权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

RITICS: Trustworthy Industrial Control Systems

RITICS：值得信赖的工业控制系统

基本信息

批准号：
EP/L021013/1
负责人：
Chris Hankin
金额：
$ 96.33万
依托单位：
Imperial College London
依托单位国家：
英国
项目类别：
Research Grant
财政年份：
2014
资助国家：
英国
起止时间：
2014 至无数据
项目状态：
已结题

来源：
https://gtr.ukri.org/projects?ref=EP%2FL021013%2F1
关键词：
RITICS Trustworthy Industrial Control Systems

项目摘要

Industrial control systems (ICSs) can take on a range of configurations, involving diverse mixtures of hardware, software, human inputs, network topologies and communication protocols. Generally, an ICS instance may be described as a set of supervisory devices -- including a single device in some cases -- which, through the acquisition of data and the ability to issue instructions, controls the actions and reactions of field devices responsible for the execution of an industrial process or processes. In large utility scale industrial processes, ICSs are manifest as Supervisory Control and Data Acquisition (SCADA) systems; characterised by geographically dispersed control targets requiring centralised management over disparate communication networks, often using diverse protocols and modalities, with varying reliability and latency. At more local scales, such as may be found in manufacturing plants, access to high reliability networks enables ICS specification to be freed of SCADA type constraints, giving rise to ICS manifestations referred to as Distributed Control Systems (DCSs). Examined on even smaller scales, specialised computers known as Programmable Logic Controllers (PLCs) provide control of small numbers of devices and in some cases may represent the entire ICS for a small organisation -- where the scale of a DCS may well be inappropriate. It follows that SCADA systems are often comprised of numerous DCS and PLC subsystems and components.Typically, data input in ICSs is provided by a series of sensors and semi-automated input procedures and control output is issued to field devices such as actuators, switches and other components. Often, general definitions of ICSs stop here, neglecting to include the complex human behavioural and wider organisational policy aspects that are integral to the real-world use and integrity of such systems. Therefore, whenever referring to ICS of any form, this bid will implicitly include such factors, as to neglect doing so would significantly limit the mission of developing trustworthy ICSs, from the outset.Some of the key trends in the development and implementation of ICS of relevance to this bid may be summarised as: the evolution of organisations towards adopting IT solutions to support ICS functions, despite the lack of organisational cultures/structures where the utility and security of both are planned and managed in joint technical committees; increased availability and uptake of ICS solutions in industry of varying scales due to factors such as the drive towards the use of COTS protocols/code modules/middleware for ICS design and delivery (eg: http://openscada.org/); increased interconnectivity of organisations' cyber infrastructures motivated by economic and efficiency drivers; the move toward decentralised control, exploiting edge computing advances; and the loss of expertise in legacy ICS components (configurations, dependencies and failure modes). From both the perspectives of attack success probability and consequence, any one of the above suggest an increase of threat risk to ICSs that would be worth considering. Viewed in combination, however, the argument for increased risk becomes far more explicit and the complexity of the vulnerabilities that need to be addressed begins to become apparent. ICSs are integral to utility, manufacturing and processing industries of all scales and, as a result, the socio-economic impact of their compromise or failure has the potential to be very significant.This research project will address Challenge 3 of the call document: ``What could be novel, effective and efficient interventions?''. In particular, we expect to produce models and tools in support of effective interventions.

工业控制系统（ICS）可以采用一系列配置，涉及硬件、软件、人工输入、网络拓扑和通信协议的各种混合。通常，ICS实例可以被描述为一组监控设备-在某些情况下包括单个设备-通过数据的获取和发出指令的能力，控制负责执行工业过程或过程的现场设备的动作和反应。在大型公用事业规模的工业过程中，ICS表现为监控和数据采集（SCADA）系统;其特征在于地理上分散的控制目标需要通过不同的通信网络进行集中管理，通常使用不同的协议和模式，具有不同的可靠性和延迟。在更局部的尺度上，例如在制造工厂中，访问高可靠性网络使ICS规范能够摆脱SCADA类型的约束，从而产生称为分布式控制系统（DCS）的ICS表现形式。在更小的规模上进行研究，被称为可编程逻辑控制器（PLC）的专用计算机提供对少量设备的控制，在某些情况下，可能代表小型组织的整个ICS-DCS的规模可能不合适。因此SCADA系统通常由许多DCS和PLC子系统和组件组成。通常，ICS中的数据输入由一系列传感器和半自动输入程序提供，控制输出被发送到现场设备，如执行器，开关和其他组件。通常，ICS的一般定义到此为止，忽略了包括复杂的人类行为和更广泛的组织政策方面，这些方面是此类系统在现实世界中的使用和完整性所不可或缺的。因此，无论何时提及任何形式的ICS，本投标书都将隐含包括这样的因素，因为忽略这一点会从一开始就严重限制开发可信赖的ICS的使命。与本投标书相关的ICS开发和实施的一些关键趋势可以总结为：组织朝着采用IT解决方案来支持ICS功能的方向发展，尽管缺乏由联合技术委员会规划和管理两者的效用和安全的组织文化/结构;在不同规模的工业中，由于诸如在ICS设计和交付中使用COTS协议/代码模块/中间件的驱动力等因素，ICS解决方案的可用性和采用率提高（例如：http：//openscada.org/）;受经济和效率驱动因素的推动，组织网络基础设施的互联性增加;向分散控制的方向发展，利用边缘计算的进步;以及传统ICS组件（配置、依赖性和故障模式）专业知识的丧失。从攻击成功概率和后果两个角度来看，上述任何一个都表明ICSs的威胁风险增加，值得考虑。然而，综合来看，风险增加的论点变得更加明确，需要解决的脆弱性的复杂性开始变得明显。ICSs是所有规模的公用事业、制造业和加工业的组成部分，因此，其妥协或失败的社会经济影响可能非常重大，本研究项目将解决呼吁文件的挑战3："什么是新颖、有效和高效的干预措施？''.特别是，我们期望制定支持有效干预的模式和工具。