73«Инновационные аспекты развития науки и техники»
3. Сайт SAP [Электронный ресурс]. URL: https://www.sap. com/documents/2016/11/ecf58efa-947c-0010-82c7 -eda71af511 fa.html (Дата обращения: 09.02.2021)
4. Сайт SAP [Электронный ресурс]. URL: https://www.sap.com/ cmp/dg/forrester-tei-study/index.html (Дата обращения: 15.02.2021)
УДК 004.09
Еремеев Михаил Алексеевич Eremeev Mikhail Alekseevich
д.т.н., профессор, Doctor of Technical Sciences, Professor Линючев Алексей Геннадьевич Linyuchev Alexey Gennadievich
Аспирант Post-graduate student Российский технологический университет - МИРЭА Russian Technological University - MIREA
ВЗАИМОСВЯЗЬ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ И НАДЕЖНОСТИ В АВТОМАТИЗИРОВАННЫХ СИСТЕМАХ УПРАВЛЕНИЯ ТЕХНОЛОГИЧЕСКИМИ ПРОЦЕССАМИ
RELATION BETWEEN INFORMATION SECURITY AND RELIABILITY IN INDUSTRIAL CONTROL SYSTEMS FOR TECHNOLOGICAL
PROCESSES
Аннотация. Рассмотрена проблема взаимосвязи информационной безопасности и надёжности в автоматизированных системах управления технологическими процессами. Предложен подход для повышения надёжности в автоматизированных системах управления технологическими процессами (АСУ ТП) с учетом информационной безопасности отдельных элементов промышленной автоматизации.
VII Международная научно-практическая конференция Abstract. The problem of the relation between information security and reliability in industrial control systems for technological processes (ICS TP) is considered. The method was proposed for increasing reliability in industrial control systems to ensure information security in individual industrial automation elements.
Ключевые слова, компьютерная атака, оценка защищенности, надёжность, АСУ ТП. Keywords: computer attack, security assessment, reliability, ICS TP, process automation.
Introduction
Currently, in the world around us, ICS TP are widely used in the production of any product, and their prevalence is explained by their inherent advantages. In the course of development, ICS TP gradually influence more and more on new areas of our life, becoming necessary in the production of any product and in various sectors of the economy. They are used in most critical industries, such as oil, gas, energy, etc., to ensure safety, reliability, and control the technological processes.
In the process of developing and complicating technological processes and industrial control systems much attention is paid to improving the efficiency, reliability and survivability of ICS TP.
Based on the development of industrial systems, their complexity does not always lead to positive results, as is known, any complication of the system leads primarily to a decrease its reliability, as a result any industrial production is often a source of incidents or accidents.
Most of them ICS TP are complex systems consisting of separate subsystems, aggregates, control system, etc. From the perspective of reliability, a complex system has both negative and positive properties [1].
Factors which negatively affect the reliability of complex systems [1]: large number of industrial elements, the failure of any of them can lead to the failure of the entire system;
it is very difficult to evaluate the performance of complex systems from the point of view of statistical data, since they are often unique or available in small quantities;
«Инновационные аспекты развития науки и техники» for systems of the same purpose, each element has its own minor variations, which affects the output parameters of the system. The more complex the system, the more individual features it has.
Based on the failure analysis statistics presented in Table 1, it can be seen that the main problems of ICS TP reliability were industrial equipment failures, mostly related to the human factor or ordinary malware.
The development of methods and methods for improving reliability was relevant throughout the existence of ICS TP. Reliability is one of the most important characteristics considered during the development, design and operation stages ICS TP. Insufficient reliability of the ICS TP leads to huge financial costs for repairs, downtime of equipment and production, sometimes to accidents associated with large economic losses. The study of the causes that cause failures of objects, the determination of the laws that they obey, the development of a method for checking the reliability of products and methods for monitoring reliability, calculation and testing methods, and the search for ways and means to improve reliability are the subject of reliability research [1].
Table 1-Percentage of industrial equipment failures
Type of industrial equipment Failure, %
Dispatching control systems (SCAD A) 10
Logical control devices 10
Sensors Instrumentation and Control system 25
Executive field devices 50
Central part of the system Safety 5
As you know, reliability is a complex property that includes certain components. At the same time, since the end of the 20th century, the first information about deliberate incidents at critical infrastructure has appeared. Throughout the 21st century, more and more often there is information about deliberate incidents at critical infrastructure facilities that occurred at various enterprises and in various industries. Today, there is a rapid growth of new technologies of information and anthropogenic sphere, but also a variety of criminal's attack carried out using the same new tools and often having serious consequences.
VII Международная научно-практическая конференция
The statistics of cybercrimes committed by intruders are shown below
(fig.1) [3].
Considering the above the question was formulated: Is information security a component of reliability?", for this purpose, international standards in the field of reliability in engineering were analyzed.
According to GOST 27.002-89 ("Industrial product dependability. General concepts. Terms and definitions») and GOST R 53480-2009 term reliability, this is the property of an object to keep in time within the established limits the values of all parameters that characterize the ability to perform the required functions in the specified modes and conditions of use.
160 -
140 -
120 -
3 100 -
.E
С 01
■5 80 -
С с
I 60 -
40
20 -
0 в-
2004 2006
Fig.1. Count cybercrimes in industrial (Positive Technologies report, 2020)
In the note according to GOST 27.002-89 for the term reliability it is written: "Reliability is a complex property that, depending on the purpose of the object and its
2008 2010 2012 2014 2016 2018 2020 2022
Year
«Инновационные аспекты развития науки и техники» application conditions, may include reliability, durability, maintainability and persistence, or certain combinations of these properties."
The most appropriate component to the term information security is reliability, which is probabilistic in nature. According to GOST 27.002-89 the term reliability, it is - with object continuously maintain a healthy state for some time or practices, and the term functional as it is state of the object in which the values of all the parameters characterizing the ability to perform specified functions, comply with the requirements of normative-technical and (or) design documentation.
Having considered the basic terms and terminology indirectly related to reliability and dependability: a healthy state, the state of functioning, various derived from the term failure, error, malfunction of equipment, anywhere not mentioned, that the possible reasons is a violation of information security and. An investigation into the accident in the Iranian center for uranium enrichment, which led to the disruption of over 1,000 centrifuges showed that the virus was trying to mimic under maintenance error [3].
The analysis of international standards, related to reliability in the technique of direct correlation of the terms reliability and information security also showed their absence, only the presence of an indirect relationship.
It was decided to approach the study of this issue from a different angle, from studying regulatory documents on information security.
A number of documents were reviewed, such as:
system standards ANSI/ISA-99;
family of standards ISA/IEC 62443 by 2019 years «Industrial Automation and Control Systems Security»;
guidance NIST SP 800-82 «Guide to Industrial Control Systems Security» и NIST SP 800-53 «Security and Privacy Controls for Federal Information Systems and Organizations»;
rule FSTEK №31 by 2014 years «... Requirements for information protection in ICS ...».
VII Международная научно-практическая конференция
After analyzing these regulatory documents, it was also found that there is no clear relation between reliability and information security. The main thesis is that a security breach can lead to a malfunction of the automated process control system and the entire production as a whole.
By studying this issue, you can formulate the following issues in the relationship between information security and reliability:
In regulatory documents, including international ones, there is no direct relationship between the terms reliability and information security, only an indirect one, through the term "security", and then only under certain conditions.
A new "dimension" has been added to the reasons for failures and, accordingly, the reliability of the ICS TP as a whole - cyber incidents related to attacks by intruders on industrial facilities.
The majority of ICS TP are most often designed in conditions of minimizing financial and personnel costs, and therefore, information security issues are practically not addressed.
Often, organizations that design and operate automated process control systems refer to the requirements of regulators to isolate the technological segment from other segments of the enterprise and believe that this is where information security problems end and are not applicable to the reliability of a complex system.
Conclusion
The growing segment of commercial security tools for industrial networks and the increased attention of intruders indicate the need to take information security into account in the reliability of industrial systems. As an approach for improving the reliability of ICS TP, it is proposed to take into account statistics of vulnerabilities for individual elements of industrial automation and a generalized model and vectors of threats from an attacker to information security objects of critical infrastructures. The approach in the future is proposed to be implemented on the basis of production models, considering logical and probabilistic methods.
«Инновационные аспекты развития науки и техники»
References:
1. Reliability of technical systems and technogenic risk: a textbook / R. A. Shubin. - Tambov: Publishing House of FSBEI HPE "TSTU", 2012. - 80 p. - 50 copies. - ISBN 978-5-8265-1086-5.
2. Actual cybersecurity: II quarter of 2020 year [Actual cyber threats: II quarter of 2020]. URL: https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2020-q2. (accessed: 21.04.2021).
3. Analysis of the Stuxnet code, abbreviated translation into Russian of the Symantec report: Nicolas Falliere, Liam O Murchu, and Eric Chien (Symantec), W.32.Stuxnet Dossier, Ver 1.4 (February 2011). URL: https://www.webcitation.org/ 67wuz2e1s. (accessed: 21.04.2021).
