绿盟 2019工业控制系统信息安全保障框架

2019 工业控制系统信息安全保障框架m i g u th 5 b o .c © 绿盟科技关于绿盟科技北京神州绿盟信息安全科技股份有限公司（以下简称绿盟科技），成立于 2000 年 4 月，总部位于北京。在国内外设有 40 多个分支机构，为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户，提供具有核心竞争力的安全产品及解决方案，帮助客户实现业务的安全顺畅运行。基于多年的安全攻防研究，绿盟科技在检测防御类、安全评估类、安全平台类、远程安全运维服务、安全 SaaS 服务等领域，为客户提供入侵检测 / 防护、抗拒绝服务攻击、远程安全评估以及 Web 安全防护等产品以及安全运营等专业安全服务。北京神州绿盟信息安全科技股份有限公司于 2014 年 1 月 29 日起在深圳证券交易所创业板上市交易，股票简称：绿盟科技，股票代码：300369。 u th i g 特别声明 5 b 为避免合作伙伴及客户数据泄露，所有数据在进行分析前都已经过匿名化处理，不会在中间环节出现泄露，任何与客户有关的具体信息，均不会出现在本报告中。 m o .c 2019 工业控制系统信息安全保障框架目录 1. 工控信息安全的发展 ············································································································································1 1.1 工业智能化发展概述 ·································································································································································· 2 1.1.1 工业控制的基本架构·················································································································································································· 3 1.1.2 工业 4.0 的发展 ·························································································································································································· 4 1.1.3 工业互联网的发展 ······················································································································································································ 5 1.1.4 国内工业控制系统的发展 ········································································································································································· 6 m o .c 1.1.5 泛在化的工业设施 ······················································································································································································ 7 1.2 工控信息安全的发展 ·································································································································································· 8 1.2.1 工控信息安全与 IT 信息安全的差异 ························································································································································ 9 1.2.2 工控信息安全在国内的发展 ···································································································································································11 5 b 1.2.3 国外工控信息安全的发展 ·······································································································································································18 1.3 工控信息安全的技术趋势 ························································································································································ 20 1.3.1 工控信息安全技术趋势············································································································································································20 u th 1.3.2 主流工控信息安全产品介绍 ···································································································································································20 1.3.3 工控信息安全技术面临的问题和困难 ···················································································································································22 2. 工控信息安全态势 ··············································································································································23 i g 2.1 典型工业信息安全事件 ···························································································································································· 24 2.2 工业控制系统恶意软件介绍 ···················································································································································· 26 2.2.1 恶意软件 Industroyer 的介绍··································································································································································26 2.2.2 Dragonfly2.0 恶意软件介绍 ····································································································································································28 2.2.3 新型 ICS 攻击框架 "TRITON" 简介 ·························································································································································29 2.3 工控资产的脆弱性 ············································································