산업제어시스템 통합에 따른 안전계장 시스템 사이버 보안 취약점 평가 및 대응방안 연구

Abstract

Although the Safety Instrumented System has been operated independently among industrial control systems for a long time, recently the industrial control system has been released as an integrated Distributed Control System based on an open platform because it is more cost-effective simplified and enhanced approach for advanced functional safety however it could be vulnerable to cybersecurity sector. Without considering of cybersecurity, the SIS has no guarantee its secured from cyberattacks. The discovery of the TRITON melware, which is targeting the SIS in 2017, is emphasized in the connection between the SIS and the DCS. Considering these issues the IEC Standard 61511 Second Edition which guarantees the functional safety of industrial processes updated new explicit requirement to conduct a security risk assessment. This study aims to investigate whether the Safety Instrumentation System (SIS), which has long been independently classified in the industrial control system considered irrelevant to cybersecurity problems, has become an appropriate cybersecurity design due to connection with the DCS, and to present vulnerability measures. For this study four domestic oil refineries and six petrochemical NCC plants were selected to analyze security design and weaknesses. As a result of all of plants were vulnerable to cybersecurity vulnerability therefore, the SIS is needed to be included appropriate design and assessment as part of the enhancement process.