based on fault tree analysis | |
| CN112116227A (en) | Industrial control information security risk assessment model based on distributed inspection | |
| Borgonovo | Epistemic uncertainty in the ranking and categorization of probabilistic safety assessment model elements: Issues and findings | |
| CN115860455A (en) | Transformer substation asset monitoring risk assessment method | |
| Lai et al. | Development of a failure mode and effects analysis based risk assessment tool for information security | |
| CN102708041A (en) | Method for calculating minimal software believability test case number | |
| KR102037277B1 (en) | Performance based risk assessment method for port facility using mobile terminal | |
| CN115660774B (en) | Block chain-based material supply chain system credit evaluation method | |
| CN114665986B (en) | Bluetooth key testing system and method | |
| Higo et al. | Value of information and hypothesis testing approaches for sample size determination in engineering component inspection: a comparison | |
| KR102239376B1 (en) | System of security level assessment for chemcial facility | |
| KR102211242B1 (en) | Method of terror risk assessment for chemcial facility | |
| KR102261360B1 (en) | System of security vulnerability assessment for chemcial facility | |
| Higo et al. | Determination of sample size to support diagnostic inspection of components |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20201222 |