Industrial control system terminal security protection method

Abstract

The invention belongs to the technical field of security protection of industrial control system terminals, and in particular relates to a method for security protection of industrial control system terminals. The method is implemented based on the terminal security protection system of the industrial control system, and the system includes: terminal security protection equipment and a centralized terminal security management system; A series of technical means for auditing and centralized management of equipment can effectively block malicious behaviors such as network attacks and illegal access during the operation of industrial control system equipment, and at the same time realize centralized security protection strategies for multiple industrial control system equipment of the same type or different types Configuration and management. This solution has a high level of security protection for industrial control equipment terminals, supports centralized and unified management of multiple devices, and the centralized management platform is suitable for multiple application environments, multiple industrial protocols, good compatibility, flexible protection strategy configuration, efficient alarm reporting and equipment management, etc. advantage.

Description

technical field [0001] The invention belongs to the technical field of industrial control system terminal security protection, and in particular relates to an industrial control system terminal security protection method. Background technique [0002] Industrial control systems are widely used in electric power, petrochemicals, transportation, municipal administration, new intelligent manufacturing and other important fields involving national security. Once a security problem occurs, not only the economic loss of enterprises, but also national security and public interests will be affected. Its importance cannot be overstated. Since the "Stuxnet" incident in 2010, the attention of countries around the world on the security of industrial control systems has been raised to an unprecedented level, and countries around the world are stepping up the formulation of policies, standards, technologies and protection schemes, among which the security of industrial control system term...

AI Technical Summary

Problems solved by technology

However, the above two types of industrial control system terminal security protection products mainly have the following problems: First, due to the complexity of the software and hardware platform environment in the industrial control network, many CNC, PLC, DCS, SCADA and other systems mainly rely on foreign software and hardware manufacturers. It is unavoidable that there are design backdoors, inapplicable interfaces, or inconsistent application scenarios. Second, industrial control systems generally use embedded or streamlined operating systems. These systems generally cannot update operating system patches, install anti-virus software, and information security products. As a necessary security protection measure for a network terminal device, there are serious security risks in the industrial control system; third, malicious network attacks are easy to use the loopholes exposed in the industrial control system on the network to steal super-user privileges, wanton damage to the system or steal secrets Data; Fourth, the industrial control system equipment itself generally does not use double strong identity authentication methods to achieve access control, and the data stored in the industrial control equipment and various interfaces (serial ports, network ports, USB interfaces, etc.) on the equipment have illegal access by unauthorized users. Fifth, if the operation and maintenance of the industrial control system needs to rely on external operation and maintenance personnel, there is a lack of technical means to supervise and trace the illegal operations of external operation and maintenance personnel

Sixth, there is a lack of a centralized and unified management platform that can configure and manage terminal security protection policies for multiple industrial control system equipment of the same type or different types at the same time

[0004] From the above analysis, it can be seen that the deficiencies in the terminal security protection of the industrial control system at this stage are mainly: the inability to comprehensively apply dual access control, strong identity authentication, interface protection strategy, file in-depth analysis, security audit and equipment to various interfaces on the industrial control system equipment. Centralized management of a series of technical means for comprehensive monitoring and protection; unable to effectively block malicious behaviors such as network attacks and illegal access during the operation of industrial control system equipment; unable to simultaneously realize the centralized and unified security protection of multiple industrial control system equipment of the same or different types manage

Images