Research And Implementation Of Oil And Gas SCADA Information Security And Offensive And Defensive Shooting Range

The level of informationization in industrial control system continues to deepen in recent years bringing with great benefits and convenience, and the accompanying information security issues is also becoming obvious. What's more,more and more ICS information security incidents have been found and attract great attention from many countries, government agencies, large state-owned enterprises, colleges and universities.It has obviously become a hot research field of information security field in recent years. Oil&Gas SCADA system as one of the most widely used basic ICS in oil and gas filed, relating to the country's politics, economy and people's livelihood, it's information security is also facing a huge information security threat.This paper analyzes the influential factors of information security issues, the sources of threats as well as the different information security requirements between traditional IT system and Oil&Gas SCADA, such kind of multi-PC ICS system. What's more, this paper focuses on the "attack kill chain" approach and the attackers characteristics in unknown attacks against ICS system,and combines with theory of Factors Neural Network to establish an attacker model in analytical factor neuron form. After the summary of the current popular network and master computer related defense technologies in industrial field, we realized the necessity to build an Oil&Gas SCADA defense and shooting information range for testing and verifying master computer defense technology and product performance.The characteristics of the various parts of SCADA system, such as master computer system, lower machine system, monitoring and control equipment, communication system and their hardware and software were all analyzed in this paper. At the same time the master computers in the range were distributed different functions referred to the information flow and many features in PETROCHINA SOUTHWEST OIL&GASFIELD COMPANY'S real Oil&Gas SCADA, such as multilevel management, subregional management, large number of measure and control points. Taking the requirements of the range into consideration, the cloud virtualization technology was used to flexibly achieve a multiple PC environment in the range and the virtual and the real PLC combined to achieve the flexible expansion. In addition it's successfully to propose and realize that HYSYS model, self-built mathematical model, physical simulation model simulate oil and gas processes in the range.Besides known and unknown offense and defense experiments to the master computers of operator station in range's SCS layer were designed and achieved closely to reality,with the usage of the real hacking tool,such as Metasploit, Nmap, viruses, Trojan horses, customized malicious programs,and master computer active and passive defense systems in field of information security.Expecially in unknown offense and defense experiments,"attacks kill chain" and an attacker tailor-made in analytical factor neuron form were used.Comparison between the process and effect in attack and defense validate feasibility of this Oil&Gas SCADA offensive and defensive range.