"Take your time" to achieve power system safety management and control
With the deep integration of emerging information technologies such as the Internet of Things, 5G, big data, artificial intelligence, and industrial control systems. The production system of the energy industry is becoming more and more complex. The demand for network information sharing and business collaboration of enterprise industrial control systems is gradually increasing, and the level of intelligence and automation of industrial production is gradually improving. The cloud migration of industrial control equipment and industrial control systems has accelerated the transmission of network security risks. The network attack surface continues to expand from the border to the core, making the network security of industrial control systems face more severe tests.
1. Crisis in the energy industry
The energy industry (petroleum, electricity, coal, etc.) has become an important target for Internet attacks and cyber warfare. Cyber attacks against power systems are becoming more and more frequent, and attack weapons are becoming more and more concealed. Once attacked, it may cause a series of physical damage, leading to system paralysis, equipment damage, even casualties and other major hazards. The power industry has naturally become an important target of attacks. For example, the Iran Stuxnet virus incident, the Ukrainian power attack incident, and the Venezuela power system attack incident all show that when is conducting a national-level confrontation, Nengwen will never use force first. Network attacks are of course the only choice, and electric power It is the first choice target to fight against the era of network security attacks, so the security protection of the power system is extremely important.
At present, the production control area and management information area of electric power enterprises have invested in a large number of security equipment in accordance with the "Dedicated Horizontal Isolation and Vertical Authentication for Security Zone Networks" sixteen-character policy in accordance with Order No. 14 and Document No. 36. These equipment include forward and reverse Isolation devices, vertical encryption devices, regional boundary firewalls, etc. However, these devices are only passive defense ideas. The main improvement is the hard power, not the soft power of the enterprise's network security. Network security incidents mainly rely on security vendors. Model can no longer solve the network security problems faced in the current era of confrontation.
Therefore, power companies need to change their thinking and turn from passive to proactive, establish a network security talent team, carry out regular offensive and defensive drills and other work, use competition to promote training, use attack to promote defense, and improve the level of industrial control security capabilities of enterprises. All of these can be achieved by building an network shooting range with industry characteristics, taking the continuous operation idea as the main line, and integrating talent training, competitions, offensive and defensive drills, security testing and other work into it to enhance the soft power of corporate network security.
2. Power network shooting range construction plan
A certain electric power group customer is a group enterprise with energy generation, mining and metallurgy as its core industries, supplemented by diversified operations such as electrical and electrical, construction and installation, information and communications.
The group has developed diversified, and its investment and construction as well as its economic income have maintained rapid growth every year. However, in terms of network security, it still focuses on purchasing security products. Its own network security capabilities are relatively lagging behind, especially some of its subsidiaries. Set up network security positions. The leaders of the group also realized that blindly purchasing security products could no longer meet the company's current status. Based on these issues, needs to establish a digital shooting range with the characteristics of the electric power industry, and carry out multi-faceted network security work based on this.
In view of the group's industry characteristics and network security status, combined with the actual needs of network security, Saining Network Security proposed a set of electric power digital shooting range solution that is close to the real operating environment. Achieve multi-functional technical support from vulnerability detection and mining, attack penetration, threat analysis, attack and defense drills, emergency response network security solutions, to management system establishment, personnel training and other multi-functional technical support.
Saining Network Security believes that users’ need for a shooting range is a good entry point, but the product or solution is not a standard shelf product and requires multi-faceted running-in. The company has no experience in shooting range construction but knows the problems and needs it faces. Saining has the ability and project experience in shooting range construction. The first thing needs to do is to create sparks in the communication process and create solutions that users need and are in line with industry characteristics. Through multiple rounds of communication and exchanges, the overall power network range plan was determined, and construction was carried out in phases based on the project scale and actual capital investment. is used to build a network security training base, simulate the real system operating environment of the enterprise, and build a network security simulation training and attack and defense confrontation platform.
3. System solutions
Saining Industrial Control Network Range provides power customers with network security simulation training, offensive and defensive confrontation, industrial control network simulation and other applications. With the help of the shooting range platform, we provide network security talent technical training services, which can effectively improve the security skills of operation and maintenance personnel; provide ultra-realistic industrial control environment, industrial control environment simulation deduction and testing; carry out industrial control security attack and defense drills, system testing and verification and other solutions.
1, the training and teaching platform
simulates the network and system of a typical power plant and is a training platform for offensive and defensive exercises, vulnerability mining, attacks and security protection.
2. Simulated attack system
is a system used to display the attack effects, including the controlled equipment in the target business system and the software and hardware showing the attack path.
3. Protection verification system
is software and hardware used to monitor/protect network attacks against target business systems.
4. The enterprise capability display system
display system is composed of multimedia TVs. The multimedia overall covers the network security simulation training and offensive and defensive confrontation platform panorama, and comprehensively displays the network security simulation training and offensive and defensive confrontation platform content, raising the platform to a new height.
4. Customer value
1. Build a teaching base for cultivating applied talents.
helps enterprises cultivate high-skilled network security talents, conform to the path of industrial digital transformation, and break through the bottlenecks and difficulties of traditional security technologies. Through the study of the network security knowledge system and practical training on the shooting range, enterprise security personnel have successfully completed 54 offensive and defensive confrontation exercises, and during daily network security inspections, they have discovered, analyzed and solved more than 30 high-risk vulnerabilities in the network system. .
2. Build industry technology, information resources and training centers.
helps corporate customers give full play to the high-tech equipment functions of the training base. It has open features and provides enterprises with many service functions such as skill identification, skill level assessment training, and project research.
3. Build a multi-functional base that combines teaching, scientific research and production.
has effectively leveraged its human, financial and material advantages. has recently carried out the development of 10 new products for the company and participated in the completion of multiple new technical service tests. At the same time, it cooperates with enterprise engineering and technical personnel to research, develop and solve problems encountered in the production process, which is of great help to the enterprise's digital technology transformation.
Saining Network Security has conducted in-depth research in the field of industrial control security. Based on the requirements of Classification Protection 2.0 and Cyber Security Law and other policy guidance, it builds industrial control security service systems for customers such as network security inspection and assessment, vulnerability mining, penetration testing , and security training. Effectively ensure the safe and stable operation of industrial enterprises.
