ICS Information Security Assurance Framework 16

ICS Information Security Assurance Framework 16

February 11, 2020 | Adeline Zhang

System Introduction

The computer monitoring system of the hydropower plant adopts a hierarchical distributed open system structure totally controlled by the computer, which consists of the main control layer of functions and the local control unit (LCU) layer of objects. The main control layer consists of the operator station, data server station, external communication station, internal communication station, engineering station, voice alert station, GPS time synchronization system, UPS power supply, and network devices.

The main control layer collects all types of data reflecting the running status and parameters of main devices from the LCU layer in real time (such as communication value, analog value, impulse value, AC volume, polling data, and interrupt signals), monitors and manages main plant devices in a centralized mode (including device adjustment and control, working condition conversion, parameter setting, and maloperation-proof output lockout, alert records, historical query, event sequence record, accident recall, temperature trend alert and analysis, voice event alert, picture soft copy, statistical production report generation, and system database management), so as to enable advanced applications such as AGC and AVC.

As the underlying control device of the monitoring system, LCU mainly completes the collection and preprocessing of all types of data, sends the collected data and alert information to the main control server, and checks the validity of the data and then executes them as directed by the main control server. When the main control server fails or exits, LCU still runs properly and performs basic monitoring functions on devices, such as data collection, processing and device running monitoring, device adjustment and control, working condition conversion, and parameter setting, event sequence record, hardware selfdiagnosis, and online diagnosis and alert.

Risk Analysis

1. Network security risk

① Insufficient protection of network borders. Although there is no direct physical network connection between the production control zone and the management information zone of the hydropower plant, protection measures for the border between the real-time and non-real-time systems in the production control zone are insufficient. Such measures do not support industrial protocols and protection against industrial viruses.

② No protection for the access zone. In the production industrial control system of the hydropower plant, wireless communication via microwave is adopted between the backend and the frontend test control station of the hydrological system in the non-real-time zone. There is no security protection device at the receiving end for protecting wireless data inputs.

③ No intrusion detection protection management mechanism. The lack of intrusion detection devices at key network nodes in the production management zone, real-time zone, and non-real-time zone of the hydropower plant makes it impossible to effectively detect attacks, prevent or restrict internal and external network attack behaviors, or analyze network behaviors.

2. Host security risk

Lack of malicious code/virus protection mechanism. The host in the power monitoring system has no malicious code prevention platform or other compensation mechanisms to control and manage malicious code.

3. Application security risk

Lack of account management and authentication. At present, the hydropower plant has set up corresponding privileged accounts for each system according to positions and levels. However, no necessary application security control policies are available for performing authentication, access control, and security audit for user logins, system resources access, and other operations.

4. System O&M security risk

① Lack of security management and control for mobile media. No management and control platform is deployed for USB interfaces of the devices in the electric power monitoring system.

② Lack of monitoring audit of the information system. At present, the hydropower plant can monitor the electric power monitoring system, but it cannot monitor and audit upper computers, servers, operating systems, and databases and is unable to monitor security devices in the electric power monitoring system.

③ Lack of protection for important control devices. At present, the hydropower plant has not deployed protection devices with the function of industrial protocol-based in-depth packet detection on the frontend PLC of each control system to prevent unauthorized operations on and intrusion against the controller.

To be continued.