  • 马叶桐,丁云杰,刘圃卓,吕世超,潘志文,孙利民.工业控制系统功能安全和信息安全一体化风险评估方法[J].信息安全学报,已采用    [点击复制]
  • MA Yetong,DING Yunjie,LIU Puzhuo,LV Shichao,PAN Zhiwen,SUN Limin.Integrated Risk Assessment Algorithm for Functional Safety and Information Security of Industrial Control Systems[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 5153次   下载 208  
关键词:  功能安全  信息安全  安全一体化  风险评估  攻击树  工业控制系统
Integrated Risk Assessment Algorithm for Functional Safety and Information Security of Industrial Control Systems
MA Yetong1,2, DING Yunjie1,2, LIU Puzhuo1,2, LV Shichao1,2, PAN Zhiwen1,2, SUN Limin1,2
(1.School of Cyber Security,University of Chinese Academy of Sciences;2.Institute of Information Engineering)
The deep integration of informatization and industrialization has broken the closed network boundaries of industrial con-trol systems, leading to the penetration of traditional information system network attack threats into the industrial control system networks. Industrial control systems not only need to consider traditional functional safety risks in them, but also need to pay attention to their information security risks. This paper proposes an integrated risk assessment algorithm for functional safety and information security of industrial control systems. The algorithm includes three steps, safety and security integration risk data collection, risk analysis and risk evaluation. This algorithm starts from the perspective of the source of risk data, collects functional safety and information security risk data at the same time, generates the extended attack tree model which can analysis cyber-physical coordinated attack paths in the risk analysis step, and considers the functional safety loss and information security loss caused by safety events and security events when calculating event risks, etc., so as to realize the integrated risk assessment of functional safety and information security. This paper intro-duces the integrated risk assessment model and algorithm for functional safety and information security of industrial control systems, verifies the effectiveness of the risk assessment algorithm in the built gas pipeline network test system, and then compare the result with the evaluation results of existing risk assessment methods such as fault tree, attack tree, attack tree and bow-tie combination (AT-BT) method. The experimental result shows that the safety and security integra-tion risk assessment algorithm proposed in this paper can not only analyze the most likely safety events and security events in the system, but also solve the problem that the existing risk assessment methods cannot identify the type of safety and security risks when the physical domain and the information domain interact with each other to some extent.
Key words:  functional safety  information security  safety and security integration  risk assessment  attack tree  industrial control system