Wu Yunfeng of the Sixth Institute of Electronics: Industrial Control System Safety System Thinking and Innovative Practice

“The industrial control system is the core of the long-term, safe and stable operation of the country’s key information infrastructure. Once a problem occurs in the industrial control system, the system may slow down and cause crashes. Some key data, recipes, and control programs are stolen and cleared. It may cause production equipment to run out of control, production halt, property damage, casualties and environmental pollution. More serious cases will damage national infrastructure such as national defense and military industry, energy, transportation, and water conservancy, endanger the life of the country and people, and affect the long-term stability of society. Mr. Wu Yunfeng, deputy chief engineer of the Sixth Research Institute of China Electronics Information Industry Group Co., Ltd., said at the CITE2021 Industrial Internet Development and Security Summit.

Wu Yunfeng of the Sixth Institute of Electronics: Industrial Control System Safety System Thinking and Innovative Practice

Mr. Wu Yunfeng, Deputy Chief Engineer of the Sixth Research Institute of China Electronics Information Industry Group Co., Ltd.

Industrial control system uses control theory, instrumentation, computer and other information technology to realize the detection, control, optimization, scheduling, management and decision-making of industrial process to achieve the purpose of increasing output, improving quality, reducing consumption, and ensuring safety.

Industrial control security incidents endanger national security and the long-term stability of society. In April 2018, General Secretary Xi Jinping delivered a speech at the National Cyber ​​Security and Informatization Work Conference: “Without cyber security, there will be no national security, there will be no stable economic and social operations, and the broad masses of people will not be guaranteed.”

Nowadays, public safety has become an important part of the national security strategy. In recent years, national policies and regulations related to cyber security have emphasized the importance of industrial control security. For example, the “Network Security Law of the People’s Republic of China” was issued in November 2016, the “Industrial Control System Information Security Action Plan” was issued in December 2017, and the “Industrial Internet Development Action Plan (2019-2020)” was issued in May 2018. “In December 2019, the “Network Security and Other Guarantee 2.0 Standards” were officially implemented, and the “Notice on Promoting the Accelerated Development of the Industrial Internet” was issued in March 2020…

The safety status of industrial control system in my country

Industrial control security is related to national defense security, economic security, and social security, and is a solid foundation for the strategic construction of a manufacturing power and a network power. At present, my country’s industrial control system has serious risks and hidden dangers. Wu Yunfeng mainly introduced from four aspects:

First, most of the industrial control systems currently use foreign products, without mastering the core technology, being restricted by others is the biggest hidden danger.

Second, with the advancement of the Industrial Internet, industrial control systems have moved from a traditional closed model to open, introducing security risks. In the design of industrial control systems, traditional designs generally do not consider information security-related solutions, and industrial control systems have different forms in various industries, diverse protocols, and different functions. Therefore, the security requirements of industrial control systems are also very different.

Third, the backdoors and loopholes in the industrial control system lack effective security detection methods, and it is difficult to detect internal and external abnormal behaviors in time.

Fourth, there are security risks in industrial control systems, but some new technologies (such as autonomous, safe, and credible technologies) lack high-fitting, high-simulation industrial control environment verification, and it is difficult to evaluate their application effects in industrial control systems. In addition, the vulnerability repairs in the industrial control system lack an evaluation and verification environment, and they dare not upgrade, and the industrial control system has been running for a long time.

Wu Yunfeng of the Sixth Institute of Electronics: Industrial Control System Safety System Thinking and Innovative Practice

Industrial control system security incidents in recent years

It can be seen that industrial control systems are increasingly becoming an important target of network confrontation. Industrial viruses have evolved into cyber weapons, which can carry out strategic intelligence collection, infiltrate latency, and precision strikes. They can directly destroy the core infrastructure of industrial networks. They are a tool of confrontation between countries and organizations, and a means of games outside of politics and military!

At present, some domestic high-end equipment (such as machine tools, power generation equipment, robots, etc.) rely heavily on foreign brands; 90% PLC and 65% of the operator stations in the industrial control system are foreign products; and because some customers require remote maintenance by manufacturers, the equipment There are remote access ports, there are many unknown device “backdoors”, and there are risks such as access control and denial of service.

The industrial control system involves some core technologies, such as core processors, embedded operating systems, desktop systems, databases, compilation tools, buses, sensor technologies, etc. The core equipment includes servers, industrial computers, to network equipment DCS, PLC, and industrial Software, inverter servo and industrial robots, etc. The core technology products are mainly held in Western countries such as the United States, Germany, Japan and France, and my country’s industrial control field is in a state of being monopolized by foreign markets.

In addition, the industrial control system has moved from closed to open, which poses a certain threat to the security of traditional industrial control systems. The current industrial control security mainly relies on physical isolation, but cloud collaboration requires industrial control to move toward openness. Once the physical isolation security boundary is opened, it faces many threats. However, there is still a lack of a complete set of security technologies that support cloud collaboration.

Wu Yunfeng of the Sixth Institute of Electronics: Industrial Control System Safety System Thinking and Innovative Practice

In recent years, the number of industrial information security vulnerabilities has shown a trend of high incidence for consecutive years. More than half of the industrial control security vulnerabilities are high-risk vulnerabilities. The types of vulnerabilities disclosed show diversified characteristics. Industrial control vulnerabilities are widely distributed in key areas such as energy, manufacturing, water affairs, and municipal administration. The requirements for real-time, functionality, and reliability have led to a very slow progress in the repair of industrial control vulnerabilities.

Thoughts on Safety System of Industrial Control System

Wu Yunfeng took a typical industrial control system architecture as an example to analyze the safety requirements of industrial control.

Wu Yunfeng of the Sixth Institute of Electronics: Industrial Control System Safety System Thinking and Innovative Practice

In terms of policies, in recent years, there have been the “Cyber ​​Security Law”, “Isoguarantee 2.0”, “Cryptography Law”, “Credit Creation” requirements and the requirements of the “Customs Foundation Protection Regulations”. Products and safety training platforms put forward requirements, and finally achieve the goal of discoverable, preventable, replaceable, and verifiable.

In response to this demand, the Sixth Electronic Research Institute proposed to build a multi-level industrial control safety guarantee system.

Wu Yunfeng of the Sixth Institute of Electronics: Industrial Control System Safety System Thinking and Innovative Practice

Leading by the National Security Strategy of the Sixth Group of Electronics, it proposes a public security assurance system based on a four-tier structure model of security training platforms, independent core products, deep security protection, and critical protection services, to achieve an all-round improvement in the prevention and control capabilities of the country’s critical infrastructure. Achieve the goal of closing the back door, plugging loopholes, and preventing supply interruption.

·Independent core product system

Wu Yunfeng of the Sixth Institute of Electronics: Industrial Control System Safety System Thinking and Innovative Practice

Create a comprehensive, three-dimensional coverage and application of an independent core product system, continue to promote independent innovation of core technologies of industrial control systems, and drive the high-quality development of the industrial control industry, driven by the independent construction of national infrastructure.

·Deep Security System

Wu Yunfeng of the Sixth Institute of Electronics: Industrial Control System Safety System Thinking and Innovative Practice

Create an integrated deep protection system inside and outside the factory, covering equipment, control, network, data, application, management, security and other aspects.

·Safety test verification platform

Wu Yunfeng of the Sixth Institute of Electronics: Industrial Control System Safety System Thinking and Innovative Practice

Through virtual and real interconnection technology, based on real industrial control industry scenarios and virtual general resources, a simulation platform covering field equipment, controllers, process monitoring, production management, and typical industrial control business is built, with industrial control network security assessment, industrial control and security product testing, and security attack and defense Capability and operation and maintenance capabilities.

·Multidimensional industrial control security service system

Wu Yunfeng of the Sixth Institute of Electronics: Industrial Control System Safety System Thinking and Innovative Practice

Create a multi-dimensional industrial control security service system and provide security services such as industrial control system evaluation, safety certification, product testing, consulting and training. Incorporating technology accumulation and safety products in the field of industrial control security in various business links, relying on a professional team to provide regulatory agencies and industry users with national critical information infrastructure security technical service support.

The Sixth Institute of Electronics builds a complete system of the core technology of the industrial control system

Established in 1965, the Sixth Institute of Electronics is one of the key scientific research institutes engaged in the research and development of electronic technology application systems in the field of my country’s information industry. It is the only research institute and institution under China Electronics, and it is also the network security of China’s electronics industry control system. The lead unit of the company has established the National Engineering Laboratory of Industrial Control System Information Security Technology, which has long been committed to the research of industrial control security technology, including research on the application of industrial control systems in key infrastructure industries, research on mainstream industrial control system products at home and abroad, and industrial network vulnerability mining and Research, as well as industrial network surveying and mapping technology, attack technology, penetration technology research, industrial control security active defense technology, security system research, key infrastructure industry industrial network attack and defense test platform research, etc.

The Sixth Electronic Research Institute insists on independent innovation, continues to research the core technology of industrial control system, and has made breakthroughs in industrial control safety technology and related bus technology. It has built an independent technology system and perfected the technology ecological chain.

Driven by strategic demand, build a “Super Royal” series of industrial control product systems. Based on PKS’s independent and trusted technology, for key industries such as national defense industry, electric power, metallurgy, petrochemical, chemical, water conservancy, discrete manufacturing, digital city, etc., it has realized independent innovation of intrinsic safety, safe and credible process safety, failure-available functional safety, and special customization The development goal of industrial safety is to solve the pain points of industrial development.

Wu Yunfeng of the Sixth Institute of Electronics: Industrial Control System Safety System Thinking and Innovative Practice

The safety series PLC independently developed by the Sixth Institute of Electronics covers large, medium and small equipment. All PLCs have realized full-process solutions from hardware chip level, component level to operating system, and then to the entire industrial software. In addition, the traditional control system has built-in information security protection mechanisms such as domestic passwords and trusted computing, which have corresponding applications in the fields of national defense, military industry and key infrastructure.

“A series of industrial control system protection product systems developed by the Sixth Institute of Electronics include safety testing, safety protection, and safety auditing. All products are based on in-depth analysis of industrial control system protocols, and are suitable for industrial control system protocol security products. Industrial control safety protection products have been widely used in various industries.” Wu Yunfeng introduced.

Application case of industrial control security product series in urban rail transit industry

On the industrial control system experimental verification platform, the Sixth Institute of Electronics has developed a simulation platform based on key infrastructure simulation, a test platform for new technology testing, a drill platform for multi-party offensive and defense drills, and a teaching platform for network security training and teaching. These platforms have three characteristics: close to the real environment construction, comprehensive and detailed business processes, rich and clear situation Display.

In terms of basic protection services, it can provide security assessment, security training, security consulting, penetration testing, testing certification, and network security services. According to Wu Yunfeng, from 2016 to 2020, the Sixth Institute of Electronics has completed nearly 400 sets of industrial control system safety evaluation and consulting services in 16 provinces, mainly serving nearly 100 industrial enterprises, including electric power, nuclear power, rail transit, petroleum and petrochemical, etc. The products involved cover mainstream products and systems at home and abroad. In addition, the Six Electronics Institute also provides network security services during a number of major events in the country.

With independent strength and continuous empowerment of safety, this road only needs to go down firmly!

The Links:   CM300TXL1-12NFC SKIIP32NAB12

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *