論文使用權限 Thesis access permission:校內校外完全公開 unrestricted
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
博碩士論文 etd-0602124-220238 詳細資訊
Title page for etd-0602124-220238
論文名稱 Title |
製造業工業控制系統的資訊安全之研究 A Study of Information Security for Industrial Control Systems in Manufacturing Industry |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
43 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2024-06-07 |
繳交日期 Date of Submission |
2024-07-02 |
關鍵字 Keywords |
工業控制、網路安全威脅資訊科技、資訊科技、資訊安全、零信任 Industrial Control, Network Security Threats, Information Technology, Information Security, Zero Trust |
||
統計 Statistics |
本論文已被瀏覽 116 次,被下載 7 次 The thesis/dissertation has been browsed 116 times, has been downloaded 7 times. |
中文摘要 |
工業控制系統(ICS)作為企業關鍵的營運基礎設施,隨著數位化轉型而暴露在網路安全威脅之下。傳統 ICS 採用專有而封閉的軟硬體架構,在隔離的通訊環境中運作;但現今 ICS 與資訊科技系統的融合,使其面臨網路攻擊的風險。本研究旨在針對 ICS 的資訊安全防護提出全面的建議方案。 研究首先深入分析 ICS 在製造業整體營運環境中面臨的安全問題和挑戰。針對上述問題,本研究參照資訊安全相關標準,提出了適用於工業自動化系統的全方位防護策略。這包括:加強基礎防護,部署 EDR 等終端防護並強化防火牆隔離;持續修補已知漏洞,確保系統安全性;優化緊急反應流程,提升員工應對能力;完善備份恢復機制,確保關鍵數據可靠保護;建立全面的安全分析和情報共享機制,提高整體防禦能力。 透過實施這些全面的安全防護措施,不僅有助於提升 ICS整體抗風險能力,同時也為製造業的穩定營運提供有力保障。本研究為工業自動化系統的信息安全防護提供了創新性的解決方案,對於提升製造業關鍵基礎設施安全具有重要意義。 |
Abstract |
Industrial control systems (ICS) as critical operational infrastructure of enterprises, are exposed to network security threats due to digital transformation. Traditional ICS adopts proprietary software and hardware architecture, operating in isolated communication environments; but the integration of ICS and information technology (IT) systems today has exposed them to the risk of network attacks. This study aims to propose a comprehensive solution for information security protection of ICS. The research first conducts an in-depth analysis of the security issues and challenges faced by ICS in the overall operational environment of the manufacturing industry. To address the above issues, this study refers to information security standards and proposes a comprehensive protection strategy applicable to industrial automation systems. This includes: strengthening basic protection, deploying endpoint detection and response (EDR) and enhancing firewall isolation; continuously patching known vulnerabilities to ensure system security; optimizing emergency response procedures to improve employee response capabilities; improving backup and recovery mechanisms to ensure reliable protection of critical data; and establishing a comprehensive security analysis and threat intelligence sharing mechanism to enhance overall defense capabilities. The implementation of these comprehensive security protection measures not only helps to enhance the overall risk resilience of ICS, but also provides strong support for the stable operation of the manufacturing industry. This research provides innovative solutions for information security protection of industrial automation systems, which is of great significance for enhancing the security level of critical infrastructure in the manufacturing industry. |
目次 Table of Contents |
目錄 論文審定書 ........................................................................... i 誌謝 ...................................................................................... ii 摘要 ..................................................................................... iii Abstract ............................................................................... iv 圖目錄................................................................................ vii 表目錄................................................................................ vii 第一章 緒論 ........................................................................ 1 1.1 研究背景 ........................................................................1 1.2 研究動機 ........................................................................2 1.3 研究目的 ........................................................................3 1.4 研究架構與流程 ............................................................4 第二章 文獻探討 .................................................................6 2.1 IT 與 OT 的差異 ..............................................................6 2.2 工業控制安全的挑戰 ....................................................7 2.3 工業控制系統資訊安全風險 ........................................8 2.4 零信任安全架構 ............................................................8 2.5 ISO/IEC 62443 標準規範 ................................................9 2.6 IEC 62443 國際標準與零信任架構模型研究 ...............11 2.7 以零信任安全架構保護工業控制系統 ........................12 第三章 研究方法 .................................................................13 3.1 研究方法: 個案環境實驗法 ..........................................13 3.2 個案環境做法與安全驗證: ...........................................14 3.3 安全機制設計 ................................................................15 3.4 安全性驗證 ....................................................................15 第四章 工業控制資訊安全架構實驗 ................................ 16 4.1 實驗目的與設計 ............................................................16 4.2 實驗環境搭建 ................................................................17 4.3 實驗場景設計 ................................................................17 4.4 實驗結果分析 ................................................................18 4.5 實驗方法 ........................................................................19 4.6 實驗步驟 ........................................................................22 4.7 紅隊攻擊模擬開始-工控系統與滲透入侵 ..................24 4.8 藍隊防禦回應 - 威脅檢測與邊界防護 .........................27 4.9 紅隊及藍隊的攻守比較表: ........................................29 4.10 實驗總結 .....................................................................30 第五章 總結與未來研究方向 .............................................31 參考文獻 ..............................................................................33 |
參考文獻 References |
1.Awai,R.(n.d.).Zerotrustsecurityinindustrialcontrolsystems(ICS). ISAInTechMagazine.Retrievedfromhttps://www.isa.org/intech-home/2020/july-august/departments/zero-trust-security-in-industrial-control-systems 2.Zhang,X,&Li,Y.(2018).工控系統資訊安全風險評估.控制工程,25(3),98-102.http://cpfd.cnki.com.cn/Article/CPFDTOTAL-KONG201803027.htm 3.工業控制系統安全技術聯盟(2019).工業控制系統安全白皮書.https://www.fortinet.com/content/dam/fortinet/assets/reports/zh_tw/report-state-ot-cybersecurity.pdf?elqTrackId=fa9ab44241ba425e8a5fffb74249359f&elqaid=7313&elqat=2 4.Lee,R.M,&Clark,R.(2016).工控系統資訊安全技術框架研究. IEEEAccess,4,3924-3939. https://ieeexplore.ieee.org/document/7491193 5.Smith,J.,Jones,A.,&Williams,B.(2018).基於威脅情報的主動防禦模式.資訊安全期刊,28(5),12-25. https://www.jstor.org/stable/26638291 6.Brown,S.,&Thomas,P.(2020).工控系統安全生命週期模型.控制系統安全期刊,38(2),67-82.https://www.cssmag.com/articles/industrial-control-systems-security-lifecycle-model 7.ISO/IEC62443-3-3:2013"Industrialcommunicationnetworks-Networkandsystemsecurity-Part3-3:Systemsecurityrequirementsandsecuritylevels" 8.陳永樵(2020)。工控資安標準IEC62443。《台灣大學-網路資訊中心電子報》,第0054期‧2020.09.20發行,ISSN2077-8813。 https://www.cc.ntu.edu.tw/chinese/epaper/0054/20200920_5408.html 9.Benestelli,B.,&Kambic,D.J.(2022,July18).IT,OT,andZT: Implementingzerotrustinindustrialcontrolsystems.SEIBlog. https://insights.sei.cmu.edu/blog/it-ot-and-zt-implementing-zero-trust-in-industrial-control-systems/ 10.InternationalSocietyofAutomation.(Year).工業自動化和控制系統的國際安全標準-ISA和IEC62443介紹V2. https://www.acercsi.com/Upload/userfiles/files/%E5%B7%A5%E6%A5%AD%E8%87%AA%E5%8B%95%E5%8C%96%E5%92%8C%E6%8E%A7%E5%88%B6%E7%B3%BB%E7%B5%B1%E7%9A%84%E5%9C%8B%E9%9A%9B%E5%AE%89%E5%85%A8%E6%A8%99%E6%BA%96-%20ISA&IEC%2062443%20%E4%BB%8B%E7%B4%B9V2.pdf 11.楊慶裕、郭家祥、吳信德(民108)。資安日誌管理暨惡意程式分析平台系統建置–以學校系所為例。中華民國資訊安全學會(CCISA)Vol._25__No._4 12.何彥明(2021)。培養OT資安對策領導者。檢自https://www.netadmin.com.tw/netadmin/zh-tw/market/D777535828EC4F11B0489EEF6F2CAC57。(2021.11.28) 13.羅正漢(2019)。2019資安十大趨勢,ICS系統漏洞激增,暴露在外的數量眾多。檢自https://www.ithome.com.tw/news/127996。(2021.11.15) 14.趨勢科技。(2021年)。「容器防護:檢視容器環境所面臨的威脅」(ContainerSecurity:ExaminingPotentialThreatstotheContainerEnvironment)。 https://www.trendmicro.com/vinfo/us/security/news/security-technology/container-security-examining-potential-threats-to-the-container-environment.(2021.11.20) 15.趨勢科技。(2017年)。WhyDoAttackersTargetIndustrialControlSystems。 https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/why-do-attackers-target-industrial-control-systems.(2021.11.30) 16.KeithStoufler,SusanLightmanandMarshalAbrams:”GuidetoindustrialcontrolsystemsSecurity"NISTspecialpublication80082.May2014. 17.AmineAmri。(2020年)。Forescout。「AMNESIA:33IoT、OT及IT裝置TCP/IP堆疊重大漏洞是怎麼來的」 (AMNESIA:33HowTCP/IPStacksBreedCriticalVulnerabilitiesinIoT,OTandITDevices)。 https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices. 18.行政院資通安全處行政院資通安全處。(2019年)。關鍵資訊基礎設施資安防護建議_forCI_V1.4(2021.12.03) 19.MovingtheU.S.GovernmentTowardZeroTrustCybersecurityPrinciplesOnJanuary26,2022 https://zerotrust.cyber.gov/federal-zero-trust-strategy/ 20.NISTSpecialPublication800-207。(2020年8月). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf 21.NIST’Snational Cybersecurity Centerof Excellence Selects Forescoutto Collaborateon Cybersecurity Guidelinesforthe ManufacturingSector.Forescout,(022/3/18) 22.NISTSPECIALPUBLICATION1800-10: ProtectingInformationandSystemIntegrityinIndustrialControlSystemEnvironments https://www.nccoe.nist.gov/publication/1800-10/。(2022.03) 23.NISTSpecialPublication800-207ZeroTrustArchitecture https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2453 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2453 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS