There are many hidden dangers in the most explosiv

Since the 13th five year plan, China will enter the great development stage of building urban rail transit in dozens of cities at the same time, and the planned route mileage will exceed 10000 kilometers in 2020. What suggestions does Schneider Electric have for users in the rail transit industry in improving the level of information security? How should enterprises prevent information security accidents? Compared with traditional solutions, what are the characteristics of Schneider Electric in information security solutions

on these issues, Wang Bin, technical director of information security of Schneider Electric industry, accepted an exclusive interview with China industry news a few days ago. He stressed that enterprises should improve the concept of active defense and comprehensive defense after intermediate annealing and pickling, rather than just passively defense, passively identify and solve problems

security risks are everywhere

China industry news: many people believe that the reason why industrial control systems are facing the problem of information security is mainly because it uses a large number of general Ethernet protocols. What do you think of this problem

Wang Bin: in addition to the general Ethernet protocol, there are also a large number of biomedical materials in the industrial control system. As an important part of high technology, biomedical materials have entered a new stage of rapid development. There are four types of equipment or assets, including manufacturing equipment, communication components, application software, operating system, and these equipment or assets themselves will also have information security risks and hidden dangers, Finally, there are information security risks or hidden dangers in the whole industrial control system. The earthquake virus incident is a good example. Although the control system in the nuclear power plant is isolated from its office automation system and information system, it has been proved that there are still hidden dangers of information security

traditional solutions have many defects

China industry news: compared with traditional information security solutions, what are the characteristics of Schneider Electric in information security solutions

Wang Bin: at present, most security service providers' solutions are top-down, focusing on the strengthening of management level and system level security functions. But this model has four defects. First of all, priority should be given to the realization of management level and system level safety functions. For the vast majority of industrial enterprises that have not prepared corresponding software and hardware equipment before, it means that a lot of costs need to be invested in the construction from scratch, during which more human and material resources will be invested; Secondly, for the industrial control equipment with information security defects, the top-down protection is only some peripheral measures, and does not eliminate the hidden dangers of information security from the root. In fact, the relevant industrial control equipment is still in the state of working with diseases; Secondly, there are many types and large quantities of industrial control equipment involved in industrial enterprises. It is difficult to take care of every single equipment completely relying on management level and system level protection, and if one thing is taken into account and the other is lost, it is not really safe; Finally, each industrial enterprise uses different types and quantities of field equipment, which determines that the degree of customization and privatization of management level and system level information security solutions will be very high. A set of solutions can not be promoted even in the branches of the group, let alone in a certain industry, or even the entire industrial field. This poor reproducibility also means that the cost will remain high; Especially for large group enterprises, the plans of each subordinate unit should be customized independently, and the great investment pressure is obviously unacceptable

the reason why Schneider Electric's industrial information security solutions are different is that Schneider Electric advocates a bottom-up protection strategy, which focuses more on equipment level defense, supplemented by a three-level defense system of system level and management level, that is, to build an industrial information security system from equipment level protection

aim at the bull's-eye and focus

China industry news: the interruption of production activities caused by the shutdown and damage of industrial control equipment is undoubtedly the information security accident that enterprises are most worried about. How should enterprises prevent this from happening

Wang Bin can test different samples: our suggestion is to return the focus of enterprises' attention to the bull's eye of industrial information security threats, that is, the industrial control equipment itself, try to improve the information security protection ability of industrial control products, and eliminate the information security vulnerabilities of industrial control products from the root

the specific approach is to integrate the function of information security into each single device without affecting the function and performance of industrial control equipment. For industrial enterprises, the realization of this equipment level information security protection means that they have obtained the most core functions of the complete multi-level industrial information security protection; After that, according to their own conditions, when they have the corresponding conditions and capabilities, they can gradually improve the system level and management level auxiliary strategies

this bottom-up mode requires less investment at the initial stage because it does not need to purchase additional software and hardware equipment; Industrial enterprises only need to build industrial control equipment for their own use, and the difficulty of implementation is not high; The ability requirements for technicians in industrial enterprises are not high

give priority to the deployment of equipment level protection

China industry news: what suggestions does Schneider Electric have for users in the rail transit industry, petrochemical and coal chemical industries in improving the level of information security

Wang Bin: at present, whether in power, rail transit or other industries, more system level protection schemes are used, such as adding some firewall or gate products to do system level isolation, and the whole control system is layered and graded to separate the control system from the information system. Although some industries have applied firewall products, they are all information system level firewalls rather than industrial level firewalls. The firewall of information system applied to industrial control system is not applicable because of reliability, real-time and other factors, and it can not provide industrial Ethernet protocol parsing and other functions

on the other hand, the control system is a very complex system, which is internally composed of many levels. If any access point in the system is affected, it may cause all equipment in the whole system to be paralyzed. However, at present, many information security solutions applied by enterprises only regard the control system as a large network and protect the periphery, but ignore the protection and isolation between multiple levels within the control system. Such solutions are obviously imperfect

for the rectification and improvement of safety protection in different industries, Schneider Electric's experience can be summarized as follows: while emphasizing the design of overall safety solutions, enterprises should also pay attention to effectiveness and urgency. Based on the reality of information security in different industries, equipment level protection can be preferentially deployed from bottom to top without conditions. When various conditions are mature, the enterprise will further implement the three-level in-depth defense system of equipment level, system level and management level to improve the overall protection level of information security of the whole enterprise

related links: how should enterprises choose information security defense solutions

for industrial control system, it mainly involves four types of equipment control equipment, communication components, application software and operating system. These four types of equipment have their own risks and vulnerabilities of information security, which will eventually lead to the risk of information security in the whole industrial control system. So how should enterprises protect equipment level? Wang Bin, director of information security technology of Schneider Electric industry, said frankly that Schneider Electric advocates increasing the information security protection ability of each single device. When these small devices are put together to form a large system, this large system has the most basic ability of information security protection

since the beginning of 2013, all industrial control products provided by Schneider Electric to customers have been equipped with the function of information security. Industrial enterprises using such industrial control products have obtained a hard information security guarantee that meets the requirements of relevant international and domestic laws and regulations without relying on other protection measures. Recently, Schneider Electric's world's first Epac product Modicon m580 passed the information technology product security test of China Electric Power Research Institute. This is the latest PLC product of Schneider Electric's Modicon Kunteng PLC product once again recognized by the authoritative testing institution after it successfully obtained the security certification of the national authoritative information security evaluation institution in 2012. On the other hand, Schneider Electric can also provide corresponding services for industrial control equipment that has been applied before, to help industrial enterprises obtain the same guarantee

Schneider Electric also has many solutions to reduce the probability of this hazard. For example, for control products, after the failure of the control system, the built-in fault state preset function of the product can make all controlled equipment in a safe state, and will not cause larger-scale secondary disasters to the system. If an accident occurs, the product's complete maintenance features such as fault diagnosis and hot plug can greatly shorten the time of system recovery

it is understood that all industrial control systems are not independent information islands. They will form a large system and be connected together through networks. In this regard, Wang Bin said that enterprises need to constantly enhance the information security protection function of the system architecture of the entire control system. For example, Schneider Electric can provide specialized products such as Ethernet switches and firewalls that need to be improved in communication component equipment to enhance the system level information security function of the entire information security. In order to reduce the probability of occurrence, Schneider Electric also has many solutions, from the early full network evaluation to the discovery of potential weaknesses, to network separation, boundary protection, segment separation, etc. By modifying the network architecture, we can reduce the network risk

Wang Bin said that Schneider Electric can not only provide equipment level, system level and management level defense solutions, but also provide perfect information security services. At present, all information security solutions of Schneider Electric have been published on the official website of Schneider Electric. There are some detailed information security deployment plans and perfect manuals, which can be downloaded for free. Schneider Electric can provide perfect solutions for the protection of information security, from early evaluation to solution design to integration to final training