回头看丨2018年能源行业十大工控网络安全问题大盘点

时间：2024-05-08 作者：来源：浏览：分类：行业动态

工业控制系统在带来便利的同时，其网络安全面临设备高危漏洞、外国设备后门、APT、病毒、无线技术应用带来的威胁及风险将越来越大。

上一篇：2020福布斯中国30岁以下精英榜单发布：入选者最小年龄17岁

下一篇：大公司头条：去哪儿、美图秀秀等 91 款应用被中消协指责过度收集用户信息；拜耳计划裁员 1.2 万人，并出售动物保健部门等业务；Steam 中国落户上海浦东，中国用户不确认能否访问国外商店

gongyekongzhixitongshidianli、jiaotong、nengyuan、shuili、yejin、hangkonghangtiandengguojiazhongyaojichusheshide“danao”he“zhongshushenjing”，chaoguo80%deshejiguojiaminshengdeguanjianjichusheshiyikaogongyekongzhixitongshixianzidonghuazuoye。gongyekongzhixitongzaidailaibianlidetongshi，qiwangluoanquanmianlinshebeigaoweiloudong、waiguoshebeihoumen、apt、bingdu、wuxianjishuyingyongdailaideweixiejifengxianjiangyuelaiyueda。

2018年能源行业五大工控网络安全事件

俄黑客对美国核电站和供水设施攻击事件

2018nian3yue，meiguojisuanjiyingjizhunbeixiaozufabuleyizeanquantonggaota18-074a，xiangximiaoshuleeluosiheikezhenduimeiguomoufadianchangdewangluogongjishijian。

tonggaochengeheikezuzhitongguo（1）shoujimubiaoxiangguandehulianwangxinxiheshiyongdekaiyuanxitongdeyuandaima；（2）daoyonghefazhanghaofasongyuchashidiaoyudianziyoujian；（3）zaishouxinrenwangzhancharujavascriphuophpdaimajinxingshuikenggongji；（4）liyongdiaoyuyoujianheshuikenggongjishoujiyonghudenglupingzhengxinxi；（5）goujianjiyucaozuoxitonghegongyekongzhixitongdegongjidaimafaqigongji。

bencigongjidezhuyaomudeshiyishoujiqingbaoweizhu，gongjizhezhiruleshoujixinxidechengxu，gaichengxubuhuopingmujietu，jiluyouguanjisuanjidexiangxixinxi，bingzaigaijisuanjishangbaocunyouguanyonghuzhanghudexinxi。cianquanshijiangaojiewomen：jiaqiangyuangonganquanyishijiaoyuheguanlishishifenbiyaode，rumimadingqigenghuanqiebufuyong，anzhuangfangbingduruanjianbingquebaojishigengxindeng。

中东石油和天然气行业频繁受到网络攻击

zi2017nian3yuezhijin，jin3/4dezhongdongshiyouhetianranqigongyezuzhijinglileanquanweihai，daozhiqijimishujuhuocaozuojishuzhongduan，zaizhongdongshoudaodesuoyouwangluogongjizhongshiyouhetianranqixingyezhanjuleyibandebili。

zuiyanzhongdeyicigongjishijianfashengzai2017nian8yue，shatealabodeyijiashiyougongchangshiyongdetriconexanquankongzhiqixitongzhongcunzailoudong，eyiruanjianshituliyongloudongpohuaishebeibingqituyiciyinfabaozhacuihuizhenggegongchang，danyouyueyidaimaxierucunzaiquexian，weinengyinfabaozha。cianquanshijiangaojiewomen：duiyugongyekongzhixitongyaojishijinxinggengxin，xiufuanquanloudong。

美国天然气公司被攻击导致交易系统关闭

2018nian4yue2ri，meiguonengyuangongsienergy services groupdetianranqiguandaokehujiaoyixitongshoudaowangluogongji，zaochengxitongguanbishuxiaoshi，wanxingdeshicicigongjizhuyaoyingxiangdeshikehuzhangdanxinxi，bingweiduitianranqiliuliangzaochengyingxiang。tianranqiguandaokehujiaoyixitongyongyubangzhuguandaoyunyingshangjiakuaigenzonghediaodutianranqiliuliang，cixitongbeiguanbikenengdaozhitianranqiliulianggongyingyichang。

乌克兰能源部网站遭黑客攻击要求支付赎金解锁

2018nian4yue24ri，wukelannengyuanhemeitangongyebuwangzhanzaoheikegongji，wangzhantanhuan，zhujizhongwenjianbeijiami，zhuyeliuxiayaoqiuzhifubitebishujindeyingwenxinxi，yicihuanqujiesuowenjian。jingguowukelanwangluojingchabumendiaocha，nengyuanhemeitangongyebuwangzhanshoudaogongjishiyiqigulishijian，bugouchengdaguimowangluogongji。wukelanzhengfudeqitabumenhejigouwangzhanmeiyouzaoyuleisizhuangkuang。

印度电力公司遭勒索攻击，大量客户计费数据被窃取锁定

2018nian3yue21ri，yinduuttar haryana bijli vitran nigam（jiancheng uhbvn）dianligongsidewangluoxitongzaodaolenimingheikezuzhiruqin，heikezaihuoquqijisuanjixitongfangwenquanxianhou，jinyibuqinrujifeixitongbingqiequhesuodingledaliangkehujifeishuju，tongshixianguhbvngongsilesuojiazhi1000wanlubu（yue15wanmeiyuan）debitebizuoweishujin。

juxi，uhbvngongsifuzehaliyanabang9dadiqudedianligongyinghefeiyongshouqu，kehushuliangchaoguo26wanming（baokuominyong、shangyonghegongyeyongdian），cicizaoheikeqiequdeshujushikehudexiaofeizhangdan，baokuodianfeijiaonajilu、weizhifufeiyongjikehudizhideng。uhbvngongsifayanrenbiaoshi，zaoheikeqiequdeshujukujinxinglejiamichuli，yinciyuzhixiangguandeshujubingbuhuizaodaoxielu；ciwai，gongsiyongyougaishujukudebeifenbingyiwanchengleshujuhuifu，buhuiyouyewuyincizhongduanhuozaoshousunshi。

2018年能源行业五大重大工控安全漏洞

罗克韦尔工控设备曝多项严重漏洞

2018nian3yue，siketalosanquanyanjiutuanduifawenzhichuluokeweierzidonghuagongside allen-bradley micrologix 1400xiliekebianchengluojikongzhiqi(plc)zhongcunzaiduoxiangyanzhonganquanloudong，zheixieloudongkeyonglaifaqijujuefuwugongji、cuangaishebeidepeizhihetixingluoji、xieruhuoshanchuneicunmokuaishangdeshujudeng。gaixiliekebianchengluojikongzhiqibeigeguanjianjichusheshibumenguangfanyunyongyugongyekongzhixitong（ics）dezhixingguochengkongzhi，yidanbeiliyongjianghuidaozhiyanzhongdesunhai。siketalostuanduijianyishiyongshouyingxiangshebeidezuzhijigoujianggujianshengjidaozuixinbanben，bingjinliangbimianjiangkongzhixitongshebeiyijixiangguanxitongzhijiebaoluzaihulianwangzhong。

思科网络设备爆严重安全漏洞

2018nian3yue，sikegongsifabuleyigeyuanchengdaimazhixingyanzhongloudongtonggao（cve-2018-0171），tonggaoleqiwangluoshebeishangshiyongdeiosheios-xecaozuoxitongdesmart install client（yongyushebeijichajiyongpeizhihejingxiangguanligongneng）daimazhongcunzaiyichuhuanchongquyichuloudong。gongjizhewuxutongguoshenfenyanzhengjiukexiangyuanduansikeshebeide tcp 4786 duankoufasongjingxingouzaodeeyishujubaochufaloudong，congeryuanchengzhixingrenyiminglinghuodaozhishebeitingzhifuwu。

gailoudongxiangguandejishuxijieheyanzhengchengxuyijinggongkai，genjuguojiaxinxianquanloudonggongxiangpingtai（cnvd）fabudegonggaoxianshi，quanqiuyue14.3wantaishebeimianlinqianzaiweixie。eluosiheyilangliangguodewangluojichusheshijinriyizaodaoliyongciloudongdewangluogongji，jinerbojileliangguodeisp（hulianwangfuwutigongshang）、shujuzhongxinyijimouxiewangzhan，heikeliyonggailoudongjiangluyouqizhongzhiweimorenpeizhi，bingxiangshouhaizhexianshixinxi。muqian，sikeyifabugailoudongxiufubudingjixiangguanxiufuzhinan。

西门子继电保护设备曝高危漏洞

2018nian4yue，ics-cert（meiguogongkongxitongwangluoyingjixiangyingxiaozu）fabuanquantonggaochengshiyongen100yitaiwangtongxinmokuaihedigsi 4ruanjiandeximenzijidianbaohushebeisiprotec 4、siprotec compact、reyrollecunzaisangegaoweiloudong，kenenghuibeiheikeliyonglaigongjibiandianzhanheqitagongdiansheshi。

cileishebeiyongyukongzhihebaohubiandianzhanjiqitadianlijichusheshi，dangzheixieloudongbeichenggongliyongshi，gongjizhenenggoutongguofugaishebeipeizhixinxi、xiutanwangluoliuliangdengfangshihuoqushebeiguanliyuankouling，jierdaozhidianlishebeibaohugongnengzhongduan。

思科多款工控产品存在SAML身份验证系统漏洞

2018nian4yue，sikegongsifabuleyigeguanyusamlshenfenyanzhengxitongdeyanzhongloudongtonggao（cve-2018-0229）。gailoudongyunxuweijingshenfenyanzhengdeyuanchenggongjizhetongguoyunxingasa（zishiyinganquanshebeiruanjian）huoftd（weixiefangyuruanjian）laichuangjianweizaodeanyconnect（zhuomianyidongkehuduanruanjian）huihua， congerkaiqijinyibudewangluogongji。anyconnect、asa、ftddengjichutaojianbeiguangfanyingyongyusikedegongyeanquanshebei、gongyefanghuoqiangdengshebeizhong，yidanbeiliyongjianghuidaozhiyanzhongdewangluoanquanfengxian，sikeguanfangjianyiyonghutongguoshengjibudingfangshijinkuaiduishouyingxiangshebeijinxingxiufu。

Moxa工业安全路由器爆多项严重漏洞

2018nian4yue，siketalosanquanyanjiutuanduifaxianmoxagongsidegongyeluyouqiedr-810zhongcunzai17geanquanloudong，qizhongbaokuoduogeyingxiangwebfuwuqigongnengdeyanzhongminglingzhuruloudonghedaozhifuwuqibengkuidejujuefuwu(dos)loudong。edr-810shimoxagongsi2015nianfabudeyikuanjifanghuoqiang、jiaohuanjidengduogongnengyuyitidegongyejiduoduankouanquanluyouqi，beiguangfanyingyongyugongyekongzhixitongzhong。zheixiefaxiandeloudongyizaimoxa edr-810 v4.1 build 17030317zhongdedaoqueren，qizaoqibanbendechanpinyekenengshoudaoleyingxiang。muqian，zhenduizheixieloudong，moxagongsiyijingfabulexinbangujianyijixiangguanxiufuzhinan。

谁在引领中国制造？

为了回答这一问题，亿欧将在2019年6月的上海，于2019全球新经济年会期间举办制造新动能峰会，讨论中国制造创新的未来推动力。在这里，你会看到国内外大型制造业企业的观点经验、新技术与制造业间的对话沟通、不同维度先进制造参与者的思维碰撞。

yiouxinzhizaopindao，zhilichengweilianjiegongyezhizaolingyuhexinjishufunengliliangdeyizuoqiaoliang。

峰会报名链接：

//www.iyiou.com/post/ad/id/808