Biqiao Medical Technology(Henan)Co.,Ltd,Specializes
production,medical masks,medical masks,surgical masks,KN95 masks,Kn95 mask
reinforced,Disposable masks,children mask.Professional masks manufacturer.
Medical masks,Protective Mask,3 Ply masks,Disposable 3 Ply Face Mask,Medical Disposable masks BIQIAO MEDICAL TECHNOLOGY(HENAN) CO.,LTD , https://www.medical-technology.net
How to choose a defense system
Throughout the current development of the industry, industrial customers often face a series of dilemmas such as lack of personnel, formalization of the system and conflicts between production and safety, in addition to the cognitive shortcomings of industrial information security, and the selection of practical and practical products or solutions. The program has become the first step for enterprises to advance industrial information security.
The realization of industrial information security is a systematic project, and multi-level protection is a necessary strategy. Nowadays, most mainstream suppliers in the industry generally adopt a “top-down†defense-in-depth system, which follows the six steps of security plan, network separation, boundary protection, network segment separation, device hardening, and monitoring and updating, focusing on management level. Enhancement of system-level security functions. The “top-down†solution seems to be able to achieve enterprise information security, but there are many flaws in the implementation process. First of all, prioritizing management-level and system-level security functions requires companies to invest large amounts of money in the construction of hardware and software equipment. Not all customers have the strength or willingness to invest. Secondly, for industrial control equipment with information security defects, “top-down†protection is only some peripheral protection measures, and there is no hidden danger of information security from the root cause. Relevant industrial control equipment is still in “sickness with illness†status. Third, usually industrial enterprises use a large number of industrial control equipment, a large number, relying solely on management-level, system-level protection is difficult to ensure the safety of each single device. Finally, the differentiation of the enterprise site determines that the degree of customization and privatization of management-level and system-level information security solutions is very high, which is not conducive to the subsequent application of the program. Therefore, the implementation of the information security defense strategy solution from the top down cannot highlight the practicality and effectiveness. To this end, a security strategy called “bottom-up†has emerged in the market.
The “bottom-up†security strategy emphasizes device-level protection with system-level and management-level protection. Among them, equipment-level protection focuses on improving the information security protection capability of each device; the goal of system-level protection is to design a secure control system architecture to enhance the overall information security function of the control system; the role of management-level protection is to standardize management and improve Security policy to enhance disaster recovery and data backup of the control system. The “bottom-up†deployment means that “cell-level†security is achieved by integrating information security functions into the device itself, so companies can get rid of traditional security solutions for management policies, systems, and human capabilities and operational practices. Over-reliance on many uncontrollable or incomplete conditions limits investment, and can quickly improve the information security protection level of enterprise industrial control systems in a short period of time, and lay the foundation for the implementation of a complete defense-in-depth security strategy. Especially for the current industrial control systems that are numerous and do not have system-level protection and management-level protection, device-level protection is ideal. In the context of the current successful cases of industrial IT security and security policy deployment, Schneider Electric's “bottom-up†three-level defense system has already had many successful cases.
How to choose industrial equipment
According to the equipment-level protection strategy, industrial control equipment such as PLC, Ethernet switch and SCADA software applied in the industrial control system can be turned into guards for information security. For example, through the template firmware upgrade and software auxiliary function settings to enhance the information security protection capability of the industrial control device, by setting the security parameters of the industrial-grade managed switch, such as adopting the "enhanced" password, closing the unused port, port address binding, A series of specific technical measures such as network storm limit and multicast filtering, and the use of an Ethernet ring network to improve the fault tolerance of the network, greatly improve the physical intrusion capability of the industrial control system and improve the availability of the industrial control system.
From the Notice No. 451 of the Ministry of Industry and Information Technology in 2011, the Notice on Strengthening the Information Security Management of Industrial Control Systems clearly states that relevant national large enterprises should carefully select industrial control system equipment. In the near future, the relevant national authorities have directed industrial control equipment for large state-owned enterprises. The safety requirements of the selection are becoming stricter, and relevant policies and regulations are gradually introduced, and the importance of the selection of industrial control equipment can be seen.
So, how should we choose for industrial equipment?
Taking the power industry as an example, the Department of Safety Supervision of the Energy Bureau proposed that the selection of industrial control equipment such as PLC must refer to two standards:
a) It is forbidden to select systems and equipment that have been tested and identified by the relevant national regulatory authorities and notified by the National Energy Administration of vulnerabilities and risks.
b) Systems and equipment are tested by qualified agencies to determine that there are no information security vulnerabilities and risks.
For equipment applied to important information systems (such as Baoding level 3 or above), it is advisable to meet the above two standards at the same time; for equipment used in general information systems (such as Baoding level 2), one of them can be satisfied; Equipment should meet the second standard. At present, only Schneider Electric Unity Quantum PLC can meet the above two standards at the same time.
In fact, in 2012, Schneider Electric Modi Kang Quantum series PLC products passed the safety testing of the two national authoritative evaluation agencies, namely the National Information Technology Security Research Center and the China Electric Power Research Institute, becoming the first and only pass in China. And get the PLC product series approved by this type of testing. The new generation of Modicon M580ePLC products introduced to the market in 2014 also passed the safety test of China Electric Power Research Institute, which indicates that Schneider Electric has made industrial information security a core function of its PLC products. It is reported that since the beginning of 2013, all industrial control products provided by Schneider Electric to customers around the world have built-in information security protection functions, so that industrial enterprises have obtained excellent compliance with relevant international and domestic regulations without relying on other security protection measures. Information security. For the industrial control equipment that has been applied before, the company can also provide corresponding services to help industrial enterprises obtain the same guarantee.
Faced with the double-edged sword of technological development, companies can only avoid the risks that may arise when they make effective response decisions, and enjoy the fruits of technological progress. For industrial control companies, choosing the right security strategy and industrial control equipment is undoubtedly an important way to effectively improve the level of information security protection and reduce corporate investment.
The development of technology will have two sides. For example, enterprises enjoy the threats brought by viruses, Trojans, hackers, etc., while enjoying the convenience brought by network interconnection. The same is true in the field of industrial control. The widespread application of common protocols and technologies in industrial control systems weakens the isolation of the control system from the outside world, and the safety of the system is constantly tested from the outside world. The "Seismic Network" virus incident that occurred in 2011 unveiled the corner of industrial information security. In recent years, information security incidents have continued to ferment. Last year, the National Development and Reform Commission announced the "Notice on National Information Security Special Issues in 2013", emphasizing that information security of industrial control systems is one of the four major areas supported by the state, which also means that the battle for industrial information security cannot be delayed.