발전소 주제어시스템 모의해킹을 통한 취약점 분석 및 침해사고 대응기법 연구

Abstract

ABSTRACT DCS (Distributed Control System), the main control system of po wer plants, is an automated system for enhancing operational efficiency by monitoring, tuning and real-time operation. DCS i s becoming more intelligent and open systems as Information technology are evolving. In addition, there are a large amount of investment to enable proactive facility management, maintenance and risk management through the predictive diagnostics. However, new upcoming weaponized malware, such as Stuxnet desig ned for disrupting industrial control system(ICS), become new threat to the main control system of the power plant. Even though these systems are not connected with any other outside network. The main control systems used in the power plant usual ly have been used for more than 10 years. Also, this system requires the extremely high availability (rapid recovery and lo w failure frequency). Therefore, installing updates including security patches is not easy. Even more, in some cases, installing security updates can break the warranty by the vendor's pol icy. If DCS is exposed a potential vulnerability, serious concerns a re to be expected. In this paper, we conduct the penetration te st by using NESSUS, a general-purpose vulnerability scanner under the simulated environment configured with the Ovation version 1.5. From this result, we suggest a log analysis method to dete ct the security infringement and react the incident effectively.Keyword : DCS security, log analysis, vulnerability analysis, penetrat ion test, incident response접수일(2013년 6월 12일), 수정일(2013년 12월 9일) 게재 확정일(2013년 12월 17일) * 본 연구는 고려대학교 정보보호대학원 석사학위 논문임.†주저자, sunyujin@koreatech.ac.kr‡교신저자, sangjin@koreatech.ac.kr (Corresponding author)