WO2014184942A1 - Système, dispositif et procédé de gestion de la sécurité - Google Patents

Système, dispositif et procédé de gestion de la sécurité Download PDF

Info

Publication number
WO2014184942A1
WO2014184942A1 PCT/JP2013/063749 JP2013063749W WO2014184942A1 WO 2014184942 A1 WO2014184942 A1 WO 2014184942A1 JP 2013063749 W JP2013063749 W JP 2013063749W WO 2014184942 A1 WO2014184942 A1 WO 2014184942A1
Authority
WO
WIPO (PCT)
Prior art keywords
security
security management
information
control system
protocol
Prior art date
Application number
PCT/JP2013/063749
Other languages
English (en)
Japanese (ja)
Inventor
直 齋藤
山田 勉
松本 典剛
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to PCT/JP2013/063749 priority Critical patent/WO2014184942A1/fr
Priority to JP2015516850A priority patent/JPWO2014184942A1/ja
Publication of WO2014184942A1 publication Critical patent/WO2014184942A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Definitions

  • the present invention includes control devices such as DCS (distributed control system) and PLC (Programmable Logic Controller) used for factory automation (FA) and process automation (PA), and SCADA (Supervisor Control Control). About the system.
  • DCS distributed control system
  • PLC Programmable Logic Controller
  • FA factory automation
  • PA process automation
  • SCADA Supervisor Control Control
  • a control device such as DCS or PLC or a control system such as SCADA is used for FA and PA.
  • security measures such as password setting are applied to such control devices and control systems.
  • Patent Document 1 Japanese Patent Application Laid-Open No. 2006-079498
  • Patent Document 1 discloses a technique for restricting communication of a terminal device to communication necessary for the security countermeasure treatment by transmitting a communication control instruction to the relay device when the terminal device requires a security countermeasure treatment. Has been. According to the description in Patent Document 1, this makes it possible to execute the security countermeasures remotely via the network in a state where the terminal device requiring the security countermeasures is isolated from the network.
  • Patent Document 1 discloses that “a security management device that performs security management for the terminal device via a relay device that controls communication of the terminal device, and device information of the terminal device is stored in the terminal device.
  • a receiving unit for receiving from the relay device via a relay device, and a measure determining unit for determining whether a security measure for the terminal device is necessary based on the device information of the terminal device received by the receiving unit;
  • a communication restriction for instructing the relay device to limit communication of the terminal device to communication with a security management device when the countermeasure determining unit determines that a security measure action is required for the terminal device;
  • An instruction generation unit that generates an instruction, and a transmission unit that transmits a communication restriction instruction generated by the instruction generation unit to the relay device. Characterized Rukoto "device is described.
  • the security management device of Patent Document 1 does not include means for configuring communication data with a VPN header. Therefore, when the security management device is applied to the control system, communication data cannot be sent from the remote security management device to the terminals constituting the control system through the external network.
  • the security management device disclosed in Patent Document 1 does not include a means for acquiring information on the devices constituting the control system. Therefore, in a state where the security management device is connected to the control system via an external network, the security management device cannot know the devices constituting the control system and the protocol used for the communication. A security management device that does not know the protocol used for communication cannot obtain security setting information by inquiring of the device.
  • An object of the present invention is to provide a technology that enables a security management apparatus to remotely acquire security setting information of devices constituting a control system via an external network.
  • a security management system is a security management system that performs security management of a control system including constituent devices, via a first network that is an external network of the control system.
  • a security management device that performs security management of the component device, and a second network that is a control network for connecting the component device of the control system is connected to the component device, and is connected to the security management device via the first network.
  • a communication agent device, and the security management device makes an inquiry to the communication agent device to obtain component device information, which is information about the component device in the control system, and a protocol used by the component device for communication.
  • Security information set in the component device by acquiring the protocol identification information that can be distinguished, and inquiring the component device using the protocol identified by the protocol identification information based on the component device information.
  • Security setting information that is information related to settings is acquired, and the communication agent device notifies the security management device of the component device information and the protocol identification information in response to an inquiry from the security management device. .
  • FIG. 1A It is a schematic block diagram of the security management system 1A by this embodiment. It is a schematic block diagram of 10 A of security management apparatuses by this embodiment. It is a block diagram which shows the structural example of the security management system 1 by Example 1.
  • FIG. It is a figure which shows an example of matching of a protocol and a flag.
  • 4 is a flowchart showing an operation procedure for the security management apparatus 10 to obtain and inspect security setting information of the components 32 to 35 of the control system 30.
  • FIG. 10 is a flowchart illustrating an operation procedure of the security management apparatus 10 according to the second embodiment. It is a schematic block diagram of the security management system in Example 3. It is a schematic block diagram of the security management system in Example 4. It is a schematic block diagram of the security management system in Example 5. It is a schematic block diagram of the security management system in Example 6. It is a schematic block diagram of the security management system in Example 7. It is a schematic block diagram of the security management system in Example 8. It is a schematic block diagram of the security management system in Example 9.
  • FIG. 1 is a schematic block diagram of a security management system 1A according to the present embodiment.
  • the security management system 1A is a system that performs security management of the component devices 32A and 33A included in the control system 30A disposed at the A site.
  • the control system 30A subject to security management includes, for example, a thermal power plant control system, a nuclear power plant control system, a steelworks control system, a chemical plant control system, a manufacturing plant control system, and a railway operator control. System, etc.
  • One security management system 1A may be a control system 30A for a plurality of sites, and a plurality of types of control systems 30A may be targets for security management.
  • the security management system 1A includes a security management device 10A and a communication agent device 31A.
  • the component devices 32A and 33A here are, for example, field devices and controllers of the A site.
  • the security management device 10A and the control system 30A are connected to an external network 40 such as the Internet. In general, the control system 30A is connected to the external network 40 via a firewall (not shown).
  • the security management device 10A is a device that performs security management of the component devices 32A and 33A via the external network 40.
  • the security management device 10A makes an inquiry to the communication agent device 31A, thereby making it possible to identify component device information that is information related to the component devices 32A and 33B in the control system 30A and protocol identification information that can identify the protocol used by the component devices 32A and 33B for communication. And get. Furthermore, the security management device 30A uses the protocol identified by the protocol identification information based on the component device information to make an inquiry to the component devices 32A and 33A, thereby relating to the security settings set in the component devices 32A and 33B. Get security setting information that is information.
  • the communication agent device 31A is a device that is connected to the configuration devices 32A and 33A via the control network 36A that connects the configuration devices 32A and 33A of the control system 30A, and is connected to the security management device 10A via the external network 40.
  • the communication agent device 31A In response to the inquiry from the security management device 10A, the communication agent device 31A notifies the security management device 10A of the component device information and the protocol identification information.
  • the communication agent device 31A connected to the component devices 32A and 33A in the control network 36A sends information such as the configuration of the component devices 32A and 33A in the control system 30A to the security management device 10A. Since the notification is made, the security management apparatus 10A can remotely acquire the security setting information of the constituent devices 32A and 33A constituting the control system 30A via the external network 40.
  • the security management apparatus 10A may hold in advance a protocol information management database in which the manufacturer and model of the component devices 32A and 33A are associated with protocol information indicating the protocol used by the component devices 32A and 33A.
  • the communication agent device 31A notifies the security management device 10A of at least one of the manufacturer and model of the configuration devices 32A and 33A as the protocol identification information of the configuration devices 32A and 33A, and the security management device 10A is notified.
  • the protocol used by the component devices 32A and 33A may be identified by referring to the protocol information management database based on at least one of the manufacturer and model.
  • the security management apparatus 10A can easily identify the protocols of the various types of component devices 32A and 33A of various manufacturers.
  • the security management device 10A and the communication agent device 31A may construct a virtual private network via the external network 40.
  • the security management apparatus 10A transmits a security setting inquiry message for inquiring the security setting information to the component devices 32A and 33A with a virtual private network header including a display of the protocol used in the message.
  • the communication agent device 31A terminates the virtual private network header and transmits a security setting inquiry message to the constituent devices 32A and 33A.
  • the component devices 32A and 33A that have received the security setting inquiry message transmit a security setting response message indicating the security setting set in the own device as a response thereto.
  • the communication agent device 31A receives the security setting response message from the component devices 32A and 33A, and adds a virtual private network header including a display of the protocol used by each component device 32A and 33A to the security setting response message. To send.
  • the security management device 10A terminates the virtual private network header and acquires a security setting response message.
  • the security management apparatus 10A can acquire the security setting by secure communication through the virtual private network.
  • security management device 10A and the communication agent device 31A further communicate with the external network 40 or relay the relay network between the external network 40 and the control system 30A to the message with the virtual private network header added ( A header for communicating (not shown) may be added and transmitted.
  • the security management apparatus 10A may hold in advance a security setting information management database including recommended setting values indicating recommended conditions for security settings. In that case, the security management apparatus 10A can check the security setting information acquired from the component devices 32A and 33A by referring to the security setting information management database. For example, if the security setting matches the recommended setting value, it can be determined that the security setting is good.
  • the security management apparatus 10A can easily inspect the security setting information by referring to the security setting information management database.
  • the security management apparatus 10A updates the security settings of the component devices 32A and 33A if the security setting information does not satisfy the recommended conditions. Good.
  • the security management apparatus 10A can remotely update the security setting.
  • FIG. 2 is a schematic block diagram of the security management apparatus 10A according to the present embodiment.
  • the determination unit 17A connects to the configuration devices 32A and 33A via the control network 36A, and inquires of the communication agent device 31A connected via the external network 40, thereby configuring the configuration device information and the configuration regarding the configuration devices 32A and 33A in the control system 30A. Protocol identification information that can identify a protocol used by the devices 32A and 33A for communication is acquired.
  • the communication unit 11A communicates with the component devices 32A and 33A using the protocol identified by the protocol identification information.
  • the management unit 15A uses the communication with the component devices 32A and 33A by the communication unit 11A and inquires of the component devices 32A and 33A based on the component device information, and thereby relates to the security setting set in the component devices 32A and 33A. Get security setting information.
  • FIG. 3 is a block diagram showing a configuration example of the security management system 1 according to the present embodiment.
  • the security management device 10 is connected to the external network 40.
  • the external network 40 is a network connected to a plurality of sites such as an A site and a B site.
  • the external network 40 may be the Internet.
  • the external network 40 may be another public line or an in-house dedicated line.
  • the latest security settings are reflected in the managed devices 32 to 35 in the control system 30 by performing centralized security management based on the latest security risk information obtained from other sites and media. It is possible to obtain an effect that it is possible to reduce the time required until the time is reached and an effect that the reliability is improved.
  • the devices to be managed are exemplified as controllers 32 and 33 and field devices 34 and 35. These devices may be devices provided by different vendors.
  • the controller 32 is provided from the vendor X1
  • the controller 33 is provided from the vendor X2
  • the field device 34 is provided from the vendor Y1
  • the field device 35 is provided from the vendor Y2. Yes.
  • an inter-network relay device 20 In the A site connected from the external network 40, an inter-network relay device 20, a control system 30, and firewalls (FW) 41 and 42 for ensuring the security of the internal network of the A site are arranged. .
  • the communication data (3) is once transferred to the inter-network relay device 20 via the FW 41 as shown in the communication data (3) in the figure.
  • the inter-network relay device 20 identifies the data configuration and protocol of the communication data (3), and converts the header of the communication data (3) from the header 3 for the external network 40 to the header 2 for the internal network.
  • the communication data (2) is transferred to the control system 30 via the FW.
  • the inter-network relay device 20 identifies the data configuration and protocol of the communication data (2), and uses the header of the communication data (2) from the header 2 for the internal network.
  • the communication data (3) is converted into the header 3 for the external network 40 and transferred to the external network 40 via the FW 41.
  • the internal processing of the inter-network relay device 20 is communication data (3) received by the communication control unit 21 and received from the external network 40 by the header determination unit 23 or from the internal network. It is determined whether it is communication data (2).
  • the header conversion unit 22 converts the header 3 of the communication data (3) into the header 2 to convert the communication data (3) into the communication data (2 ).
  • the header conversion unit 22 converts the header 2 of the communication data (2) into the header 3 to convert the communication data (2) into the communication data. Convert to (3). Thereby, it becomes possible to communicate with each other via the inter-network relay device 20 between the external network 40 and the control system 30.
  • control system 30 It is important for the control system 30 to guarantee stable operation 24 hours a day, 365 days a year, and high security is ensured by restricting access from the external network 40.
  • FWs 41 and 42 are provided to restrict accessible communication data. Thereby, by installing the inter-network relay device 20, communication between the external network 40 and the control system 30 is enabled, and the reliability of the control system 30 can be guaranteed.
  • the control system 30 includes a multi-protocol VPN agent 31, controllers 32 and 33, field devices 34 and 35, and the like.
  • the multi-protocol VPN agent 31 and the controllers 32 and 33 are mutually connected by a control network 36.
  • the controllers 32 and 33 and the field devices 34 and 35 are connected by a field bus.
  • the targets of security management by the security management apparatus 10 are the controllers 32 and 33 and the field devices 34 and 35 in the control system 30.
  • the controllers 32 and 33 and the field devices 34 and 35 are exemplified, but other devices such as a DCS (distributed control system), a PLC (programmable logic controller), a sensor, and an actuator, for example. May be a security management target.
  • the multi-protocol VPN agent 31 When the multi-protocol VPN agent 31 receives the communication data (2), it analyzes the header and determines whether or not the communication data should be transferred to the controllers 32 and 33. If the communication data is to be transferred to the controllers 32 and 33, the multi-protocol VPN agent 31 deletes the header 2 and the flagged VPN header from the communication data (2), and converts it to communication data (1). To do. Then, the multi-protocol VPN agent 31 transfers the communication data (1) to the controllers 32 and 33 via the control network 36.
  • the communication data (1) is communication data to be transferred to the field devices 34 and 35
  • the communication data (1) is transferred from the controllers 32 and 33 to the field devices 34 and 35 via the field bus. Is done.
  • the field path here refers to a communication path between the controller 32 and the field device 34 and a communication path between the controller 33 and the field device 35.
  • the multi-protocol VPN agent 31 does not convert or transfer the communication data (2) to the communication data (1).
  • the multi-protocol VPN agent 31 checks the communication data (1) received by the communication control unit 312 with the information of the management system configuration management unit 311.
  • the protocol determination unit 313 determines the protocol.
  • the flag generation unit 314 generates a flag corresponding to the protocol obtained by the above determination, and generates a flag-added VPN header to which the flag is added.
  • the header conversion unit 315 converts the communication data (1) into the communication data (2) by adding the header 2 and the flagged VPN header required for the communication data (2) to the communication data (1).
  • the communication control unit 312 transfers the communication data (2) to the inter-network relay device 20.
  • Ethernet (Ethernet (registered trademark)) is mainly used as an information network. Therefore, the protocol encapsulated using the VPN (virtual private network) protocol is limited to Ethernet-based IP (Internet Protocol). However, the protocols actually used in the control network 36 are not limited to Ethernet and IP protocols, and there are a plurality of various protocols such as Profibus (registered trademark) and HART (registered trademark). Therefore, when the communication data is encapsulated by the VPN protocol, a flag indicating the protocol is added to the header so that the receiving side can identify which protocol of the communication data is encapsulated.
  • VPN virtual private network
  • HART registered trademark
  • the flag is stored as part of the VPN header with flag.
  • the flag is composed of 3 bits. It is possible to identify the protocol encapsulated by the flag, such as the flag 000 for Ethernet, the flag 001 for Profibus, the flag 010 for HART, and the flag 011 for Fieldbus. In this way, by adding a flag so that a protocol can be identified, even if the components 32 to 35 of the control system 30 to be managed in the security management apparatus 10 use different protocols, the security is collectively managed. It becomes possible to manage. As a result, the components 32 to 35 of the control system 30 at a plurality of sites can be easily managed, and the cost and time required for security management can be reduced.
  • FIG. 5 is a flowchart showing an operation procedure for the security management apparatus 10 to acquire and inspect the security setting information of the components 32 to 35 of the control system 30.
  • the security management apparatus 10 starts operating.
  • the security management apparatus 10 transmits control system configuration inquiry communication data (message) to the multi-protocol VPN agent 31 of the control system 30.
  • Fig. 6 shows the transfer route of the control system configuration inquiry data.
  • the security management device 10 outputs control system configuration inquiry communication data from the control system configuration determination unit 17.
  • the control system configuration inquiry communication data reaches the A site via the external network 40, and is received by the multi-protocol VPN agent 31 via the FW 41, the inter-network relay device 20, and the FW 42.
  • control system configuration inquiry communication data is collated with the device information of the control system 30 stored in the control system configuration management unit 311 by the communication control unit 312.
  • the security management device 10 Since the security management device 10 is connected to the external network 40, it is difficult to know the device configuration in the control system 30 in advance. In particular, when the configuration in the control system 30 is changed, it is necessary to obtain information on the device configuration in advance in order to perform security management, but this is difficult.
  • the security management device 10 is located at the position of the multi-protocol VPN agent 31, that is, in the control system 30 at the A site and directly connected to the control network 36, the security management device 10 10 and the controllers 32 and 33 which are management target devices are physically connected by the control network 36. Therefore, it is possible for the security management apparatus 10 to easily acquire the control system component device information directly.
  • the security management apparatus 10 since the security management apparatus 10 is connected to the controllers 32 and 33 via the external network 40, it is not possible to directly acquire the control system component device information. Therefore, the security management device 10 transmits the control system configuration inquiry communication data and acquires the control system configuration device information, thereby realizing the same function as when the security management device 10 is connected to the control network 36. It is possible to do.
  • the remote security management device 10 can centrally manage the control systems 30 of a plurality of sites such as the A site and the B site, and the security management device Similarly to the case of being directly connected to the control network 36, it is possible to acquire the control system constituent device information in the control system 30, and the security management efficiency can be improved.
  • control system configuration device information is output from the control system configuration management unit 311 in the multi-protocol VPN agent 31 via the communication control unit 312, via the control network 36 via the FW 42, the inter-network relay device 20, and the FW 41, The information is received by the control system configuration determination unit 17 in the security management apparatus 10 via the external network 40.
  • the received control system component device information is input to the multi-vendor protocol information management DB (database) 14 and the security setting information management DB 13 in the security management apparatus 10 and stored in the multi-vendor protocol information management DB 14. It is collated with the vendor protocol information and the security setting information stored in the security setting information management DB 13.
  • FIG. 14 A configuration example of the multi-vendor protocol information management DB 14 is shown in FIG.
  • the device information included in the control system component device information includes information indicating the manufacturer and model. Based on the information, the protocol used in the control network 36 can be identified. For example, if the manufacturer is M1 and the model is KA1, it can be seen from FIG. 8 that the protocol is Ethernet.
  • FIG. 9 shows a configuration example of the security setting information management DB 13.
  • the device information included in the control system component device information includes information indicating the manufacturer and model, and the security setting information of the component device can be identified by referring to the security setting information management DB 13 based on the information. It is. For example, when the manufacturer is M1 and the model is KA1, it can be seen from FIG. 9 that the security setting information includes settings A1, A2, and A3.
  • the setting A1 is password length setting information as an example of security setting information.
  • Other examples of security setting information may include password update periods and other security related information.
  • the multi-vendor protocol information management DB 14 and the security setting information management DB 13 shown here are examples of configurations, and other configurations may be used.
  • the security management apparatus 10 holds the database corresponding to various devices in advance, so that even when the configuration devices 32 to 35 in the control system 30 are changed or newly added, the security is maintained as it is. There is an effect that the management apparatus 10 can cope with it. Further, it is possible to easily add a C site as a new site and add the components 32 to 35 in the control system 30 of the C site to the management target of the security management apparatus 10. In addition, since the database can be centrally managed by the security management apparatus 10, it is possible to reduce hardware and storage capacity for the database as compared with the case where the database is separately arranged for each site. Thus, there is an effect that the cost can be reduced and the update period can be shortened.
  • the security management apparatus 10 determines whether or not there is a configuration device to be inspected for security settings for the control system configuration device information. For example, a determination method may be considered in which component devices whose device information exists in the multi-vendor protocol information management DB 14 and the security setting information management DB 13 are inspection targets.
  • step S07 If there is no device to be inspected (No), the process ends (step S07). If there is a device to be inspected (Yes), the security management apparatus 10 executes the following processing as step S04.
  • the security management device 10 transmits security setting communication data from the security management device 10 based on the acquired device information.
  • the security setting communication data is communication data for inquiring the security setting to the component devices 32 to 35 of the control system 30. For example, it corresponds to a message for inquiring how many characters are in the password.
  • FIG. 1 An example of the location of the security setting communication data transfer path is shown in FIG. 1
  • the security setting communication unit 11 in the security management device 10 configures security setting communication data including the header 1 and data from the information of the designated security setting information management DB 13 based on the control system constituent device information. For example, in FIG. 9, since the manufacturer A is M1 and the model is KA1, the password character number setting A1 is associated, so that security setting communication data for inquiring the password character number is configured.
  • the multi-protocol VPN communication unit 12 generates a flag-added VPN header from information in the designated multi-vendor protocol information management DB 14 based on the control system component device information, and adds it to the security setting communication data to add the VPN communication data.
  • a flag indicating Ethernet is added to the flagged VPN header.
  • the external network communication unit 18 forms external network communication data by generating the header 3 and adding it to the VPN communication data.
  • the security setting communication data is encapsulated as external network communication data, input to the A site via the external network 40, and communication data (2) via the FW 41, the inter-network relay device 20, and the FW 42. And is once received by the multi-protocol VPN agent 31. Then, the multi-protocol VPN agent 31 converts the communication data (2) into the communication data (1) and sends it to the controllers 32 and 33.
  • the controllers 32 and 33 configure the security setting information setting value as new communication data (1) data based on the security setting information included in the data portion of the received communication data (1) and send it back. For example, if the received communication data (1) inquires about the number of password characters, the controllers 32 and 33 generate communication data (1) including the number of characters of the password set in the own device.
  • the communication data transfer path from the controllers 32 and 33 is shown in FIG.
  • Communication data (1) is received by the multi-protocol VPN agent 31, where it is converted from communication data (1) to communication data (2) and output. Since the communication data conversion process in the multi-protocol VPN agent 31 is the same as described above, the description thereof is omitted here.
  • the communication data (2) is converted into communication data (3) by changing the header via the FW 42, the inter-network relay device 20, and the FW 41.
  • the communication data (3) is transferred to the security management device 10 via the external network 40. Received (step S05).
  • the communication data (3) received by the external network communication unit 18 in the security management device 10 is VPN communication data with the header 3 removed. Further, the protocol determination unit 16 determines the protocol with reference to the flagged VPN header.
  • the security setting inspection unit 15 compares the setting value of the security setting information included in the data with the recommended setting value stored in the security setting information management DB, and checks whether the security setting value of the target device is correct. (Step S06). For example, it is checked whether the number of password characters included in the security setting information is equal to or greater than the number of password characters set as the recommended setting value.
  • step S06 the security management apparatus 10 returns to step S03, and repeats the same processing (steps S04, S05, S06) until there is no device to be inspected for security settings.
  • step S07 the security management apparatus 10 ends the operation (step S07).
  • the operation procedure of the security management apparatus 10 has been described above. Based on such an operation procedure, the security management apparatus 10 can be remotely installed via the external network 40, and the human and physical costs required for security management can be reduced. The effect can be obtained.
  • the DB information installed remotely is updated based on the latest security setting information, and the It is easy to reflect in the security settings of the control system, and the effect of shortening the time until reflection can be obtained.
  • the security management apparatus 10 that performs security collective management performs security management based on the latest security setting information, so that the reliability of the control system 30 can be improved and the availability of the control system 30 can be improved. The effect that there is.
  • the security management apparatus 10 when the security setting information does not satisfy the recommended condition as a result of the inspection of the security setting information, the security management apparatus 10 has a function of updating the security setting to satisfy the recommended condition. This is different from the first embodiment. That is, a new operation procedure in the security management apparatus 10 is added to the security management system 1 of the present embodiment.
  • the basic configuration of the security management apparatus 10 in the security management system 1 of the present embodiment is the same as that of the first embodiment. Here, an operation procedure different from that of the first embodiment will be described.
  • FIG. 12 is a flowchart illustrating an operation procedure of the security management apparatus 10 according to the second embodiment.
  • the same steps as those shown in FIG. Steps S08, S09, and S10 are steps newly added in FIG.
  • the description will be focused on the newly added portion.
  • the security management apparatus 10 determines whether or not the security setting values of the component devices 32 to 35 to be managed are appropriate as a result of checking the security setting information in step S06 (step S08).
  • step S08 If the security setting value is appropriate (Yes in step S08), the security management apparatus 10 returns to step S03 without doing anything.
  • the security setting update data is data for updating the security setting to an appropriate setting. For example, if the number of password characters is insufficient, a password having a sufficient number of characters may be sent as the security setting update data. At this time, the security setting update data is transferred through the same route as the security setting communication data shown in FIG.
  • the security setting update result is output from the controllers 32 and 33 and transferred through the same route as the security setting information setting value shown in FIG. It is received by the security management device 10 (step S10).
  • the security management apparatus 10 that has received the security setting update result returns to step S03 after confirming the security setting update result, and repeats the same processing.
  • the operation procedure of the security management device 10 in the second embodiment has been described above. By executing the operation procedure based on the second embodiment shown here, it is possible to update the security setting value of the security management target device to an appropriate value. The effect that it becomes possible to improve the reliability of the apparatus and system which comprise the control system 30 is acquired.
  • FIG. 13 is a schematic block diagram of a security management system according to the third embodiment.
  • Example 3 illustrates a case where the above-described security management device 10 is applied to security management in the control system 30 of the thermal power plant.
  • Thermal power plants are arranged at a plurality of sites, and the above-described security management device 10 arranged remotely via the external network 40 collectively manages the security settings of the control system 30 at each site.
  • the external network 40 is connected to thermal power plants at a plurality of sites such as a thermal power plant A site, a B site, and a C site.
  • the security management device 10 is connected to these thermal power plants via an external network 40.
  • various components 32 to 35 such as a controller constituting the control system 30 and a multi-protocol VPN agent 31 are arranged.
  • the security management device 10 makes an inquiry to the multi-protocol VPN agent 31 of each site via the external network 40 to grasp the component devices 32 to 35 of each site, and makes an inquiry to each component device 32 to 35 to set each security setting. Get it and inspect it.
  • Example 3 the management of security settings for a plurality of thermal power plant sites in Example 3 has been described.
  • the configuration based on the present embodiment it becomes possible to easily manage the security settings of a plurality of sites of the thermal power plant, and it is possible to improve the reliability.
  • FIG. 14 is a schematic block diagram of a security management system according to the fourth embodiment.
  • Example 4 illustrates a case where the security management device 10 described above is applied to security management in the control system 30 of the nuclear power plant.
  • the nuclear power plants are arranged at a plurality of sites, and the above-described security management device 10 arranged remotely via the external network 40 collectively manages the security settings of the control system 30 at each site.
  • the external network 40 is connected to nuclear power plants at a plurality of sites such as a nuclear power plant A site, a B site, and a C site.
  • the security management apparatus 10 is connected to these nuclear power plants via an external network 40.
  • various components 32 to 35 such as a controller constituting the control system 30 and a multi-protocol VPN agent 31 are arranged.
  • the security management device 10 makes an inquiry to the multi-protocol VPN agent 31 of each site via the external network 40 to grasp the component devices 32 to 35 of each site, and makes an inquiry to each component device 32 to 35 to set each security setting. Get it and inspect it.
  • Example 4 The management of security settings for a plurality of sites of the electronic power plant in Example 4 has been described above. By using the configuration based on the present embodiment, it is possible to easily manage the security settings of a plurality of sites of the nuclear power plant, and it is possible to improve the reliability.
  • FIG. 15 is a schematic block diagram of a security management system according to the fifth embodiment.
  • Example 5 illustrates a case where the above-described security management apparatus 10 is applied to security management in the steelworks control system 30.
  • Steelworks are arranged at a plurality of sites, and the above-described security management device 10 arranged remotely via the external network 40 collectively manages the security settings of the control system 30 at each site.
  • the external network 40 is connected to steelworks of a plurality of sites such as a steelworks A site, a B site, and a C site.
  • the security management device 10 is connected to these steelworks via an external network 40.
  • various components 32 to 35 such as a controller constituting the control system 30 and a multi-protocol VPN agent 31 are arranged.
  • the security management device 10 makes an inquiry to the multi-protocol VPN agent 31 of each site via the external network 40 to grasp the component devices 32 to 35 of each site, and makes an inquiry to each component device 32 to 35 to set each security setting. Get it and inspect it.
  • Example 5 As described above, the management of security settings for a plurality of steelworks sites in Example 5 has been described. By using the configuration based on the present embodiment, it is possible to easily manage the security settings of a plurality of sites in the steelworks, and the effect that the reliability can be improved can be obtained.
  • FIG. 16 is a schematic block diagram of a security management system according to the sixth embodiment.
  • Example 6 illustrates the case where the above-described security management apparatus 10 is applied to security management in the control system 30 of the chemical plant.
  • the chemical plants are arranged at a plurality of sites, and the above-described security management device 10 arranged remotely via the external network 40 collectively manages the security settings of the control system 30 at each site.
  • the external network 40 is connected to chemical plants at a plurality of sites such as a chemical plant A site, a B site, and a C site.
  • the security management apparatus 10 is connected to these chemical plants via an external network 40.
  • various components 32 to 35 such as a controller constituting the control system 30 and a multi-protocol VPN agent 31 are arranged.
  • the security management device 10 makes an inquiry to the multi-protocol VPN agent 31 of each site via the external network 40 to grasp the component devices 32 to 35 of each site, and makes an inquiry to each component device 32 to 35 to set each security setting. Get it and inspect it.
  • Example 6 The management of security settings for a plurality of chemical plant sites in Example 6 has been described above. By using the configuration based on the present embodiment, it is possible to easily manage the security settings of a plurality of sites in the chemical plant, and it is possible to improve the reliability.
  • FIG. 17 is a schematic block diagram of a security management system according to the seventh embodiment.
  • Example 7 illustrates a case where the above-described security management device 10 is applied to security management in the control system 30 of the manufacturing factory.
  • Manufacturing factories are arranged at a plurality of sites, and the above-described security management apparatus 10 arranged remotely via the external network 40 collectively manages the security settings of the control system 30 at each site.
  • the external network 40 is connected to a plurality of manufacturing factories such as a manufacturing factory A site, a B site, and a C site.
  • the security management apparatus 10 is connected to these manufacturing factories via the external network 40.
  • various components 32 to 35 such as a controller constituting the control system 30 and a multi-protocol VPN agent 31 are arranged.
  • the security management device 10 makes an inquiry to the multi-protocol VPN agent 31 of each site via the external network 40 to grasp the component devices 32 to 35 of each site, and makes an inquiry to each component device 32 to 35 to set each security setting. Get it and inspect it.
  • the management of security settings for a plurality of sites in the manufacturing factory according to the seventh embodiment has been described.
  • the configuration based on the present embodiment it is possible to easily manage the security settings of a plurality of sites in the manufacturing factory, and it is possible to improve the reliability.
  • FIG. 18 is a schematic block diagram of a security management system according to the eighth embodiment.
  • Example 3 illustrates a case where the security management device 10 described above is applied to security management in the control system 30 of the railway operator.
  • the railway operator's facilities are arranged at a plurality of sites, and the above-described security management apparatus 10 arranged remotely via the external network 40 collectively manages the security settings of the control system 30 at each site. is there.
  • the external network 40 is connected to facilities of a plurality of sites such as a railway operator A site, a B site, and a C site.
  • the security management apparatus 10 is connected to these facilities via the external network 40.
  • various components 32 to 35 such as a controller constituting the control system 30 and a multi-protocol VPN agent 31 are arranged.
  • the security management device 10 makes an inquiry to the multi-protocol VPN agent 31 of each site via the external network 40 to grasp the component devices 32 to 35 of each site, and makes an inquiry to each component device 32 to 35 to set each security setting. Get it and inspect it.
  • Example 8 the management of security settings for a plurality of sites of the railway operator in Example 8 has been described.
  • the configuration based on the present embodiment it is possible to easily manage the security settings of a plurality of sites of the railway operator, and it is possible to improve the reliability.
  • FIG. 19 is a schematic block diagram of a security management system according to the ninth embodiment.
  • Example 9 illustrates a case where the above-described security management device 10 is applied to security management in a control system 30 of a plurality of different types of sites such as a thermal power plant, a nuclear power plant, and a steel plant.
  • a thermal power plant, a nuclear power plant, and a steel plant are arranged at each of a plurality of sites, and the above-described security management device 10 that is remotely arranged via the external network 40 sets the security settings of the control system 30 at each site. It is to manage all at once.
  • the external network 40 is connected to facilities at a plurality of sites such as a thermal power plant A site, a nuclear power plant B site, and a steel mill C site.
  • the security management apparatus 10 is connected to these facilities via the external network 40.
  • various components 32 to 35 such as a controller constituting the control system 30 and a multi-protocol VPN agent 31 are arranged.
  • the security management device 10 makes an inquiry to the multi-protocol VPN agent 31 of each site via the external network 40 to grasp the component devices 32 to 35 of each site, and makes an inquiry to each component device 32 to 35 to set each security setting. Get it and inspect it.
  • Example 8 The management of security settings for a plurality of sites such as a thermal power plant, a nuclear power plant, and a steel plant in Example 8 has been described above. By using the configuration based on the present embodiment, it is possible to easily manage the security settings of a plurality of different types of sites and to improve the reliability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un dispositif de gestion de la sécurité qui envoie une demande à un dispositif d'agent de communication et obtient ainsi des informations de dispositif constitutif, c'est-à-dire des informations se rapportant à un dispositif constitutif dans un système de commande et des informations d'identification de protocole qui permettent d'identifier un protocole utilisé par le dispositif constitutif permettant de communiquer ; et qui utilise le protocole qui est identifié au moyen des informations d'identification de protocole pour envoyer une demande au dispositif constitutif sur la base des informations de dispositif constitutif et obtenir ainsi des informations de paramètres de sécurité, c'est-à-dire des informations se rapportant à un paramètre de sécurité qui est défini dans le dispositif constitutif. Le dispositif d'agent de communication reçoit la demande du dispositif de gestion de la sécurité et rapporte les informations de dispositif constitutif et les informations d'identification de protocole au dispositif de gestion de la sécurité.
PCT/JP2013/063749 2013-05-17 2013-05-17 Système, dispositif et procédé de gestion de la sécurité WO2014184942A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2013/063749 WO2014184942A1 (fr) 2013-05-17 2013-05-17 Système, dispositif et procédé de gestion de la sécurité
JP2015516850A JPWO2014184942A1 (ja) 2013-05-17 2013-05-17 セキュリティ管理システム、装置、および方法

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2013/063749 WO2014184942A1 (fr) 2013-05-17 2013-05-17 Système, dispositif et procédé de gestion de la sécurité

Publications (1)

Publication Number Publication Date
WO2014184942A1 true WO2014184942A1 (fr) 2014-11-20

Family

ID=51897947

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2013/063749 WO2014184942A1 (fr) 2013-05-17 2013-05-17 Système, dispositif et procédé de gestion de la sécurité

Country Status (2)

Country Link
JP (1) JPWO2014184942A1 (fr)
WO (1) WO2014184942A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017212804A (ja) * 2016-05-25 2017-11-30 田淵電機株式会社 通信制御装置、管理装置、通信制御システム並びに通信制御装置の通信制御方法及び通信制御プログラム

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005184836A (ja) * 2003-12-19 2005-07-07 Microsoft Corp ファイアウォールサービスを管理するためのオブジェクトモデル
JP2010020777A (ja) * 2008-07-14 2010-01-28 Safenet Inc ゼロ−インストールipセキュリティ
JP2011522326A (ja) * 2008-05-27 2011-07-28 マイクロソフト コーポレーション 分散セキュアコンテンツ管理システムに対する認証

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005184836A (ja) * 2003-12-19 2005-07-07 Microsoft Corp ファイアウォールサービスを管理するためのオブジェクトモデル
JP2011522326A (ja) * 2008-05-27 2011-07-28 マイクロソフト コーポレーション 分散セキュアコンテンツ管理システムに対する認証
JP2010020777A (ja) * 2008-07-14 2010-01-28 Safenet Inc ゼロ−インストールipセキュリティ

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017212804A (ja) * 2016-05-25 2017-11-30 田淵電機株式会社 通信制御装置、管理装置、通信制御システム並びに通信制御装置の通信制御方法及び通信制御プログラム

Also Published As

Publication number Publication date
JPWO2014184942A1 (ja) 2017-02-23

Similar Documents

Publication Publication Date Title
US11700232B2 (en) Publishing data across a data diode for secured process control communications
US10270745B2 (en) Securely transporting data across a data diode for secured process control communications
US11012256B2 (en) Connection unit, monitoring system and method for operating an automation system
US10257163B2 (en) Secured process control communications
JP7098287B2 (ja) プロセス制御通信アーキテクチャ
JP5035480B1 (ja) データ中継装置、データ送信装置、ネットワークシステム
JP5844944B2 (ja) 情報制御装置、情報制御システム、及び情報制御方法
JP2022046438A (ja) 制御およびオートメーションシステムのための通信システムにおけるネットワークリソース管理
US9797552B2 (en) Diagnostics and enhanced functionality for single-wire safety communication
US10073429B2 (en) Method, computation apparatus, user unit and system for parameterizing an electrical device
CN105278327A (zh) 工业控制系统冗余通信/控制模块认证
JP2022046424A (ja) 制御およびオートメーションシステムで使用するための高多用途フィールドデバイスおよび通信ネットワーク
JP2022046437A (ja) 制御およびオートメーションシステムにおける高多用途フィールドデバイスのためのパブリッシュ・サブスクライブ通信アーキテクチャ
JP2022046423A (ja) 制御およびオートメーションシステムにおける高多用途フィールドデバイスおよび通信ネットワークの実装に使用するためのセキュリティシステム
JP2022046436A (ja) 制御およびオートメーションシステムにおける高多用途フィールドデバイスのためのノード通信ネットワークのノード管理
EP3229439A1 (fr) Passerelle sécurisée
WO2014184942A1 (fr) Système, dispositif et procédé de gestion de la sécurité
CN115280729A (zh) 建立工业终端设备与以太网络之间的时间敏感通信
WO2022201034A1 (fr) Mise en service de noeuds de contrôle réparti
JP2019140515A (ja) プログラム作成装置およびプログラム作成方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13884899

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2015516850

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13884899

Country of ref document: EP

Kind code of ref document: A1