A Unified Architectural Approach for Cyberattack-Resilient Industrial Control Systems

作     者：Zhou, Chunjie Hu, Bowen Shi, Yang Tian, Yu-Chu Li, Xuan Zhao, Yue 

作者机构：Huazhong Univ Sci & Technol Sch Artificial Intelligence & Automat Key Lab Image Proc & Intelligent Control Minist Educ Wuhan 430074 Peoples R China Univ Victoria Dept Mech Engn Victoria BC V8W 2Y2 Canada Queensland Univ Technol Sch Comp Sci Brisbane Qld 4001 Australia 

出 版 物：《PROCEEDINGS OF THE IEEE》 (电气与电子工程师学会会报)

年 卷 期：2021年第109卷第4期

页      面：517-541页

核心收录：

学科分类：0808[工学-电气工程] 08[工学] 

基　　金：National Natural Science Foundation of China [61433006, 61873103, 61272204] National Key R&D Program of China [2019YFB2006300] Australian Research Council (ARC) [DP160102571, DP170103305] 

主　　题：Security Integrated circuits Computer security Cyberattack Process control Systematics Resilience Fourth Industrial Revolution Networked control systems Cybersecurity industrial control system (ICS) network process resilience system 

摘      要：With the rapid development of functional requirements in the emerging Industry 4.0 era, modern industrial control systems (ICSs) are no longer isolated islands, making them more vulnerable to various cyberattack threats. Cyberattacks on ICSs may have disruptive consequences, such as significant social and economic losses. To proactively address the security issue of ICSs, this article presents a unified architectural approach from the perspectives of cyberthreats on ICSs, security-related ICS technologies, and methods for ICSs. It incorporates secure networks, secure control systems, secure physical processes, and their interactions seamlessly into a unified framework. To increase the resistance of ICSs against intrusions, the network security in our architectural approach is to secure the data in motion through the integration of secure network architecture, secure industrial network protocols, and secure end-to-end communications. The protection of control systems in our architectural approach is risk-based and hierarchical and encompasses prevention- and tolerance-centric defenses. It provides a layer-by-layer defense so that an acceptable level of cybersecurity risk is achieved and maintained. Aiming to maintain the stable operation of physical ICS processes, the secure control in our architectural approach implements a security process against process-aware attacks through a resilient safety control scheme. The global and systematic architectural approach presented in this article for the ICS cybersecurity will help facilitate the design and implementation of cyberattack-resilient ICSs in the networked world. For further development of ICS security technologies, emerging challenges are identified and discussed to motivate future research efforts.