基于等保2.0的重點(diǎn)行業(yè)工控系統(tǒng)網(wǎng)絡(luò)安全防護(hù)策略研究
信息技術(shù)與網(wǎng)絡(luò)安全
張 悅1,荊 琛2,衣 然2
(1.國(guó)能信息技術(shù)有限公司,北京100080;2.華北計(jì)算機(jī)系統(tǒng)工程研究所,北京100083)
摘要: 在兩化融合的工業(yè)建設(shè)大背景下,工控系統(tǒng)的互聯(lián)互通性逐步加強(qiáng),系統(tǒng)所面臨的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)也越來(lái)越大。針對(duì)工控系統(tǒng)網(wǎng)絡(luò)安全現(xiàn)狀,依據(jù)等級(jí)保護(hù)2.0相關(guān)標(biāo)準(zhǔn),提出了一種可實(shí)現(xiàn)隔離、監(jiān)測(cè)、預(yù)警、審計(jì)等功能的工控網(wǎng)絡(luò)安全防護(hù)策略,并以煙草行業(yè)為例,完成了應(yīng)用部署與安全驗(yàn)證,為工控系統(tǒng)網(wǎng)絡(luò)安全建設(shè)提供了實(shí)踐參考。
中圖分類(lèi)號(hào): TP393
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.09.009
引用格式: 張悅,荊琛,衣然. 基于等保2.0的重點(diǎn)行業(yè)工控系統(tǒng)網(wǎng)絡(luò)安全防護(hù)策略研究[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(9):54-57,76.
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.09.009
引用格式: 張悅,荊琛,衣然. 基于等保2.0的重點(diǎn)行業(yè)工控系統(tǒng)網(wǎng)絡(luò)安全防護(hù)策略研究[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(9):54-57,76.
Research on the security protection strategy of industrial control network in key industries based on classified security protection standard 2.0
Zhang Yue1,Jing Chen2,Yi Ran2
(1.Guoneng Information and Technology Limited Company,Beijing 100080,China; 2.National Computer System Engineering Research Institute of China,Beijing 100083,China)
Abstract: In the context of the integration of industrialization and information in industrial construction, the interconnection and interoperability of the industrial control system has gradually strengthened, and the network security risks faced by the system have also become greater. Aiming at the current status of industrial control network security, this paper proposes an industrial control network security protection strategy that can realize the functions of isolation, monitoring, early warning, and auditing based on classified security protection standard 2.0. Taking the tobacco industry as an example, the application deployment and security verification have been completed, which provides a practical reference for the construction of industrial control system network security.
Key words : classified security protection standard 2.0;industrial control system;cyber security
0 引言
隨著信息通信技術(shù)的高速發(fā)展,信息化與工業(yè)化深度融合,工控系統(tǒng)從封閉走向開(kāi)放。在提高生產(chǎn)力的同時(shí),工控系統(tǒng)由于自身的脆弱性和系統(tǒng)漏洞,給黑客入侵工控網(wǎng)絡(luò)提供了通道,并且,各種網(wǎng)絡(luò)病毒等也都潛在威脅著工業(yè)安全[1-5]。在兩化融合的大背景下,工控網(wǎng)絡(luò)的安全防護(hù)正面臨著嚴(yán)峻的挑戰(zhàn)。
1 工控系統(tǒng)網(wǎng)絡(luò)安全現(xiàn)狀
工控系統(tǒng)在建設(shè)之初,主要考慮實(shí)用性和可靠性,網(wǎng)絡(luò)中幾乎沒(méi)有任何針對(duì)外部攻擊和病毒感染的發(fā)現(xiàn)、防御手段[6-7],當(dāng)各種病毒、木馬等外部威脅進(jìn)入廠區(qū)管理網(wǎng)、辦公網(wǎng)后,就可以直達(dá)現(xiàn)場(chǎng)控制層網(wǎng)絡(luò),直接威脅到工業(yè)生產(chǎn)安全。
本文詳細(xì)內(nèi)容請(qǐng)下載:http://theprogrammingfactory.com/resource/share/2000003766
作者信息:
張 悅1,荊 琛2,衣 然2
(1.國(guó)能信息技術(shù)有限公司,北京100080;2.華北計(jì)算機(jī)系統(tǒng)工程研究所,北京100083)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。