隨著工業控制系統的應用範圍由封閉式以本地為範圍的工業環境擴展到與資訊網路相連的開放式長距離的各類智慧化環境的運作,安全機制的不足使得工業控制系的網路成為駭客攻擊的另一種目標,如何整合智慧化環境特性資訊以及由偵測網路安全事件的系統所提供的資訊即時評估各項網路安全事件對智慧化環境的風險,是維護智慧化環境安全運作的重要議題。在本研究中,我們提出一種風險評估的方法,考量資產設備的損害程度、威脅的緊急程度及弱點的嚴重性,建立安全風險評估平台,將偵測到的網路安全事件的風險數值化,讓管理者能夠即時注意到環境中需要被關注的風險事件。我們將方法實作於開源的資安事件管理平台,並以模擬的智慧化環境及相關的攻擊情境進行測試,驗證風險評估方法可行性。
With the use of industrial control system expanding from closed and localized industrial operation environment to open and distant smart application environment, it becomes another security attack target due to insufficient security mechanism available. It is important to develop a risk assessment method which can provide immediate quantitative risk evaluation result based on the characteristics of the environment in concern and security events detected in real time. In this study, we proposed a quantitative risk assessment measure using the damage degree of the impacts, the urgency of the threats and the severity of the vulnerabilities as the constituents. We developed a procedure to establish a risk assessment mechanism for an ICS system. With the risk assessment mechanism, administrators of ICS systems will be able to identify whether there is security risk in the system when a security event is detected.