Critical Infrastructures (CIs) such as power grid, water and gas distribution are controlled by Industrial Control Systems (ICS). Sensors and actuators of a physical plant are managed by the ICS. Data and commands transmitted over the network from the Programmable Logic Controllers (PLCs) are saved and parsed within the Historian. Generally, this architecture guarantees to check for any process anomalies that may occur due to component failures and cyber attacks. The other use of this data allows activities such as forensic analysis. To secure the network is also crucial to protect the communication between devices. A cyber attack on the log devices could jeopardize any forensic analysis be it for maintenance, or discovering an attack trail. In this paper is proposed a strategy to secure plant operational data recorded in the Historian and data exchange in the network. An integrity checking mechanism, in combination with blockchain, is used to ensure data integrity. Data redundancy is achieved by applying an efficient replication mechanism and enables data recovery after an attack.
翻译:电网、水和气分配等关键基础设施由工业控制系统(ICS)控制。物理工厂的传感器和启动器由ICS管理。从程序可操作逻辑控制器(PLCs)通过网络传送的数据和指令被保存下来并在历史文献中进行分解。一般而言,这一结构保证检查因部件故障和网络攻击而可能产生的任何过程异常。这些数据的其他用途允许开展法医分析等活动。为了保护装置之间的通信,确保网络安全也至关重要。对日志装置的网络攻击可能危及任何法医分析,无论是用于维护还是发现攻击踪迹。本文提议了一项战略,以确保在Historian和网络中的数据交换中记录的工厂操作数据的安全。一个完整性检查机制,与块链相结合,用于确保数据的完整性。数据冗余是通过高效的复制机制实现的,并能在攻击后恢复数据。