Research On Some Key Technology On Cyber Security Of Industrial SCADA System

Industrial SCADA system has the characteristics of distributed, networked, digital and intelligent features. However, this also makes the system inevitably has the inherent vulnerability of digital network, facing the potential information security threats. At present,the research on cyber security of industrial SCADA system in our country has just started.First of all,in terms of risk assessment,there is no national standards,and the qualitative assessment methods are generally used at present. So, the lack of quantitative assessment methods and tools is the first problem which needs to be solved urgently. Secondly,when the management persons choose aprroriate safeguard strategy to protect the cyber security of SCADA system,they always haven't considered how to deploy the system defense measures to get the highest return on investment. So, how to use the limited resources to make the most reasonable defense strategy choice is another key issue worthy of further studying. Third,at present, there is a lack of security test platform for the research of the cyber security of industrial SCADA system. These three problems are generally existing widely in current SCADA system in all sectors of our country, so it is urgent to conduct in-depth study in these three aspects of the problem. Recently, the relevant research on cyber security of industrial SCADA system is greatly promoted in China. Under this background, three key technical issues mentioned above have been researched in this paper.Some basic reaserch and application development work has been implemented. These research work has important scientific significance and practical application value to the cyber security of the industrial SCADA system in our country. The main research contents are as follows:(1) In view of how to quantitatively evaluate the cyber security status of industrial SCADA system, a method based on Analytical Hierarchy Process(AHP) and Scalable Hierarchical Attack Tree(SH-AT) model for evaluating the cyber security risk of SCADA systems has been presented in this paper. In this method, the conventional basic attack tree model has been improved to obtain a new SH-AT model. The modeling process and formal representation for SH-AT model has been researched to do attack events modeling for the SCADA systems. The application of AHP method for assigning the weight value of SH-AT leaf node attribute parameters has been researched. Judgement matix is used to determin the weight values of three paramters which will affect the risk probability of leaf nodes in SH-AT. The probability risk assessment technology is applied to calculate the probability of occurrence for each leaf node, root node and each attack sequence in the SH-AT model. The risk value of the root node can be calculated based on the magnitude of the potential loss when the ultimate attack goal has been implemented. Calculating results of an application case indicate that the proposed method is reasonable and applicable. The prototype system of the evaluation software based on the proposed method has been developed, which is helpful to the cyber security evaluation of the SCADA system in the practical work.(2) In the situation that the offensive and defensive sides have a complete grasp of each other's characteristics, strategies and utility functions and some other aspects of information,a method based on complete information static game theory has been proposed so as to solve the SCADA system cyber security defense strategy selection problem. The complete information static game model of SCADA system has been established. Then the utility functions of both sides have been obtained from the defensive utility ROA and the attacking utiity ROI. The solving algorithm has been proposed to get the Nash equilibrium of the game model. Numerical example analysis results show that the proposed method is correct and feasible, and it is able to analyze and predict the most rational strategic choice for both offensive and defensive sides in order to maximize their own utilities.(3) In the case of asymmetric information, the SCADA system defender only knows how the attacker's strategy and utility function depends on its type, a defense strategy prediction analysis method based on the incomplete information static game has been proposed. The Bayesian static game model of the SCADA system is established first. Then,this model is converted into complete but imperfect information dynamic games through the Harsanyi transformation. Then, the model is converted into the complete information static game between the three agents of the defender, the low tech attacker and the high tech attacker. The respective utility of the three agents have been determined. The solving algorithm has been proposed to get the Bayesian equilibrium of the game model. The Bias equilibrium can bee considered as the prediction results of the defensive strategy choic. The Numerical example analysis shows that the proposed method is correct and feasible, and it can provide the theoretical prediction reference of defensive strategy choic for the risk management of the SCADA system.(4) To help the researchers better understanding the impact on SCADA system which may be caused by various attacks, and verify the effectiveness of the various security and defense plans,a method for designing and implementing the industrial SCADA system cyber security testbed based on DETERLAB architecture has been propoesed. A prototype system of the testbed has been developed, and some typical tests have been implemented on it. The results show that the proposed SCADA system cyber security testbed construction technology and method is reasonable and feasible. With a certain practical value and originality, the testbed can be effectively used for cyber security research.At the end of this paper, the work of this paper is summarized, and the future research is prospected.