Article Preview
Top1. Introduction
With the popularization of industrial Internet of Things and the development of industrial network intelligence (Tsuchiya et al., 2018), the operation and production mode of traditional industries—such as key manufacturing (Chen, 2020), chemical industry, electric power etc. (Alaba et al., 2017)—is gradually updating itself to be more intelligent and informational (Sasaki et al., 2022). Industrial Control System (ICS) is an asset control system used in industrial manufacturing that integrates computer equipment and industrial process control components. The ICS breaks down the notion of isolation inherent in traditional industry and external access (Kumar et al., 2022). The traditional industry did not take security, especially system security, as part of the main design criterion at the beginning (Mi et al., 2021). As the development of ICS networking and information technology (Cruz et al., 2016) are developing, many security protection measures created by network isolation are increasingly being connected to the network, which may create the risk of exposing ICS security vulnerabilities to hackers (Babu et al., 2017), causing severe economic losses and negative social impact. Threats to asset security in ICS increase along with the level of asset complexity. ICS is involved in almost all aspects of industrial production (AlMedires et al., 2021), and any asset issue could affect the manufacturing and production businesses’ ability to continue operations (Zhang et al., 2021), thus causing risks that are out of control. Therefore, how to deal with the behavior of hackers and how to attribute the source of the hacker attacks are the difficulties of today’s research. Because of the natural inequality between attack and defense (Su et al., 2022), we must comprehend the asset type and its functions in ICS and take into account all potential threats and attacks in combination with security, so as to judge the impact of the attack on ICS, speculate the attack path of hackers, and ultimately anticipate and respond to hacks in a proactive manner.
Related researchers mainly use three ways to determine ICS security: intrusion detection, security assessment, and system configuration. Intrusion detection is mainly used to achieve prevention by detecting network attacks to avoid being attacked. Bhamare et al. (2020) investigates the applicability of machine learning for anomaly and intrusion detection in ICS but does not take into account the impact on the entire ICS when it is attacked. Security assessment focuses on evaluating system vulnerability prioritization and thus satisfying system security. Qassim et al. (2019) examines the entire network system to ensure system security by identifying a vulnerability assessment methodology in ICS that ensures system security only in terms of vulnerabilities. System configuration focuses on configuring the system for security. AlgoSec (2018) focuses on evaluating cybersecurity policies related to cloud access and implementing them where necessary. This approach focuses more on local security policies. None of the above three approaches consider the impact of a cyberattack on the ICS, and do not consider the diversity of system impacts after being attacked.
In the ICS, the ever-changing ecological environment (Zhang et al., 2019) makes attackers feel in their element. For example, manufacturers often update their software systems for the convenience purpose of users and human-computer interaction ability, but these operations may lead to new vulnerabilities (Knapp et al., 2014), especially those that lack security considerations when considering the initial design (Kriaa et al., 2015). Moreover, the attacker’s method and routes are constantly updated, while the defender cannot keep abreast of the latest attack technology and vulnerability information. Therefore, simple intrusion detection, attack attribution and attack prediction cannot perfectly analyze the attack behavior. We need to design a new method to detect and analyze the complex ecological environment of the ICS in time to enhance our knowledge of the threat attack.