摘要
工业控制系统(Industrial Control System,ICS)信息安全评估是确保工业控制系统安全、稳定运行的基础和保障,更是制定安全管理防范措施的指南针。文章基于ICS安全需求特殊性,结合ICS信息系统网络架构部署,给出针对ICS的安全指标体系和评估细则,并提出了自下而上、分层次、分区域的安全评估模型及相应的定量计算方法。该方法在对安全评估指标划分的基础上,对各区域指标重要性进行权重比较计算,并采用了灰色数学模糊聚类计算,消除了评估人员的主观不确定因素,最终计算得到安全等级。测评案例表明,该模型减轻了安全测评人员的综合评价任务,实现了ICS安全的定量评价,提高了安全评估的准确性,为工业控制系统的安全提供保障。
Information security assessment is important to the smooth and stable operation of industrial control system(ICS), and provides valuable advices for security policy and measurement. A hierarchical assessment model with the use of gray mathematics is developed in this paper to suggest the evaluation system and security practice for ICS information system, and to develop an evaluation method combining both qualitative and quantitative aspects, in consideration of the different security requirements and network architecture of ICS. Based on the establishment of the hierarchical evaluation system, the model calculates the weights of separate region defined in the evaluation system, and applies the gray mathematics model to complete the fuzzy cluster computing, which reduces the uncertainty resulting from subjective factors. With the demonstration to experiments, the model has been proved to realize the quantitative assessment of ICS information system, to improve the accuracy of the process, and to alleviate the workload of the assessment engineers. This model is valuable for improving the existent security assessment methods and helping establishing security best practice for ICS in China.
出处
《信息网络安全》
2014年第1期15-20,共6页
Netinfo Security
关键词
工业控制系统
安全评估模型
网络安全
灰色数学
Industrial Control System
security assessment model
network security
gray mathematics
作者简介
作者简介:周小锋(1990-),男,上海,本科,主要研究方向:计算机网络安全检测及密码协议分析;
陈秀真(1975-),女,山东,副教授,博士,主要研究方向:计算机网络安全检测与评估、安全管理、人工智能及应用。
