论文部分内容阅读
在落实工业控制系统信息安全方面,采用工业网络纵深防御是比较普遍且行之有效的方法。将“纵深防御”引入过程控制系统的信息安全解决方案,在外部边界的威胁和工控网络之间建立尽可能多层次的保护。2011年,中国工业和信息化部发布了《关于加强工业控制系统信息安全管理的通知》(以下简称《通知》),该《通知》表示,基于2010年发生的“震网”病毒事件的前车之鉴,一旦工业控制系统信息安全出现漏洞,将对工业生产运行和国家经济安全造成重大隐患。《通知》中明确了重点加强核设施、钢铁、有色、化工、石油石化、电力、天然气、先进制造、水利枢纽、环境保护、铁路、城市轨道交通、民航、城市供水供气供热以及其他与国计民生紧密相关领域的工业控制系统信息安全管理,落实安全管理要求。由此可见,中国的工业控制系统信息安全正面临着严峻的考验。工业安全问题主要分为两部分诠释:功能安全与信息安全。在“震网”事件爆发前,工业领域
In the implementation of industrial control system information security, the use of industrial network defense in depth is a more common and effective method. Introducing Deep Defense into the process control system’s information security solution to establish as many levels of protection possible between external threat threats and IPC networks. In 2011, the Ministry of Industry and Information Technology of the People’s Republic of China promulgated the “Notice on Strengthening the Information Security Management of Industrial Control Systems” (hereinafter referred to as the “Notice”), which states that based on the “Network” virus incident that occurred in 2010 As a warning, once the industrial control system information security loopholes, will cause serious risks to industrial production and operation and national economic security. The Notice clearly states that the focus should be placed on strengthening nuclear facilities, iron and steel, nonferrous metals, chemicals, petroleum and petrochemicals, electricity, natural gas, advanced manufacturing, water conservancy hubs, environmental protection, railways, urban rail transit, civil aviation, urban water supply and heat supply, People’s livelihood closely related fields of industrial control system information security management, implementation of safety management requirements. Thus, China’s industrial control system, information security is facing a severe test. Industrial safety issues are mainly divided into two parts: functional safety and information security. In the “shock nets” incident before the outbreak, the industrial area