Devices such as PLCs (Programmable Logic Controllers), RTUs (Remote Terminal Units), and others, network equipments such as switches, routers, and others, several control facilities such as HMIs (Human Machine Interfaces), server and others are used in order to control and operate industrial facilities. These control facilities and equipments show a tendency to digitize and liberalize.
On the other hand, in recent years, the advanced persistent threat with the aim of industrial control systems has become a serious problem and a large scale of physical disaster by a cyber terrorism is likely to happen.
In addition, operating systems and communication protocols that are used in the industrial control system are tending towards the use of public operating systems and standard protocols, which results in providing an attacker with a lot of information about the behavior of the industrial control systems and networks.
Based on the information, the attacker could infiltrate the industrial control systems, change commands or critical values, illegally harms the equipments, cut transmission lines to cause the industrial control systems to malfunction or disable. Such representative attacks may include a Stuxnet aiming at the industrial facilities.
For the reason as set for the above, in recent years, security products for the protection of the industrial control systems, such as firewalls, intrusion detection systems have been developed and spread widely, and most of these security products are installed on an edge area to an external network to perform a guard security response.
As described above, since the security products perform the guard security response, they are vulnerable issues arisen from internal infrastructures, and an effective response is not conducted in a situation where infiltration paths inclusive of insider threats are more diverse.