Method and device suitable for security protection and security audit of various DCS production control systems

Abstract

The invention relates to computer software, hardware and wireless communication technologies, particularly to a method and device suitable for security protection and security audit of various DCS production control systems. The method and device provide functions of DCS picture monitoring, operating recording, event backtracking, identity authentication, authority control, security data exchange, operation management optimization, can form a production control system information security integrated solution together with conventional information security products such as a firewall and network security audit, and all or part of modules of the method and device are suitable for security protection of industrial production control fields such as power grid and petrochemistry. The method and device is independent of a DCS host, does not install any software plug-ins, and has no influence on DCS production control quality and reliability; and the method and device in the invention innovatively adopts an I / O device tandem connection method to collect and control behavior data of the DCS, realizes security protection and security audit of the DCS, and filling up the blank of DCS security protection and audit products in the domestic market.

Description

Technical field [0001] The invention relates to information security, digital signature, computer software, hardware and network communication technology, in particular to a method and device suitable for security protection and security auditing of various DCS production control systems. Background technique [0002] Various DCS production control systems have the characteristics of capital-intensive and technology-intensive. Taking power generation companies as an example, the cost of a 1000MW thermal power generating unit is about 5 billion yuan. An enterprise generally has one or several generating units to form A certain scale of production capacity transmits power to the grid; power generation equipment deeply relies on automatic control, and the main control adopts a unit unit distributed DCS production control system, and one unit is equipped with a main control DCS and several sets of auxiliary control systems. The DCS production control system is similar to the nerve ce...

AI Technical Summary

Problems solved by technology

[0003] However, under the dual pressure of economic responsibility and social responsibility, traditional DCS manufacturers and power generation companies choose to sacrifice the security protection capabilities of the system and concentrate on improving the control quality and reliability of the system, resulting in the current DCS production system security of power generation companies. There is a large protection gap in protection, and the security protection methods commonly used in other industries cannot be adopted, resulting in some security protection difficulties:

[0004] 1. The reinforcement measures for the mainframe of the production control system of the power station cannot be fully implemented

Due to the large power generation capacity of a single unit in a power station at present, unit tripping has a great impact on the power grid. Ensuring the safe and stable operation of the production control system is the biggest goal of enterprises and system contractors. Any software other than the control system, so that security protection software such as anti-virus software cannot be installed;

[0005] 2. The production control area must be safely isolated from other network partitions, and only the production control area is allowed to transmit necessary real-time production data to other network partitions in one direction

For anti-virus software, host patch server software and other security protection measures that need to regularly obtain upgrade codes from the external network, they cannot be implemented in the production control area;

[0006] 3. Modern thermal power plants have a high degree of automation, and they are all assigned posts and personnel in accordance with the requirements of the industry's "new plant and new method". The actual operating personnel of a 1000MW unit is only equipped with 3-5 people, and the number of operation management positions for some important systems is very small. The job functions are very concentrated, resulting in too centralized information security functions, and even the phenomenon that system management, database management, and even development, use, and maintenance are concentrated in one person, and there is a lack of effective security audits and complete event traceability methods, which poses a threat to the safe operation of the system and accidents. Analysis and behavioral auditing pose great hidden dangers;

[0007] 4. The production characteristics of the electric power industry are 7×24 hours of uninterrupted continuous operation of power generation production. At the same time, power generation equipment is expensive, the system is complex, and the degree of automation is high. evaluation

As a result, it is impossible to carry out daily in-depth safety inspections on the main engine, and only some safety protection inspections can be done when the unit is shut down for maintenance, which puts forward higher requirements for the daily safety protection management of the system;

[0008] 5. The popularity of portable computers, mobile storage devices and 3G networks poses a greater threat to the current production control system that simply adopts "network isolation, private network dedicated" isolation, no anti-virus software and patch upgrade protection

At present, it can only be prevented through a stricter computer room access system and host management

Images