Method and device suitable for security protection and security audit of various DCS production control systems

Abstract

The invention relates to computer software, hardware and wireless communication technologies, particularly to a method and device suitable for security protection and security audit of various DCS production control systems. The method and device provide functions of DCS picture monitoring, operating recording, event backtracking, identity authentication, authority control, security data exchange, operation management optimization, can form a production control system information security integrated solution together with conventional information security products such as a firewall and network security audit, and all or part of modules of the method and device are suitable for security protection of industrial production control fields such as power grid and petrochemistry. The method and device is independent of a DCS host, does not install any software plug-ins, and has no influence on DCS production control quality and reliability; and the method and device in the invention innovatively adopts an I/O device tandem connection method to collect and control behavior data of the DCS, realizes security protection and security audit of the DCS, and filling up the blank of DCS security protection and audit products in the domestic market.

Description

Technical field [0001] The invention relates to information security, digital signature, computer software, hardware and network communication technology, in particular to a method and device suitable for security protection and security auditing of various DCS production control systems. Background technique [0002] Various DCS production control systems have the characteristics of capital-intensive and technology-intensive. Taking power generation companies as an example, the cost of a 1000MW thermal power generating unit is about 5 billion yuan. An enterprise generally has one or several generating units to form A certain scale of production capacity transmits power to the grid; power generation equipment deeply relies on automatic control, and the main control adopts a unit unit distributed DCS production control system, and one unit is equipped with a main control DCS and several sets of auxiliary control systems. The DCS production control system is similar to the nerve ce...

AI Technical Summary

Problems solved by technology

[0003] However, under the dual pressure of economic responsibility and social responsibility, traditional DCS manufacturers and power generation companies choose to sacrifice the security protection capabilities of the system and concentrate on improving the control quality and reliability of the system, resulting in the current DCS production system security of power generation companies. There is a large protection gap in protection, and the security protection methods commonly used in other industries cannot be adopted, resulting in some security protection difficulties:

[0004] 1. The reinforcement measures for the mainframe of the production control system of the power station cannot be fully implemented

Due to the large power generation capacity of a single unit in a power station at present, unit tripping has a great impact on the power grid. Ensuring the safe and stable operation of the production control system is the biggest goal of enterprises and system contractors. Any software other than the control system, so that security protection software such as anti-virus software cannot be installed;

[0005] 2. The production control area must be safely isolated from other network partitions, and only the production control area is allowed to transmit necessary real-time production data to other network partitions in one direction

For anti-virus software, host patch server software and other security protection measures that need to regularly obtain upgrade codes from the external network, they cannot be implemented in the production control area;

[0006] 3. Modern thermal power plants have a high degree of automation, and they are all assigned posts and person

Images