Article(id=1242140911531008191, tenantId=1146029695717560320, journalId=1146031591421210625, issueId=1242140865905373753, articleNumber=null, orderNo=null, doi=10.3981/j.issn.1000-7857.2024.01.021, pmid=null, cstr=null, oa=null, hot=null, price=null, onlineType=0, articleFormat=0, articleType=null, articleTypeStr=null, receivedDate=1703692800000, receivedDateStr=2023-12-28, revisedDate=1704297600000, revisedDateStr=2024-01-04, acceptedDate=null, acceptedDateStr=null, onlineDate=1712592000000, onlineDateStr=2024-04-09, pubDate=1705075200000, pubDateStr=2024-01-13, doiRegisterDate=null, doiRegisterDateStr=null, onlineIssueDate=1712592000000, onlineIssueDateStr=2024-04-09, onlineJustAcceptDate=null, onlineJustAcceptDateStr=null, onlineFirstDate=null, onlineFirstDateStr=null, sourceXml=null, magXml=null, createTime=1774079071168, creator=sys-migrate, updateTime=1774079071168, updator=sys-migrate, issue=Issue{id=1242140865905373753, tenantId=1146029695717560320, journalId=1146031591421210625, year='2024', volume='42', issue='1', pageStart='1', pageEnd='328', issueExtLink='null', onlineDate='null', pubDate='1705075200000', pubDateStr='2024-01-13', beforeIssueId=null, nextIssueId=null, price=null, status=1, issueComplete=1, articleOrder=3, issueType=-1, specialIssue=null, createTime=1774079060289, creator='sys-migrate', updateTime=1774079060289, updator='sys-migrate', preIssue=null, nextIssue=null, articleTotal=null, ext=null, issueFiles=null, downloadFileDto=null}, startPage=314, endPage=328, ext={EN=ArticleExt(id=1242140915289104594, articleId=1242140911531008191, tenantId=1146029695717560320, journalId=1146031591421210625, language=EN, title=Hotspots of industrial control system security in 2023, columnId=1242140877192245888, journalTitle=Science & Technology Review, columnName=Exclusive: Science and Technology Review in 2023, runingTitle=null, highlight=null, articleAbstract=In 2023 the ransomware virus still threatened the security of global industrial control systems(ICSs), intensified geopolitical conflicts made the ICS become an important battlefield for hostile cyberattacks, and the supply chain once again became the soft underbelly of ICSs. Fortunately, much more attention was paid to ICS security and large-scale exercises were carried out by countries worldwide. Besides, there were many documents launched by authorities for ICS policies and standards.For techniques, vulnerabilities were newly found and the defense approaches were evolving. Specifically, the software and hardware vulnerabilities were still the unavoidable weakness of ICSs. The“living-off-the-land attack”did not use vulnerabilities but enabled“low-cost, big threat”operations over ICSs. Besides, there were novel attacks such as deep lateral move attack on the control level, the PLC ransomware virus, and the attack toolkit Pipedream. Security vendors and research institutions launched security-specific monitoring platforms for ICSs, produced the trustful DCS, developed the forensics tools, proposed the lightweight cryptographic algorithms, and designed zero trust mechanism sensors. The idea of“secure by design”was gradually taken into the design of ICSs. There were also advanced researches on runtime PLC security testing, protocol implementation correctness testing, protocol reverse analysis, and attack detection. The emerging technologies, such as artificial intelligence,digital twin, and large language model, brought opportunities to the ICS security. Moreover, the ICS security had spillover to satellite systems, and the Europe and US began to prepare for the battlefield of cyber warfare in the space., authors=CHENG Peng1 , ZHANG Zhenyong2 , CHE Xin1 , CHEN Jiming1 , authorsList=CHENG Peng, ZHANG Zhenyong, CHE Xin, CHEN Jiming, authorCompany=1. State Key Laboratory of Industrial Control Technology, College of Control Science and Engineering, Zhejiang University, Hangzhou 310027, China;1 , 张镇勇2 , 车欣1 , 陈积明1 , authorsList=程鹏, 张镇勇, 车欣, 陈积明, authorCompany=1. 浙江大学控制科学与工程学院, 工业控制技术全国重点实验室, 杭州 310027;
科技导报
| 专题:2023年科技热点回眸 2024, 42(1): 314-328
2023年工业控制系统安全热点回眸
全屏
程鹏1 , 张镇勇2 , 车欣1 , 陈积明1
作者信息
1. 浙江大学控制科学与工程学院, 工业控制技术全国重点实验室, 杭州 310027;
通讯作者:
陈积明(通信作者),教授,研究方向为网络系统安全,电子信箱:cjm@zju.edu.cn
Hotspots of industrial control system security in 2023
Affiliations
出版时间: 2024-01-13
doi: 10.3981/j.issn.1000-7857.2024.01.021
文章导航
2023年,勒索病毒仍然威胁着全球工业控制系统安全,地缘政治冲突加剧导致工控系统成为敌对双方网络攻击的重要战场,供应链攻击再度成为工控系统的软肋。工控系统安全行业关注度持续提升,各国围绕工控系统安全展开大规模演习;工控系统安全政策、标准相继出台,相关行业有规可循、有法可依;软硬件漏洞仍然是工控系统“硬伤”,而“离地攻击”则可绕开漏洞实施“低成本、大威胁”攻击;研究人员开发了新型攻击手段,深度横向移动攻击、PLC勒索病毒使得威胁直指工控系统控制层,模块化、功能强大的工控系统攻击工具Pipedream为攻击者指明攻击路径;工控系统安全防护技术持续迭代更新,安全厂商和研究机构相继推出安全监控平台、可信DCS、攻击取证工具、轻量级密码算法、零信任机制传感器,网络安全逐渐被考虑纳入工控系统设计环节,功能安全、信息安全一体化协同设计取得突破;在PLC运行时安全测试、协议实现正确性测试、协议逆向分析技术、攻击检测技术方面都有创新性研究成果;新兴技术如人工智能、数字孪生、大语言模型等为工控系统安全带来机遇;工控安全外溢到卫星系统,欧美等国开始为网络战的空天战场作准备。
工业控制系统
/
安全防护技术
/
数字化
/
智能化
In 2023 the ransomware virus still threatened the security of global industrial control systems(ICSs), intensified geopolitical conflicts made the ICS become an important battlefield for hostile cyberattacks, and the supply chain once again became the soft underbelly of ICSs. Fortunately, much more attention was paid to ICS security and large-scale exercises were carried out by countries worldwide. Besides, there were many documents launched by authorities for ICS policies and standards.For techniques, vulnerabilities were newly found and the defense approaches were evolving. Specifically, the software and hardware vulnerabilities were still the unavoidable weakness of ICSs. The“living-off-the-land attack”did not use vulnerabilities but enabled“low-cost, big threat”operations over ICSs. Besides, there were novel attacks such as deep lateral move attack on the control level, the PLC ransomware virus, and the attack toolkit Pipedream. Security vendors and research institutions launched security-specific monitoring platforms for ICSs, produced the trustful DCS, developed the forensics tools, proposed the lightweight cryptographic algorithms, and designed zero trust mechanism sensors. The idea of“secure by design”was gradually taken into the design of ICSs. There were also advanced researches on runtime PLC security testing, protocol implementation correctness testing, protocol reverse analysis, and attack detection. The emerging technologies, such as artificial intelligence,digital twin, and large language model, brought opportunities to the ICS security. Moreover, the ICS security had spillover to satellite systems, and the Europe and US began to prepare for the battlefield of cyber warfare in the space.
industrial control system
/
safety pretection technology
/
digitalize
/
smart
程鹏, 张镇勇, 车欣, 陈积明.
2023年工业控制系统安全热点回眸.
科技导报,
2024
, 42
(1)
: 314
-328
.
DOI: 10.3981/j.issn.1000-7857.2024.01.021
CHENG Peng, ZHANG Zhenyong, CHE Xin, CHEN Jiming.
Hotspots of industrial control system security in 2023[J].
Science & Technology Review ,
2024
, 42
(1)
: 314
-328
.
DOI: 10.3981/j.issn.1000-7857.2024.01.021
2024年第42卷第1期
PDF下载
343
23
引用本文
BibTeX
文章信息
doi: 10.3981/j.issn.1000-7857.2024.01.021
接收时间:2023-12-28
首发时间:2024-04-09
出版时间:2024-01-13
收稿日期:2023-12-28
修回日期:2024-01-04
通讯作者:
陈积明(通信作者),教授,研究方向为网络系统安全,电子信箱:cjm@zju.edu.cn
https://castjournals.cast.org.cn/joweb/kjdb/CN/10.3981/j.issn.1000-7857.2024.01.021
引用本文
BibTeX
2种不同金属材料的力学参数
科 属数 种数 占总种数比例 属 种数 占总种数比例 鹅膏菌科Amanitaceae 2 11 5.26 鹅膏菌属 Amanita 10 4.78 小菇科 Mycenaceae 2 12 5.74 丝盖伞属 Inocybe 5 2.39 多孔菌科 Polyporaceae 8 14 6.70 蜡蘑属 Laccaria 5 2.39 红菇科 Russulaceae 3 23 11.00 小皮伞属 Marasmius 6 2.87 小菇属 Mycena 11 5.26 光柄菇属 Pluteus 5 2.39 红菇属 Russula 17 8.13 栓菌属 Trametes 5 2.39
关闭全屏
BibTeX
EndNote
RefWorks
TxT
PDF下载
全屏
343
23
关闭全屏
北京市海淀区学院南路86号
010-62199257
qkjq@cast.org.cn
