CN115688112A - Industrial control risk assessment method, device, equipment and storage medium - Google Patents
Industrial control risk assessment method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN115688112A CN115688112A CN202211238912.3A CN202211238912A CN115688112A CN 115688112 A CN115688112 A CN 115688112A CN 202211238912 A CN202211238912 A CN 202211238912A CN 115688112 A CN115688112 A CN 115688112A
- Authority
- CN
- China
- Prior art keywords
- industrial control
- physical
- equipment
- risk assessment
- control simulation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application is applicable to the technical field of industrial control, and provides an industrial control risk assessment method, an industrial control risk assessment device, industrial control risk assessment equipment and a storage medium, wherein the method comprises the following steps: configuring and generating a physical industrial control simulation system based on networking information of industrial control equipment; based on industrial control network control information, configuring and generating an industrial control network virtual target range; establishing a data transmission relation between the industrial control network virtual target range and the physical industrial control simulation system; and according to a risk assessment task, executing risk assessment operation under a set risk assessment scene in the industrial control network virtual target range and the physical industrial control simulation system which are established with the data transmission relation, and generating a risk assessment result. According to the scheme, the convenience and the safety of risk assessment are improved while the stable operation of the production environment can be ensured.
Description
Technical Field
The application belongs to the technical field of industrial control, and particularly relates to an industrial control risk assessment method, device, equipment and storage medium.
Background
In recent years, the security problem of the industrial control system is becoming more serious, and various network attack events aiming at the industrial control system are frequently generated. With the development strategy of 'internet +' and the like in China, the research on strengthening the safety problem of the industrial control system is provided, the strengthening of the safety protection measures of the industrial control system is more important, and the attention programs of national supervision departments, industrial management departments and enterprises to the safety of the industrial control system are continuously increased.
Therefore, it is necessary to evaluate the risk of network devices, computer devices, software, other assets, and management security associated with an industrial control system or software.
The industrial control system or software is in a core area of enterprise production, is related to the production and data security of enterprises, and is also the weakest area of the network security of industrial internet enterprises, when risk assessment is carried out on the industrial control system in a production environment, even under the operation of professionals, certain influence on a field industrial control environment and a production operation environment cannot be completely avoided, and production safety accidents can be seriously caused.
Therefore, how to avoid the interference to the actual production environment as much as possible while implementing effective industrial control risk assessment is a problem to be solved.
Disclosure of Invention
The embodiment of the application provides an industrial control risk assessment method, an industrial control risk assessment device and a storage medium, and aims to solve the problem that how to implement effective industrial control risk assessment and avoid interference on an actual production environment as much as possible in the prior art.
A first aspect of an embodiment of the present application provides an industrial control risk assessment method, including:
configuring and generating a physical industrial control simulation system based on networking information of industrial control equipment, wherein the physical industrial control simulation system comprises industrial control simulation equipment and a networking relation between the industrial control simulation equipment;
based on industrial control network control information, configuring and generating an industrial control network virtual target range; an industrial control network control system to be evaluated is configured in the industrial control network virtual target range;
establishing a data transmission relation between the industrial control network virtual target range and the physical industrial control simulation system;
and according to a risk assessment task, executing risk assessment operation under a set risk assessment scene in the industrial control network virtual target range and the physical industrial control simulation system with the data transmission relation, and generating a risk assessment result.
Optionally, the configuring and generating a physical industrial control simulation system based on networking information of the industrial control device includes:
analyzing the networking information of the industrial control equipment, and determining the networking relation between the industrial control physical equipment and the industrial control physical equipment;
matching the industrial control simulation equipment corresponding to the industrial control physical equipment;
and configuring the networking relationship between the industrial control simulation equipment and the industrial control simulation equipment to obtain the physical industrial control simulation system.
Optionally, the configuring a networking relationship between the industrial control simulation device and the industrial control simulation device to obtain the physical industrial control simulation system includes:
configuring networking relation between the industrial control simulation equipment and the industrial control simulation equipment to obtain a preliminary industrial control simulation system;
and comparing the structures of the preliminary industrial control simulation system and the physical industrial control system, and determining the preliminary industrial control simulation system as the physical industrial control simulation system under the condition of determining that the configuration structures of the preliminary industrial control simulation system and the physical industrial control system are consistent.
Optionally, the configuring and generating an industrial control network virtual target range based on the industrial control network control information includes:
configuring a network shooting range system based on a network shooting range hardware environment;
and establishing the industrial control network control system to be evaluated in the network target range system to obtain the industrial control network virtual target range, wherein the industrial control network control system is used for realizing industrial control on the industrial control simulation equipment.
Optionally, the executing, according to the risk assessment task, a risk assessment operation in a set risk assessment scenario in the industrial control network virtual target range and the physical industrial control simulation system in which the data transmission relationship is established, and generating a risk assessment result includes:
according to a risk assessment task, inputting risk test data into the industrial control network virtual target range or the physical industrial control simulation system, and acquiring test results of the industrial control network virtual target range and the physical industrial control simulation system based on the data transmission relation to obtain a risk assessment data sample;
and according to the set risk analysis dimension, performing data analysis on the risk assessment data sample to obtain the risk assessment result.
Optionally, the performing data analysis on the risk assessment data sample according to a set risk analysis dimension to obtain the risk assessment result includes:
according to set risk analysis dimensions, performing data analysis on the risk assessment data samples to obtain assessment result items corresponding to the set risk analysis dimensions;
and embedding the evaluation result items into corresponding display positions of a set evaluation display template to generate the risk evaluation result containing each evaluation result item.
A second aspect of the embodiments of the present application provides an industrial risk assessment apparatus, including:
the first configuration module is used for configuring and generating a physical industrial control simulation system based on networking information of industrial control equipment, wherein the physical industrial control simulation system comprises industrial control simulation equipment and a networking relation between the industrial control simulation equipment;
the second configuration module is used for configuring and generating an industrial control network virtual target range based on industrial control network control information; an industrial control network control system to be evaluated is configured in the industrial control network virtual target range;
the relation establishing module is used for establishing a data transmission relation between the industrial control network virtual target range and the physical industrial control simulation system;
and the risk evaluation module is used for executing risk evaluation operation under a set risk evaluation scene in the industrial control network virtual target range and the physical industrial control simulation system with the data transmission relation according to a risk evaluation task to generate a risk evaluation result.
Optionally, the first configuration module is specifically configured to:
analyzing the networking information of the industrial control equipment, and determining the networking relation between the industrial control physical equipment and the industrial control physical equipment;
matching the industrial control simulation equipment corresponding to the industrial control physical equipment;
and configuring the networking relation between the industrial control simulation equipment and the industrial control simulation equipment to obtain the physical industrial control simulation system.
A third aspect of embodiments of the present application provides a computer device, comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method according to the first aspect when executing the computer program.
A fourth aspect of embodiments of the present application provides a computer-readable storage medium, in which a computer program is stored, which, when executed by a processor, performs the steps of the method according to the first aspect.
A fifth aspect of the present application provides a computer program product, which, when run on a computer device, causes the computer device to perform the steps of the method of the first aspect described above.
Therefore, in the embodiment of the application, by means of the physical industrial control simulation system generated by configuration and the industrial control network virtual target range, networking simulation of physical industrial control hardware equipment in a real production environment is realized, simulation of a software control system of the industrial control network control system in the industrial control network virtual target range is realized, a data transmission relation between the industrial control network virtual target range and the physical industrial control simulation system is established, industrial control risk assessment work can be carried out in a way of being separated from a field production environment, any interference or loss can not be caused to the production environment, stable operation of the production environment is ensured, and convenience and safety of risk assessment are improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a first flowchart of an industrial control risk assessment method provided in an embodiment of the present application;
fig. 2 is a second flowchart of an industrial control risk assessment method provided in the embodiment of the present application;
FIG. 3 is a schematic diagram of a physical industrial control simulation system according to an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of a network shooting range architecture provided by an embodiment of the present application;
fig. 5 is a structural diagram of an industrial risk assessment device provided in an embodiment of the present application;
fig. 6 is a block diagram of a computer device according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the present application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
In particular implementations, the computer devices described in embodiments of the present application include, but are not limited to, other portable devices such as mobile phones, laptop computers, or tablet computers having touch sensitive surfaces (e.g., touch screen displays and/or touch pads). It should also be understood that in some embodiments, the device is not a portable communication device, but is a desktop computer having a touch-sensitive surface (e.g., a touch screen display and/or a touchpad).
In the discussion that follows, a computer device that includes a display and a touch-sensitive surface is described. However, it should be understood that the computer device may include one or more other physical user interface devices such as a physical keyboard, mouse, and/or joystick.
The computer device supports various applications, such as one or more of the following: a drawing application, a presentation application, a word processing application, a website creation application, a disc burning application, a spreadsheet application, a gaming application, a telephone application, a video conferencing application, an email application, an instant messaging application, an exercise support application, a photo management application, a digital camera application, a web browsing application, a digital music player application, and/or a digital video player application.
Various applications that may be executed on the computer device may use at least one common physical user interface device, such as a touch-sensitive surface. One or more functions of the touch-sensitive surface and corresponding information displayed on the computer device may be adjusted and/or changed between applications and/or within respective applications. In this way, a common physical architecture (e.g., touch-sensitive surface) of the computer device can support various applications with user interfaces that are intuitive and transparent to the user.
It should be understood that, the sequence numbers of the steps in this embodiment do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of this embodiment.
In order to explain the technical means described in the present application, the following description will be given by way of specific examples.
Referring to fig. 1, fig. 1 is a first flowchart of an industrial control risk assessment method provided in an embodiment of the present application. As shown in fig. 1, an industrial control risk assessment method includes the following steps:
and 101, configuring and generating a physical industrial control simulation system based on networking information of the industrial control equipment.
The physical industrial control simulation system comprises industrial control simulation equipment and a networking relation between the industrial control simulation equipment.
In the process, the industrial control simulation equipment is real equipment corresponding to industrial control physical equipment. The industrial control simulation equipment and the networking relation between the industrial control simulation equipment are configured for being separated from a production field, and a physical industrial control simulation system is generated.
Specifically, in a specific implementation, the industrial control simulation device corresponding to the industrial control physical device may include a real device that is consistent with a production environment and is obtained by simulating a field basic device layer, a field control device layer, and a process control device layer. The method has the advantages that the process flow of the industrial control system of the production environment is reproduced, the accuracy of a risk assessment result is improved, and the influence or damage caused by the risk can be visually verified.
The industrial control simulation equipment can be computer equipment or control equipment for internally simulating the functions of industrial control physical equipment.
In an optional embodiment, with reference to fig. 2, the step of configuring and generating a physical industrial control simulation system based on networking information of industrial control equipment includes:
In the above process, the networking information of the industrial control equipment may be obtained based on the networking relationship configuration between the industrial control physical equipment and the industrial control physical equipment included in the real production environment.
In an implementation scenario, with reference to fig. 3, 6 key process flows can be selected according to the deployment and field networking conditions of each industrial physical device in a field industrial control system of an enterprise, and reduction deployment and installation are performed according to network devices, computer devices, software, systems and the like used in an actual production environment, so as to implement physical simulation construction of a field device layer, a field control layer and a process control layer in an industrial control system architecture.
In the present embodiment, 6 types of common industrial Control devices (see a Programmable Logic Controller (PLC), a Luo Erwei a-B PLC, a Distributed Control System (DCS), a york DCS, a cross-river DCS, and a central Control DCS in fig. 3) are selected and used to implement the simulated reduction and reproduction of the field industrial Control System using the process flows corresponding to the 6 types of industrial Control devices.
And according to a network topological graph corresponding to the industrial control physical equipment in the actual production environment, a hardware environment is built, the simulation environment embodied in the physical industrial control simulation system is consistent with the network architecture and the system equipment of the production environment, and the hardware basic support of risk assessment work is met.
The configuring of the networking relationship between the industrial control simulation equipment and the industrial control simulation equipment to obtain the physical industrial control simulation system comprises:
configuring networking relation between the industrial control simulation equipment and the industrial control simulation equipment to obtain a preliminary industrial control simulation system;
and comparing the structures of the preliminary industrial control simulation system and the physical industrial control system, and determining the preliminary industrial control simulation system as the physical industrial control simulation system under the condition of determining that the configuration structures of the preliminary industrial control simulation system and the physical industrial control system are consistent.
Networking relations among the industrial control simulation equipment, such as data transmission through a switch, firewall setting, serial-parallel relations among different industrial control simulation equipment, and the like.
And 102, configuring and generating an industrial control network virtual target range based on the industrial control network control information.
The industrial control network virtual target range can be used for performing attack and defense exercises and configuring the software operating environment under a set scene. And the industrial control network virtual target range is provided with an industrial control network control system to be evaluated.
The industrial control network control system can specifically realize the control of industrial control simulation equipment in a physical industrial control simulation system. The control is, for example, operation control, scheduling control, start-stop control, or the like.
In an optional embodiment, the configuring and generating an industrial control network virtual target range based on industrial control network control information includes:
configuring a network shooting range system based on the network shooting range hardware environment;
and establishing the industrial control network control system to be evaluated in the network target range system to obtain the industrial control network virtual target range, wherein the industrial control network control system is used for realizing industrial control on the industrial control simulation equipment.
The network shooting range hardware environment comprises a hardware device used for assembling the network shooting range system, network connection of the hardware device and hardware configuration. The hardware device is, for example, a network device, a computer device, or the like.
In the specific implementation process, the network target range is configured, and the virtual simulation restoration deployment and installation of the network equipment, the computer equipment, the software and the system of the enterprise production execution layer and the office management layer are repeated according to software and hardware related to the actual production environment of an enterprise by using the functions of the network target range virtualization components.
Based on the hardware environment of the network shooting range, the field device layer, the field control layer and the network device, the computer device, the software and the system in the process control layer of the production environment are reproduced.
Based on the hardware environment of the network shooting range, the network shooting range system is configured, and the basic function of the network shooting range can be realized. As shown in fig. 4, the firing ground basic functions specifically include:
the system comprises a virtualization management module, a virtual equipment resource library, a component resource library and a scene construction module.
As shown in fig. 4, an application system of the shooting range service may also be implemented in the network shooting range system, including: risk verification system, risk assessment system, offense and defense drilling system and vulnerability discovery system. The simulation and the creation of the industrial control network control system to be evaluated are realized based on the firing ground service application system, and the risk evaluation operation of the industrial control network control system to be evaluated can be carried out.
In fig. 4, the firing ground basic function and the firing ground service application system included in the network firing ground are implemented in cooperation with the right-side basic support. The basic support corresponds to a real industrial control simulation system, and the simulation of a real industrial control equipment scene in an actual production environment is realized.
In the process, based on the capacity of the virtual host and the network of the network target place, the virtual host of the production execution layer, the office management layer network equipment and the computer equipment is established, the virtual network connection is established, and the network equipment, the computer equipment, the software and the system in the production execution layer and the office management layer of the enterprise production environment are reproduced.
And 103, establishing a data transmission relation between the industrial control network virtual target range and the physical industrial control simulation system.
The data transmission relationship specifically includes a data flow direction relationship, an output control relationship of an instruction, a feedback flow direction relationship of data, and the like.
The data Transmission relationship configuration between the physical industrial Control simulation system and the industrial Control network virtual target range can be realized through a Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol, an Optical Proximity Control (OPC) Protocol (OLE) for Process Control, and the like.
And 104, executing risk evaluation operation under a set risk evaluation scene in the industrial control network virtual target range and the physical industrial control simulation system with the data transmission relation according to a risk evaluation task, and generating a risk evaluation result.
After the generation of a physical industrial control simulation system by dynamic reproduction simulation of a field process flow and an operating environment and the generation of an industrial control network virtual target range by configuration are realized, a risk evaluation scene can be created, according to the risk evaluation requirement and the risk evaluation flow, the virtual network equipment, the computer equipment, the software and the system in the network target range and the virtual network equipment, the computer equipment, the software and the system in the physical simulation are respectively evaluated in sequence, and a risk evaluation report is generated.
In the scheme, the risk assessment work of the network equipment, the computer equipment, the software and the system in a field equipment layer, a field control layer, a process control layer, a production execution layer and an office management layer in an industrial control system architecture is realized.
The process adopts an industrial control risk assessment idea of combining virtuality and reality, improves the recurrence degree of an on-site industrial control system and environment, avoids interference on an on-site production environment caused by risk assessment work, supports undisturbed risk assessment on network equipment, computer equipment, software and other assets involved in the risk assessment, and achieves the purpose of undisturbed risk assessment, so that the accuracy of a risk assessment result in a real production environment is improved.
The executed risk assessment operation is, for example, a risk assessment operation such as simulating equipment operation control, simulating vulnerability attack of an industrial control network control system to be assessed, and the like.
In an optional embodiment, the performing, according to a risk assessment task, a risk assessment operation in a set risk assessment scenario in the industrial control network virtual target range and the physical industrial control simulation system where the data transmission relationship is established, to generate a risk assessment result includes:
according to a risk assessment task, inputting risk test data into the industrial control network virtual target range or the physical industrial control simulation system, and acquiring test results of the industrial control network virtual target range and the physical industrial control simulation system based on the data transmission relation to obtain a risk assessment data sample;
and according to the set risk analysis dimension, performing data analysis on the risk assessment data sample to obtain the risk assessment result.
The risk test data includes, for example, erroneous operation control parameters, attack data on a bug in the industrial control system, and the like.
By setting different risk analysis dimensions and according to risk test data corresponding to the risk evaluation task, the risk evaluation of the industrial control network virtual target range and the physical industrial control simulation system is realized, and the comprehensiveness and accuracy of evaluation results are improved.
Wherein, according to the set risk analysis dimension, performing data analysis on the risk assessment data sample to obtain the risk assessment result includes:
according to set risk analysis dimensions, performing data analysis on the risk assessment data samples to obtain assessment result items corresponding to the set risk analysis dimensions;
and embedding the evaluation result items into corresponding display positions of a set evaluation display template to generate the risk evaluation result containing each evaluation result item.
The convenience of finally generating a risk evaluation result and the readability of the evaluation result are improved.
In specific application, risk assessment and analysis of an industrial control network control system to be assessed are realized specifically based on a physical industrial control simulation system and an industrial control network virtual target range, and risk assessment of network equipment, computer equipment, software and systems in a virtual environment (a production execution layer and an office management layer) and a physical simulation environment (a field equipment layer, a field control layer and a process control layer) is completed in sequence, and a risk assessment report is generated.
In the embodiment of the application, by means of the physical industrial control simulation system generated by configuration and the industrial control network virtual target range, networking simulation of actual industrial control hardware equipment in a real production environment is realized, simulation of a software control system of the industrial control network control system in the industrial control network virtual target range is realized, a data transmission relation between the industrial control network virtual target range and the physical industrial control simulation system is established, industrial control risk assessment work can be carried out by separating from a field production environment, any interference or loss can not be caused to the production environment, stable operation of the production environment is ensured, and convenience and safety of risk assessment are improved.
Referring to fig. 5, fig. 5 is a structural diagram of an industrial risk assessment device according to an embodiment of the present application, and for convenience of description, only a part related to the embodiment of the present application is shown.
This industrial control risk assessment device 500 includes:
the first configuration module 501 is configured to generate a physical industrial control simulation system based on networking information of industrial control equipment, where the physical industrial control simulation system includes industrial control simulation equipment and a networking relationship between the industrial control simulation equipment;
a second configuration module 502, configured to generate an industrial control network virtual target range based on industrial control network control information; an industrial control network control system to be evaluated is configured in the industrial control network virtual target range;
a relationship establishing module 503, configured to establish a data transmission relationship between the industrial control network virtual target range and the physical industrial control simulation system;
and the risk evaluation module 504 is configured to execute a risk evaluation operation in a set risk evaluation scenario in the industrial control network virtual target range and the physical industrial control simulation system, which are established with the data transmission relationship, according to a risk evaluation task, and generate a risk evaluation result.
The first configuration module 501 is specifically configured to:
analyzing the networking information of the industrial control equipment, and determining the networking relation between the industrial control physical equipment and the industrial control physical equipment;
matching the industrial control simulation equipment corresponding to the industrial control physical equipment;
and configuring the networking relationship between the industrial control simulation equipment and the industrial control simulation equipment to obtain the physical industrial control simulation system.
Wherein the first configuration module 501 is more specifically configured to:
configuring networking relation between the industrial control simulation equipment and the industrial control simulation equipment to obtain a preliminary industrial control simulation system;
and comparing the structures of the preliminary industrial control simulation system and the physical industrial control system, and determining the preliminary industrial control simulation system as the physical industrial control simulation system under the condition of determining that the configuration structures of the preliminary industrial control simulation system and the physical industrial control system are consistent.
The second configuration module 502 is specifically configured to:
configuring a network shooting range system based on the network shooting range hardware environment;
and establishing the industrial control network control system to be evaluated in the network target range system to obtain the industrial control network virtual target range, wherein the industrial control network control system is used for realizing industrial control on the industrial control simulation equipment.
The risk assessment module 504 is specifically configured to:
according to a risk assessment task, inputting risk test data into the industrial control network virtual target range or the physical industrial control simulation system, and acquiring test results of the industrial control network virtual target range and the physical industrial control simulation system based on the data transmission relation to obtain a risk assessment data sample;
and according to the set risk analysis dimension, performing data analysis on the risk assessment data sample to obtain the risk assessment result.
Wherein the risk assessment module 504 is more specifically configured to:
according to set risk analysis dimensions, performing data analysis on the risk assessment data samples to obtain assessment result items corresponding to the set risk analysis dimensions;
and embedding the evaluation result items into corresponding display positions of a set evaluation display template to generate the risk evaluation result containing each evaluation result item.
The industrial control risk assessment device provided by the embodiment of the application can realize each process of the embodiment of the industrial control risk assessment method, can achieve the same technical effect, and is not repeated here to avoid repetition.
Fig. 6 is a block diagram of a computer device according to an embodiment of the present application. As shown in the figure, the computer device 6 of the embodiment includes: at least one processor 60 (only one shown in fig. 6), a memory 61, and a computer program 62 stored in the memory 61 and executable on the at least one processor 60, the steps of any of the various method embodiments described above being implemented when the computer program 62 is executed by the processor 60.
The computer device 6 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The computer device 6 may include, but is not limited to, a processor 60, a memory 61. Those skilled in the art will appreciate that fig. 6 is merely an example of a computer device 6 and is not intended to limit the computer device 6 and may include more or fewer components than shown, or some components may be combined, or different components, e.g., the computer device may also include input output devices, network access devices, buses, etc.
The Processor 60 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 61 may be an internal storage unit of the computer device 6, such as a hard disk or a memory of the computer device 6. The memory 61 may also be an external storage device of the computer device 6, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, provided on the computer device 6. Further, the memory 61 may also include both an internal storage unit and an external storage device of the computer device 6. The memory 61 is used for storing the computer program and other programs and data required by the computer device. The memory 61 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/computer device and method may be implemented in other ways. For example, the above-described apparatus/computer device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow in the method of the embodiments described above can be realized by a computer program, which can be stored in a computer-readable storage medium and can realize the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
The present application implements all or part of the processes in the methods of the embodiments, and may also be implemented by a computer program product, so that when the computer program product runs on a computer device, the computer device implements the steps in the embodiments of the methods when executed.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
Claims (10)
1. An industrial control risk assessment method is characterized by comprising the following steps:
configuring and generating a physical industrial control simulation system based on networking information of industrial control equipment, wherein the physical industrial control simulation system comprises industrial control simulation equipment and a networking relation between the industrial control simulation equipment;
based on industrial control network control information, configuring and generating an industrial control network virtual target range; an industrial control network control system to be evaluated is configured in the industrial control network virtual target range;
establishing a data transmission relation between the industrial control network virtual target range and the physical industrial control simulation system;
and according to a risk assessment task, executing risk assessment operation under a set risk assessment scene in the industrial control network virtual target range and the physical industrial control simulation system with the data transmission relation, and generating a risk assessment result.
2. The method of claim 1, wherein configuring and generating a physical industrial control simulation system based on networking information of industrial control equipment comprises:
analyzing the networking information of the industrial control equipment, and determining the networking relation between the industrial control physical equipment and the industrial control physical equipment;
matching the industrial control simulation equipment corresponding to the industrial control physical equipment;
and configuring the networking relationship between the industrial control simulation equipment and the industrial control simulation equipment to obtain the physical industrial control simulation system.
3. The method according to claim 2, wherein the configuring of the industrial control simulation device and the networking relationship between the industrial control simulation devices to obtain the physical industrial control simulation system comprises:
configuring networking relation between the industrial control simulation equipment and the industrial control simulation equipment to obtain a preliminary industrial control simulation system;
and comparing the structures of the preliminary industrial control simulation system and the physical industrial control system, and determining the preliminary industrial control simulation system as the physical industrial control simulation system under the condition of determining that the configuration structures of the preliminary industrial control simulation system and the physical industrial control system are consistent.
4. The method of claim 1, wherein configuring and generating an industrial control network virtual range based on industrial control network control information comprises:
configuring a network shooting range system based on the network shooting range hardware environment;
and establishing the industrial control network control system to be evaluated in the network target range system to obtain the industrial control network virtual target range, wherein the industrial control network control system is used for realizing industrial control on the industrial control simulation equipment.
5. The method according to claim 1, wherein the executing a risk assessment operation under a set risk assessment scenario in the industrial control network virtual target range and the physical industrial control simulation system with the data transmission relationship according to a risk assessment task to generate a risk assessment result comprises:
according to a risk assessment task, inputting risk test data into the industrial control network virtual target range or the physical industrial control simulation system, and acquiring test results of the industrial control network virtual target range and the physical industrial control simulation system based on the data transmission relation to obtain a risk assessment data sample;
and according to the set risk analysis dimension, performing data analysis on the risk assessment data sample to obtain the risk assessment result.
6. The method of claim 5, wherein performing data analysis on the risk assessment data sample according to a set risk analysis dimension to obtain the risk assessment result comprises:
according to set risk analysis dimensions, performing data analysis on the risk assessment data samples to obtain assessment result items corresponding to the set risk analysis dimensions;
and embedding the evaluation result items into corresponding display positions of a set evaluation display template to generate the risk evaluation result containing each evaluation result item.
7. An industrial risk assessment device, comprising:
the first configuration module is used for configuring and generating a physical industrial control simulation system based on networking information of industrial control equipment, wherein the physical industrial control simulation system comprises industrial control simulation equipment and a networking relation between the industrial control simulation equipment;
the second configuration module is used for configuring and generating an industrial control network virtual target range based on industrial control network control information; an industrial control network control system to be evaluated is configured in the industrial control network virtual target range;
the relation establishing module is used for establishing a data transmission relation between the industrial control network virtual target range and the physical industrial control simulation system;
and the risk evaluation module is used for executing risk evaluation operation under a set risk evaluation scene in the industrial control network virtual target range and the physical industrial control simulation system with the data transmission relation according to a risk evaluation task to generate a risk evaluation result.
8. The apparatus of claim 7, wherein the first configuration module is specifically configured to:
analyzing the networking information of the industrial control equipment, and determining the networking relation between the industrial control physical equipment and the industrial control physical equipment;
matching the industrial control simulation equipment corresponding to the industrial control physical equipment;
and configuring the networking relation between the industrial control simulation equipment and the industrial control simulation equipment to obtain the physical industrial control simulation system.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the steps of the method according to any of claims 1 to 6 are implemented when the computer program is executed by the processor.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211238912.3A CN115688112A (en) | 2022-10-11 | 2022-10-11 | Industrial control risk assessment method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211238912.3A CN115688112A (en) | 2022-10-11 | 2022-10-11 | Industrial control risk assessment method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115688112A true CN115688112A (en) | 2023-02-03 |
Family
ID=85064948
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211238912.3A Pending CN115688112A (en) | 2022-10-11 | 2022-10-11 | Industrial control risk assessment method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115688112A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117455228A (en) * | 2023-09-28 | 2024-01-26 | 永信至诚科技集团股份有限公司 | Evaluation method and device for network risk identification capability |
-
2022
- 2022-10-11 CN CN202211238912.3A patent/CN115688112A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117455228A (en) * | 2023-09-28 | 2024-01-26 | 永信至诚科技集团股份有限公司 | Evaluation method and device for network risk identification capability |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110225104B (en) | Data acquisition method and device and terminal equipment | |
| CN109918892B (en) | Verification code generation method and device, storage medium and computer equipment | |
| CN104321780B (en) | Devices, systems, and methods for monitoring and asserting trust level using persistent trust log | |
| CN110244963B (en) | Data updating method and device and terminal equipment | |
| WO2020164274A1 (en) | Network verification data sending method and apparatus, and storage medium and server | |
| CN107368996B (en) | Method/system for problem handling/supervision of field project, storage medium, terminal | |
| WO2016205151A1 (en) | Abusive traffic detection | |
| US10027692B2 (en) | Modifying evasive code using correlation analysis | |
| CN107368568A (en) | A kind of method, apparatus, equipment and storage medium for taking down notes generation | |
| CN115688112A (en) | Industrial control risk assessment method, device, equipment and storage medium | |
| CN111181771A (en) | Security changing abnormity positioning method and device based on fort machine and electronic equipment | |
| CN112667638B (en) | Dynamic report generation method and device, terminal equipment and readable storage medium | |
| CN115334698B (en) | Construction method, device, terminal and medium of target 5G safety network of target range | |
| US20080011819A1 (en) | Verification of hit testing | |
| CN105227528A (en) | To detection method and the device of the attack of Web server group | |
| CN114629682A (en) | Method, device, terminal and storage medium for allocating industrial control network target range | |
| CN114531294A (en) | Network anomaly sensing method and device, terminal and storage medium | |
| CN114629800A (en) | Visual generation method, device, terminal and storage medium for industrial control network target range | |
| CN115600199A (en) | Security assessment method and device, electronic equipment and computer readable storage medium | |
| CN113765924A (en) | Safety monitoring method, terminal and equipment based on cross-server access of user | |
| CN113922998A (en) | Vulnerability risk assessment method and device, electronic equipment and readable storage medium | |
| CN108985758B (en) | Data processing method, data processing system and terminal equipment | |
| CN111352357B (en) | Robot control method and device and terminal equipment | |
| CN112000559A (en) | Abnormal equipment detection method and device | |
| CN112947984A (en) | Application program development method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |