CAJ | 학술논문

近期披露的信息安全事件表明，工控系统已经成为国外信息安全攻击的主要目标，必须加强工控系统的信息安全防护。工控系统与办公系统不同，系统中使用智能设备、嵌入式操作系统和各种专用协议，尤其是智能设备具有集成度高、行业性强、内核不对外开放、数据交互接口无法进行技术管控等特点，工控系统的安全风险评估方法、标准还在不断探索中。本文介绍工控设备安全保密风险评估模型和评估流程，以数控设备840D为例，进行工控设备的安全保密风险评估，围绕工控设备全生命周期给出了安全保密防护和检测的建议。
근기피로적신식안전사건표명，공공계통이경성위국외신식안전공격적주요목표，필수가강공공계통적신식안전방호。공공계통여판공계통불동，계통중사용지능설비、감입식조작계통화각충전용협의，우기시지능설비구유집성도고、행업성강、내핵불대외개방、수거교호접구무법진행기술관공등특점，공공계통적안전풍험평고방법、표준환재불단탐색중。본문개소공공설비안전보밀풍험평고모형화평고류정，이수공설비840D위례，진행공공설비적안전보밀풍험평고，위요공공설비전생명주기급출료안전보밀방호화검측적건의。
Security information incidents occur recently shows, industrial system has become the main target of foreign information security at acks, safety protection for industrial control system must be strengthen. Industrial control system, is not of ice system, it has many intel igent devices、embedded operating system with various special protocols, especial y intel igent equipments which has more high integration、specialty-industry, private kernel and lack ef icient control technology for data interface, security risk assessment method and standard for industrial control system has not informed. In this paper, security confidential risk assessment model and process for industrial equipment is proposed. For 840D industrial system, security risk assessment method is given to assess the ful life of 840D.Last,some safety protections for confidential security is advised to adopted to protect industrial system.