In September 2011, the Ministry of Industry and Information Technology issued the "Notice on Strengthening the Information Security Management of Industrial Control Systems", Ministry of Industry and Information Technology [2011] No. 451 (referred to as No. 451), which opened the "veil" of industrial control system security, through standardized management, etc. Requirements, so that industrial enterprises to understand the importance of industrial control system safety. After a lapse of 5 years, in October 2016, the Ministry of Industry and Information Technology issued the "Guidelines for Information Security Protection of Industrial Control Systems" (referred to as the Guide), and detailed guidelines for safety protection work from 11 items and 30 points. In the past five years, domestic companies involved in the field of information security in industrial control systems have sprung up and grew up. As a leading company in the field of information security for industrial control systems, Yan En Network hopes to analyze the two documents in detail. Provide reference for practitioners of industrial control system information security.
The new height of information security protection for the industrial control system of the five-year sword
Recalling that the earthquake network incident just broke out in 2010, which has aroused the concern of information security of industrial control systems all over the world. However, the domestic attention to the information security issues of industrial control systems is insufficient, the management system is lacking, and the relevant standards are incomplete. Therefore, the Ministry of Industry and Information Technology Issue No. 451, providing advice for industrial enterprises from the perspective of management requirements and institutional responsibility.
Under the background of deepening the integration of manufacturing and Internet in China, the release of the Guide is no longer “safe, safe,†but makes industrial control system security an important part of business development, security and business. Combination is no longer a separation, but a fusion.
2, due to changes in objects of different <br> <br> information security background of domestic industrial control systems, the "Guide" published objects compared with 451 the text, are for the more precise targeting, from the provinces, autonomous regions and municipalities, Relevant departments of the State Council have clearly defined that local industrial and information administration departments should expand from large state-owned enterprises to all industrial control systems, and that enterprises and institutions engaged in the planning, design, construction, operation and maintenance, and evaluation of industrial control systems are also applicable. The Guide, from the competent authority, to the industrial enterprise, to the service organization, needs to be guided by the Guide.
3, the purpose of different <br> <br> issued notice "Guide" clearly the direction and management of the country's industrial enterprises industrial safety and security work responsibilities Ministry of Industry and Information Technology, in the form of management and technical protection guidelines requiring local The competent department of industry and information guides industrial enterprises to formulate implementation plans for industrial safety protection, and promotes enterprises to meet the relevant requirements of the guidelines in batches, thereby improving the overall protection level of domestic industrial safety. In the context of the time, the 451 text called on the government and large state-owned enterprises to attach great importance to the situation, enhance risk awareness, sense of responsibility and urgency, and effectively strengthen the information security management of industrial control systems.
4, <br> <br> different content on the specific terms of content, "Guide" and 451 text comparison, more comprehensive in-depth technical and business compatibility, more specific and more operational.
(1) Accuracy of management requirements The management content in the Guide includes specific management requirements such as security software management, configuration and patch management, identity management, and supply chain management. Starting from the most urgent management problems faced by industrial enterprises, combined with the status quo of information security management of industrial enterprises, it puts forward precise management guidelines.
(2) Comprehensive technical requirements The technical requirements in the Guide are very comprehensive, including all aspects of information security protection of industrial control systems, including boundary security protection in structural security, remote access security, and safety monitoring in behavioral safety. And emergency plan exercises; security software selection and management in ontology security, physical and environmental security protection, identity authentication, asset security, data security; security and continuity configuration and patch management, supply chain management, implementation responsibility.
(3) The realization of technical realization The technical requirements in the "Guide" are very specific, not abstract description of technical principles, but specific protective technical measures, so that industrial enterprises can understand the specific operation and implementation of technical measures intuitively and clearly. process. For example, the first paragraph of Article 7 “Deploys network security monitoring equipment in industrial control networks to detect, report and handle cyber attacks or abnormal behaviors in a timely mannerâ€; Article 7 (2) “Development of industrial protocols at the front end of important industrial control equipment†Protective equipment for the package detection function, which limits illegal operations."
(4) Business compatibility operability The Guide is not completely elaborated from the perspective of information security, but is combined with the business site environment of industrial enterprises, so that the information security protection measures can be truly integrated into the business scene of the industrial site. Safeguard the safe and stable operation of business systems. For example, the first paragraph of the first article "Uses anti-virus software or application whitelist software that is fully validated in an offline environment on an industrial host and only allows software that runs through the authorization and security assessment of the industrial enterprise" is offline. Environment and full testing, this is the on-line requirement of industrial enterprises for software systems; Article 6 and the third paragraph "requires remote maintenance, using virtual private network (VPN) and other remote access methods" to consider the remote operation and maintenance in the business The technical requirements for protection guidance proposed by the reality in the system.
The means for industrial control system cyber attacks are constantly updated and changed. The defense technology for information security of industrial control systems is constantly improving and improving. The standard specifications for information security of industrial control systems are constantly evolving and released, so the publication of the Guide From a global perspective, it will provide guidance on the safety protection plan of industrial enterprises at a new height, and will comprehensively improve the overall protection level of information security of domestic industrial control systems.
The new height of information security protection for the industrial control system of the five-year sword
   1, the background is different
In October 2016, the Ministry of Industry and Information Technology issued the "Guidelines for Information Security Protection of Industrial Control Systems" to provide guidance for industrial enterprises to develop industrial safety protection implementation plans. The development of this guide is based on the background of deepening the integration of manufacturing and Internet development in China. Under the situation that the information security of industrial control systems in China is outstanding, many standards for domestic industrial safety control are released, and industrial control security technology is flourishing. Management, in-depth technology, combined with business, to provide comprehensive industrial safety and construction guidance for industrial enterprises at a new height.Recalling that the earthquake network incident just broke out in 2010, which has aroused the concern of information security of industrial control systems all over the world. However, the domestic attention to the information security issues of industrial control systems is insufficient, the management system is lacking, and the relevant standards are incomplete. Therefore, the Ministry of Industry and Information Technology Issue No. 451, providing advice for industrial enterprises from the perspective of management requirements and institutional responsibility.
Under the background of deepening the integration of manufacturing and Internet in China, the release of the Guide is no longer “safe, safe,†but makes industrial control system security an important part of business development, security and business. Combination is no longer a separation, but a fusion.
2, due to changes in objects of different <br> <br> information security background of domestic industrial control systems, the "Guide" published objects compared with 451 the text, are for the more precise targeting, from the provinces, autonomous regions and municipalities, Relevant departments of the State Council have clearly defined that local industrial and information administration departments should expand from large state-owned enterprises to all industrial control systems, and that enterprises and institutions engaged in the planning, design, construction, operation and maintenance, and evaluation of industrial control systems are also applicable. The Guide, from the competent authority, to the industrial enterprise, to the service organization, needs to be guided by the Guide.
3, the purpose of different <br> <br> issued notice "Guide" clearly the direction and management of the country's industrial enterprises industrial safety and security work responsibilities Ministry of Industry and Information Technology, in the form of management and technical protection guidelines requiring local The competent department of industry and information guides industrial enterprises to formulate implementation plans for industrial safety protection, and promotes enterprises to meet the relevant requirements of the guidelines in batches, thereby improving the overall protection level of domestic industrial safety. In the context of the time, the 451 text called on the government and large state-owned enterprises to attach great importance to the situation, enhance risk awareness, sense of responsibility and urgency, and effectively strengthen the information security management of industrial control systems.
4, <br> <br> different content on the specific terms of content, "Guide" and 451 text comparison, more comprehensive in-depth technical and business compatibility, more specific and more operational.
Comparison of the management and technical content between the Guide and Circular 451
(1) Accuracy of management requirements The management content in the Guide includes specific management requirements such as security software management, configuration and patch management, identity management, and supply chain management. Starting from the most urgent management problems faced by industrial enterprises, combined with the status quo of information security management of industrial enterprises, it puts forward precise management guidelines.
(2) Comprehensive technical requirements The technical requirements in the Guide are very comprehensive, including all aspects of information security protection of industrial control systems, including boundary security protection in structural security, remote access security, and safety monitoring in behavioral safety. And emergency plan exercises; security software selection and management in ontology security, physical and environmental security protection, identity authentication, asset security, data security; security and continuity configuration and patch management, supply chain management, implementation responsibility.
(3) The realization of technical realization The technical requirements in the "Guide" are very specific, not abstract description of technical principles, but specific protective technical measures, so that industrial enterprises can understand the specific operation and implementation of technical measures intuitively and clearly. process. For example, the first paragraph of Article 7 “Deploys network security monitoring equipment in industrial control networks to detect, report and handle cyber attacks or abnormal behaviors in a timely mannerâ€; Article 7 (2) “Development of industrial protocols at the front end of important industrial control equipment†Protective equipment for the package detection function, which limits illegal operations."
(4) Business compatibility operability The Guide is not completely elaborated from the perspective of information security, but is combined with the business site environment of industrial enterprises, so that the information security protection measures can be truly integrated into the business scene of the industrial site. Safeguard the safe and stable operation of business systems. For example, the first paragraph of the first article "Uses anti-virus software or application whitelist software that is fully validated in an offline environment on an industrial host and only allows software that runs through the authorization and security assessment of the industrial enterprise" is offline. Environment and full testing, this is the on-line requirement of industrial enterprises for software systems; Article 6 and the third paragraph "requires remote maintenance, using virtual private network (VPN) and other remote access methods" to consider the remote operation and maintenance in the business The technical requirements for protection guidance proposed by the reality in the system.
The means for industrial control system cyber attacks are constantly updated and changed. The defense technology for information security of industrial control systems is constantly improving and improving. The standard specifications for information security of industrial control systems are constantly evolving and released, so the publication of the Guide From a global perspective, it will provide guidance on the safety protection plan of industrial enterprises at a new height, and will comprehensively improve the overall protection level of information security of domestic industrial control systems.
2835 240 Led Single Color,Single Color Pixel Led Light,Single Red Led ,Single Colour Led
NINGBO SENTU ART AND CRAFT CO.,LTD. , https://www.sentuledlight.com