Field of the Invention
The present invention relates to an evaluation system.
Description of the Related Art
Control systems used for social infrastructure such as electricity, railways, water, and gas, as well as for automobiles are required to operate equipment, such as valves and actuators, based on information from sensors and maintain the pressure and temperature set in advance. In order to achieve this operation, it is necessary to periodically obtain information from sensors, check the state, and control actuators as needed.
For this reason, control systems usually perform processing at regular intervals, so that each process performed by each device within a system is required to be completed in one cycle. When a new process and equipment is added or a setting change is made to the current control system configured as described above, the processing time should be completed within one cycle without affecting the normal operation of the control system.
Meanwhile, the existing control system uses a dedicated operating system (OS) and a dedicated protocol and is placed in an area isolated from access from the external network such as the Internet. For this reason, the control system has been considered to be nothing to do with cyber attacks such as so called malware and Denial of Service (DoS) attacks.
However, along with an increase in the use of general-purpose OS and general-purpose protocol for a reduction in costs, the connection to information systems has been accelerated for an increase in efficiency. At the same time, malware that target control systems have been detected in recent years. Thus, it is necessary to develop a technology to prevent threats such as a malware infection and unauthorized access from outside, also in the control system as in the information system.
In addition, such attacks are evolving each day and it is necessary to periodically update the filtering policy of communication packets used in the firewall or other filtering device in order to prevent and detect new attacks.
To address the requirements described above, Patent Document 1 (WO 2004/062216) discloses a technique for evaluating the validity of a filtering policy by creating a simulation environment in which the target system is simulated in advance, and by transmitting and receiving communication packets between the simulation environment and a filtering device.
The use of the technique disclosed in Patent Document 1 enables evaluation of the validity of a filtering policy in an environment available to a simulation. However, there are various configurations for the control system according to the application and environment to be used. Also, the customer may change the operation environment and configuration after the delivery of the system by the system vendor. Thus, it is difficult to rebuild the local environment by the use of the simulation environment.
Further, if the actual environment is used as it is, the usual operation of the control system may be affected, making it difficult to complete the evaluation before the filtering policy is applied to the real environment.
The present invention has been made in view of the above circumstances, and it is an object of the present invention to provide a system that evaluates the validity of a new filtering policy in such a way that the real environment of the new system can be used without affecting the usual operation.