Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지
DOI QR코드

DOI QR Code

Study on the Security R&R of OT-IT for Control System Network Boundaries

제어 네트워크 경계에 대한 OT-IT 책임 역할 연구

  • 우영한 (고려대학교 정보보호대학원) ;
  • 권헌영 (고려대학교 정보보호대학원)
  • Received : 2020.06.18
  • Accepted : 2020.09.27
  • Published : 2020.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

In recent years, due to the demand for operating efficiency and cost reduction of industrial facilities, remote access via the Internet is expanding. the control network accelerates from network separation to network connection due to the development of IIoT (Industrial Internet of Things) technology. Transition of control network is a new opportunity, but concerns about cybersecurity are also growing. Therefore, manufacturers must reflect security compliance and standards in consideration of the Internet connection environment, and enterprises must newly recognize the connection area of the control network as a security management target. In this study, the core target of the control system security threat is defined as the network boundary, and issues regarding the security architecture configuration for the boundary and the role & responsibility of the working organization are covered. Enterprises do not integrate the design organization with the operation organization after go-live, and are not consistently reflecting security considerations from design to operation. At this point, the expansion of the control network is a big transition that calls for the establishment of a responsible organization and reinforcement of the role of the network boundary area where there is a concern about lack of management. Thus, through the organization of the facility network and the analysis of the roles between each organization, an static perspective and difference in perception were derived. In addition, standards and guidelines required for reinforcing network boundary security were studied to address essential operational standards that required the Internet connection of the control network. This study will help establish a network boundary management system that should be considered at the enterprise level in the future.

Keywords

References

  1. 과학기술정보통신부, 한국인터넷진흥원, "주요정보 통신기반시설 기술적 취약점 분석.평가 방법 상세가이드", 2017. 12.
  2. 김광호, "국가핵심시설 제어시스템 안전성 강화방안", 고려대학교 석사학위 논문, 2017.
  3. 김도연, "산업제어시스템의 사이버보안을 위한 취약점 분석", 한국전자통신학회논문지, 제9권, 제1호, 2014, 137-142. https://doi.org/10.13067/JKIECS.2014.9.1.137
  4. 김일용, 임희택, 지대범, 박재표, "산업제어시스템 환경에서 효과적인 네트워크 보안관리 모델", 한국산학기술학회논문지, 제19권, 제4호, 2018, 664-673. https://doi.org/10.5762/KAIS.2018.19.4.664
  5. 오준형, 유영인, 이경호, "기반시설 침해사고 및 제어 시스템 표준 동향", 정보보호학회지, 제27권, 제2호, 2017, 5-11.
  6. 전용희, "산업제어시스템 보안을 위한 네트워크 설계 및 구조", 정보보호학회지, 제19권, 제5호, 2009, 60-67.
  7. 최명균, 이동범, 곽진, "제어시스템에 대한 보안정책 동향 및 보안 취약점 분석", 정보보호학회지, 제21권, 제5호, 2011, 55-64.
  8. 최명길, "제어시스템 보안성 평가 방법에 관한 연구", 정보보호학회논문지, 제23권, 제2호, 2013, 287-298. https://doi.org/10.13089/JKIISC.2013.23.2.287
  9. 한국정보통신기술협회, 사이버물리시스템(CPS)/산업제어시스템(ICS)의 소프트웨어 갱신을 위한 정보보호 지침, 2017. 12.
  10. 한국표준협회, KS X IEC TS 62443-1-1:2009, 산업통신네트워크-네트워크 및 시스템 보안-제1-1부 : 용어, 개념 및 모델, 2020. 4.
  11. 행정안전부, 주요정보통신기반시설 취약점 분석평가기준(개정), 2012. 12.
  12. CISCO/Rockwell Automation, Securely Traversing IACS Data across the Industrial Demilitarized Zone, 2017.
  13. Department of Homeland Security, Recommended Practice : Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies, 2016. 9.
  14. DHSecurity, Configuring and Managing Remote Access for ICS, 2010. 11.
  15. DOE(United States Department of Energy), 21 Steps to improve Cyber Security of SCADA Networks, 2002.
  16. ENISA, Good practices for security of IoT, 2018.
  17. Eric D. Knapp and Joel Thomas Langill, Industrial Network Security (2nd Edition), 2015.
  18. GSMA, IoT Security Guidelines for Network Operators, 2017.
  19. IEC/TS 62443-1-1, "Industrial communication networks-Network and system security-Part 1-1, 2009.
  20. Kirill Kruglov, Kaspersky Lab ICS CERT, Threats posed by using RATs in ICS, 2018. 9.
  21. NCCIC, ICS-CERT, Monitor November 2017.
  22. NIST, Special Publication 800-82 R2, Guide to Industrial Control Systems (ICS) Security, 2015.
  23. Positive Technologies, ICS Security : 2017 IN REVIEW, 2018.
  24. SANS, The 2018 SANS Industrial IoT Security Survey : Shaping IIoT Security Concerns, 2018. 7.
  25. Siemens, cRSP IT security Concept, 2019.
  26. Siemens, Primer for Cybersecurity in Industrial Automation, 2019.
  27. Wolfgang Schwab, Kaspersky Lab, The State of Industrial Cybersecurity, CXP Group, 2018. 6.