The hottest system is safe against security intrus

System security: in the face of security intrusion, the security of control system is often described as a response technology. In fact, organizations that better deal with the security of control systems are always ready in advance. They spend less time in crisis and remedy, and they can have more time to plan, design, implement and test

three topics appear again in more and more reports about the safety of control systems

first, commercial sabotage from malicious attackers (such as dissatisfied employees or contractors) is far more dangerous than fledgling terrorist attacks, at least for now

secondly, the ethics of business ethics and the interests of gaining competitive advantage make "information brokers" (hackers) attempt to obtain competitive information

third, it may be easy to understand that the committee's planned consumption of lithium carbonate is about 110000 tons. Any report contains knowledge bases and supplementary contents, and their suggestions are reflected in these knowledge bases and supplementary contents

on October, 2002, ISA held a meeting in Chicago to focus on the safety problems of using control systems in electronic and electrical appliances, such as PC, peek and other high-performance modified plastics. However, many conference speakers and panel members have put forward some ideas and suggestions based on their personal understanding of the security vulnerability of the control system. Although committees and seminars are meaningful, the control system is still in its infancy in preventing accidental or deliberate attacks

larry falkenau of DuPont Engineering said: "An important condition for successful risk analysis of control system is that the group investment is relatively large, and an interdisciplinary team is built. The members of this team are from it, control system, process engineer, operation and business.

Mr. falkenau said that he was glad to see the mutual cooperation and communication between people during the meeting, because people have realized the vulnerability of open system structure

No" recipe "Solution

in the dynamic environment of the control system, security management is a continuous process. This process simulates the familiar lifetime model and reuses this model to improve a large number of different business processes.

an obvious problem is:" it organizations have been responsible for protecting business information property for decades; why can't we use it technology and excellent practices in the control system? "

on the surface, this is a reasonable method; However, it risk management protects data assets from theft and/or modification. Generally, it selects excellent alloy structural steel to protect data assets, which move relatively slowly. The control system connected to the data assets may collapse, so the control system needs different risk assessment methods and protection design

according to the statement of the spokesman of the Chemical Department of cybersecurity information sharing forum (Washington), the task of a subgroup of forum members is:

● to find a general safety evaluation method of control system from a large number of risk evaluation methods

● develop short-term recommendations that users can apply to installed systems

● develop safety standards for control systems, and the forum encourages manufacturers to take these safety standards as part of their future products

the last item fully demonstrates the installation of the future control system. However, the system is generally maintained on site for 10 to 20 years. Therefore, it is very important to enhance the safety of the installed system

establish basic principles and policies

the security of control systems in many companies depends on some designed basic principles and policies to develop equipment and software to meet the special needs of control systems. These principles and policies clearly describe what to protect and how to achieve these protections

similar to preparing Y2K problem, solving the safety problem of control system starts from establishing some detailed basic principles. These principles should support company policies, procedures and processes. (see the figure of "security risk management activities")

the basic principles of establishing the security of control system include:

● the pledge management of maintaining security is as important as insurance and infringement protection, and branches

● emphasize the pledge management, protect commercial intellectual property rights

● establish roles, responsibilities and commitments, and ensure the ongoing cooperation between it and process control experts

the two main factors that affect the success of the policy are: there is no or almost impossible to arbitrarily explain the rules, guidelines and cases contained in the policy; Clarify the person in charge of each policy, what to do, how to achieve it, when to achieve it, and the reasons for establishing the policy

when developing policies, we should understand that many small policies that attract much attention are easier to establish, understand and implement than some large policies

check and access

once the basic principles and policies become a reality, check the control system and determine the modifications that need to be made

this example describes the decentralized virtual local area network (VLAN) in the field of control and engineering. Users in each VLAN domain access a common server, but cannot access devices in other domains

in October, 2001, the American Chemical Commission (arling, VA) issued the "American chemical industry site safety code". The code describes the identification of dangerous points, including dangerous points where buildings and control rooms, equipment rooms, motor control centers, laboratories, terminal strips and other control equipment are vulnerable to attack. It is pointed out that the security of these physical points is vulnerable to attack, which has little deterrent effect on terrorists, but greatly reduces the risk of malicious attackers. People often ignore the security risks of oral information and document management. For example, oral information introduced to some friendly groups provides far more details than are allowed to be leaked at a meeting. Document inspection shall include documents as part of the bid, structural components and/or completed works after the bid. Many engineers are familiar with process related hazard assessment methods, i.e. checking piping diagrams and quantifying hazardous situations. The evaluation of the control system is similar, but the network structure diagram is used to check the situation of illegal access to the control system, such as through Internet

since many control system technologies developed at present use Internet technology, it should be introduced to check the control system, computer and network