In 2010, seismic network virus infected more than 45,000 networks worldwide; in 2016, nearly 1,000 construction machinery and equipment of Sany Heavy Industries were unlocked and damaged illegally, with direct economic losses exceeding 30 million yuan; in 2018, Wannacry variant invaded Taiji Power Station, which is expected to cause economic losses of 1.74 billion yuan.
With the rapid development of integration of industrialization and Internet of Things, the risk points of industrial control system are gradually increasing, and the impact of information security on business system is also increasing. Faced with the increasingly severe situation of industrial control security, Greenland Science and Technology recently issued the "Framework of Information Security Guarantee for Industrial Control Systems 2019". It is a major challenge in the field of industrial control information security to establish a comprehensive information security guarantee system for industrial control, reduce the internal and external threats faced by industrial control systems, and escort the deep integration of industrialization and industrial transformation and upgrading.
Network Security Problem Enters an Outbreak Period
According to the survey, about 80% of the enterprises in China never upgrade and repair the industrial control system; 52% of the industrial control system is connected to the enterprise's management system, intranet or even Internet; in addition, some foreign industrial control products with loopholes are still used in important domestic devices.
& The more serious problem is that we lack the means to find the source of risk and the necessary technology and method to control risk. & In recent years, more and more assets have been exposed to industrial control systems, said Wang Xiaopeng, director of Greenland Technology ICS product management team. In the case of external networking, industrial control systems are easy to be detected by the outside, and then asset identification assets can be controlled. Especially, more and more industrial control systems and equipment are connected to the Internet, which will expose more potential security risks. According to Kaspersky statistics, in the first half of 2017, 20.6% of ICS computer threats originated from the Internet, which reached 27.3% in the first half of 2018. These industrial control devices exposed to the Internet are all potential channels for attackers to infect the industrial control network. If some of the industrial control devices have their own unmended vulnerabilities, and some of the software and hardware vulnerabilities of industrial control systems are shared and disclosed online, the vulnerabilities of the devices will most likely become the first choice for attackers to invade. The maintenance and testing cycle of industrial control manufacturers is generally longer, and the vulnerability repair is not timely. Sometimes the vulnerability is released one year later. Sometimes, because patches can not be installed in time, the loopholes of industrial control equipment have not been repaired in time and lack of effective means of loophole management. HMI, DCS and PLC all need to run the operating system and execute related software, which makes these three devices vulnerable areas.
In the field of petroleum and petrochemical industry, the importance of industrial control safety has been paid more and more attention. For example, the oil field industrial control network covers the wellhead, station storehouse, pipeline and other facilities of the oil field production site. It is used for real-time acquisition of production data and remote control and automatic control. Many devices are deployed in the field and are vulnerable to external attacks by means of optical cable, wireless and other networking modes.
Industrial Control Safety Calls for Technological Innovation
Different from the traditional IT information system, the industrial control system emphasizes the degree of industrial automation and the ability of intelligent control, monitoring and management of related equipment. Wu Zijian, a security researcher at the Greenland Science and Technology Innovation Center, said that in terms of product distribution, the domestic understanding of industrial control safety products has gradually shifted from the development of industrial control security gateway products based on border protection to the development and migration of industrial control safety products providing the whole life cycle security of industrial control systems. At present, the mainstream industrial control and safety products mainly cover detection products, protection products, monitoring and early warning products.
& ldquo; The products originally developed by enterprises with the background of information security still inherit the characteristics of the configuration and application of the original information security products, and lack of integration with the practical industrial field application habits, resulting in certain obstacles to the use of field personnel. The industrial control security products developed by enterprises with industrial background have great advantages in product form and usability, but there are still big problems in understanding the basic functions of information security and matching rules of attack protection. & According to Wu Zijian, the industrial information security technology based on the integration of actual business characteristics and information security technology characteristics can meet the needs of business operation guarantee, meet the characteristics of the actual industrial environment, and truly meet the security requirements of industrial control systems. Especially, the original industrial control safety system, which takes border isolation and border protection as the main technical measures, has gradually developed towards the direction of business-related and integration. In the new application forms such as industrial cloud and industrial big data, industrial control safety products need to break through the characteristics of existing products in function and application form in order to better adapt to the needs of new applications.
Greenland Science and Technology proposed that the current industrial control safety products are still in the product phase of the 1.0 version of the era, which is highly relevant to business applications. The current industrial control security products are reflected in the lack of integration with the business, weak in the depth of detection and business-related attacks, lack of innovative security detection ideas, protection ideas are often lack of real effective methods. On the other hand, with the popularization of new applications in the industrial field, such as industrial cloud and industrial big data, the industrial control industry will also undergo some changes. At present, the integration of industrial control information security technology has not been fully developed, and a breakthrough in the technical direction and application is needed.
Building an Integrated Management and Control System
Large-scale deployment and application of industrial control security needs a period of time. It is a major trend that pilot projects lead to safety landing gradually.
Wang Xiaopeng said: & ldquo; The construction of industrial control information security guarantee framework needs to fully take into account the relevant norms and requirements of the country and industry, and combine the business needs of enterprises with the characteristics of their own operation to achieve the combination of technology and management, and gradually improve the safety protection of industrial control systems, so as to make the safety protection of industrial control systems from the deployment of security strategies to the deployment of security capabilities. Transfer to gradually realize the safety technology capability and safety management capabilityIt will gradually cover all aspects of the system, such as system on-line, system operation, system maintenance, system maintenance, and so on, so as to realize the integration of management, control and prevention. ”
In addition, the construction of industrial control security needs to consider compliance, but also consider the business life cycle. From the security requirements in the system development stage to the emergency disposal during the safety detection and operation before going online, to the elimination of the potential safety hazards during the downtime and maintenance, we need to integrate the security factors into the actual business.
& ldquo; We see that in the trend of industrial information transformation and extensive interconnection, the convenience and cost advantages of interconnection will gradually break the closed mode of the original industrial system, and the new business application form will bring new security risks, such as cloud-side security risks, edge-side security risks and plant-level security risks. & According to Wang Xiaopeng, from a future perspective, industrial information security is bound to be a comprehensive security, covering cloud security, border security, control security, data security and other fields. The value of security also needs to be reflected in the substantive role of promoting business, which also conforms to the attributes and characteristics of the industrial field.