With the continuous improvement of informatization and digitalization, Industrial Control System (ICS) and related systems, as the link that supports and connects information systems with the real world, are widely used in industrial production, finance, key infrastructure, and social activity support , medical shopping and other important areas related to the national economy and people's livelihood. However, due to the late start of my country's information technology, a large number of key components such as core equipment and basic software of industrial control systems use foreign products, resulting in a lack of independent innovation capabilities in industrial control systems. In recent years, attacks on industrial control systems have increased year by year, and industrial control systems are facing unprecedented information security challenges. In order to promote the construction of independent innovative industrial control security systems, Kirin Software teamed up with China Huian to jointly create , a joint industrial control security solution under the industrial Internet system. The
joint solution is guided by the Network Security Law , Level Protection 2.0 and related industry policies and regulations. It uses domestic hardware equipped with the Galaxy Kirin advanced server operating system V10 to give full play to the advantages of the operating system and provide independent, safe and trustworthy solutions for upper-level industrial control security applications. High-performance system operating environment. Industrial control security applications use cutting-edge technologies such as big data analysis and security perception to deeply identify the assets, risks and vulnerabilities of industrial control systems, and achieve effective management and control of industrial control assets, network attacks, system vulnerabilities, mobile storage management, operation and maintenance management , improve the security performance of industrial control systems, and build a comprehensive production control system information security protection system. The solution can not only help enterprises achieve security compliance and control risks, but also provide enterprises with a full range of independent and trusted information security service capabilities to reduce security risks caused by uncontrollable factors. The
solution uses domestic hardware equipped with the Galaxy Kirin operating system, combined with security management software such as industrial firewalls, industrial control security monitoring and analysis management platforms, and industrial control operation and maintenance audit systems. It can be applied to network boundary security protection and industrial control host security protection reinforcement scenarios, and security detection With security audit scenarios, centralized security management scenarios and other production environments. The security probes composed of the industrial control security monitoring analysis management platform and other security equipment included in the industrial control system security protection system have achieved 100% functional migration on the Galaxy Kirin advanced server operating system V10. The monitoring analysis management platform can achieve multiple functions. It can meet the needs of log collection and centralized management and control of up to 2,000 nodes, and can manage more than 6,000 industrial control assets online. At the same time, the number of logs stored can reach more than 50 million, fully meeting the security log storage needs of general enterprises for more than 6 months. This solution has been safely verified in production control systems in multiple industries.
Network boundary security protection and industrial control host security protection reinforcement scenario
In the production control system system of various industries, the production network control area, as the core area, is extremely vulnerable to network security threats in other areas, and tampering with industrial control instructions through the network layer will directly lead to Major production safety accidents, , and industrial control terminals also have problems such as file accidental killing and virus infection. For this type of scenario, the industrial security isolation switching system is used to help strengthen the security isolation capabilities between large areas of the enterprise's production network; the industrial firewall equipment is used to strengthen the in-depth analysis and access control capabilities of industrial protocols of the industrial control system; the industrial control host reinforcement software is used to Strengthen the active defense capabilities of industrial control host security.
Safety detection and safety audit scenario
In the protection system of the production control system, safety monitoring and safety audit are necessary functions to prevent and limit industrial control safety incidents.The industrial network monitoring and auditing system and industrial control database audit system provided in the plan can help enterprises prevent, monitor and track some industrial control security incidents beforehand, and strengthen the auditing capabilities of industrial control network traffic and database operation behaviors; industrial control intrusion The detection system can promptly detect various attack attempts and attack behaviors on the production network and trace the source of the attacks, improving the ability to prevent intrusions and malicious codes; while the industrial control vulnerability scanning system can immediately discover the internal vulnerabilities of the industrial control system and detect Identify system vulnerabilities and focus on preventing them to improve the ability to detect and exploit industrial control system vulnerabilities.
Centralized security management scenario
In order to simplify the enterprise's industrial control security management model, reduce security operation and maintenance costs and risks, improve the enterprise's overall security prevention capabilities for industrial control systems, and provide managers with a basis for safety decision-making, the solution provides industrial control monitoring Analysis platform, industrial information security log platform and industrial control operation and maintenance audit system. It helps enterprises strengthen the unified management and control capabilities of security equipment and assets, improves the collection and analysis capabilities of various logs within industrial networks, and realizes unified and centralized security operation and maintenance management of industrial control hosts, application systems, network equipment, and security equipment.
Successful case
In a power plant production control system industrial control security transformation project, we helped the customer design an industrial control security system transformation plan for the power production control system based on this solution without changing the original network architecture. Based on asset security, from a global perspective, we will improve the ability of production areas in the enterprise's power generation production process to detect and identify security threats, block attacks, and respond to emergencies, and reduce security risks caused by uncontrollable factors.
In a cigarette factory production control system industrial control safety construction project, a production control system industrial control safety protection system was built for the customer based on this solution. On the basis of completing the inspection of industrial control assets and network combing of the industrial control systems of the four major workshops of silk making, winding, kinetic energy, and logistics, we carried out effective differentiated and refined protection for various industrial control information assets of the enterprise, and established a network security posture Comprehensive defense system for perception and threat intelligence capabilities.
In a certain urban rail transit industrial control safety construction project, on the basis of fully analyzing the characteristics and needs of rail transit systems such as CBTC, ISCS, AFC, etc., based on this solution, a system was constructed from boundary protection, traffic monitoring, terminal security, comprehensive supervision to enterprise self-management. The endogenous security in-depth defense system of self-testing eliminates the vacuum of security collaboration and creates an integrated defense platform between the control center, depots and centralized stations.
After implementation in many industries, the production control system industrial control security solution based on Galaxy Kirin operating system can realize unified monitoring of industrial control systems. Through cutting-edge technologies such as big data analysis and early warning, situational security awareness, etc., it can achieve zero trust The security architecture senses abnormal attack behaviors, predicts the security situation of the industrial control system in the production area in advance, locates risk points and fault points in a timely manner, improves the efficiency of maintenance work, reduces time, manpower, and economic costs, and improves the core competitiveness of the enterprise.
