CN107703901B - Bypass industrial control information safety industrial control system - Google Patents
Bypass industrial control information safety industrial control system Download PDFInfo
- Publication number
- CN107703901B CN107703901B CN201711165524.6A CN201711165524A CN107703901B CN 107703901 B CN107703901 B CN 107703901B CN 201711165524 A CN201711165524 A CN 201711165524A CN 107703901 B CN107703901 B CN 107703901B
- Authority
- CN
- China
- Prior art keywords
- data
- control system
- security
- information
- industrial control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004458 analytical method Methods 0.000 claims abstract description 12
- 238000004891 communication Methods 0.000 claims abstract description 7
- 230000001360 synchronised effect Effects 0.000 claims abstract description 7
- 238000005516 engineering process Methods 0.000 claims description 17
- 238000007726 management method Methods 0.000 claims description 12
- 230000007123 defense Effects 0.000 claims description 9
- 238000012550 audit Methods 0.000 claims description 8
- 230000002457 bidirectional effect Effects 0.000 claims description 8
- 230000000903 blocking effect Effects 0.000 claims description 8
- 230000002159 abnormal effect Effects 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 7
- 238000013523 data management Methods 0.000 claims description 5
- 230000003993 interaction Effects 0.000 claims description 3
- 238000000638 solvent extraction Methods 0.000 claims description 3
- 238000005192 partition Methods 0.000 claims description 2
- 230000009977 dual effect Effects 0.000 claims 1
- 239000000835 fiber Substances 0.000 claims 1
- 238000001914 filtration Methods 0.000 claims 1
- 238000012795 verification Methods 0.000 claims 1
- 238000000034 method Methods 0.000 description 7
- 238000006317 isomerization reaction Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001502 supplementing effect Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
- G05B19/4185—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/31—From computer integrated manufacturing till monitoring
- G05B2219/31088—Network communication between supervisor and cell, machine group
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Manufacturing & Machinery (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to a bypass industrial control information safety industrial control system, which comprises: the device comprises an operation layer, a control layer and an equipment layer, wherein IO information acquisition and control are realized between the control layer and the equipment layer through a field bus; the operation layer comprises a control system and a safety control system; the control layer comprises a safety gateway device and a standby gateway device for instruction analysis and IO multidimensional analysis; the security gateway equipment exchanges information with the control system through a standard network communication protocol, the security gateway equipment and the standby gateway equipment exchange information with the security management and control system through an industrial Ethernet, encryption and decryption processing is carried out on the information by adopting a national encryption and trust algorithm, and the security gateway equipment and the standby gateway equipment realize uplink synchronous data updating through the Ethernet. According to the invention, by adding the security gateway equipment, triple isomerism of data, networks and systems is carried out on the control system, a new bypass security management and control system is established, and triple security management and control of the data, the networks and the systems is realized.
Description
Technical Field
The invention relates to an industrial control system safety scheme, in particular to a bypass industrial control information safety industrial control system.
Background
In recent years, many efforts are made by the scientific and technological community of China, and a plurality of effective and beneficial defense technologies and solutions for industrial control information security are proposed, and the technologies can be divided into active technologies and passive technologies: one type is based on the traditional information security technology defense technology (passive type), mainly comprising firewall, intrusion detection, virus protection and the like, and can plug illegal users and unauthorized access attempting to acquire information resources from the outside of an industrial control system, but cannot prevent security threats from the inside of the industrial control system, such as: tampering and destruction of information within the system. Another category is active defense techniques such as: industrial control protocol deep analysis and the like, although the technology starts later, the development is rapid, but the technology has the following defects at present:
1) Currently limited to application in industrial ethernet networks, fieldbus has no application.
2) The technology is used for actively defending the industrial Ethernet from top to bottom against unidirectional attacks, and the industrial Ethernet is attacked first, so that the field bus and the equipment are attacked through the controller.
The final purpose of the attack is to destroy physical facilities, and the field bus is positioned at the bottom layer of the industrial control system network and is the most basic layer, so that the detection and active prevention of the attack are most direct and more effective at the layer.
At present, no industrial control network information safety mature solution based on field bus exists in China, which is an unavoidable and necessary bottleneck for industrial control system information safety, if the bottleneck is not solved as soon as possible, industrial equipment intercommunication in China is caused, and information sharing becomes an air pavilion with water and no cost.
Disclosure of Invention
The embodiment of the invention provides a bypass industrial control information security industrial control system, which is used for carrying out triple isomerism on data, networks and systems of the control system by adding security gateway equipment, establishing a new bypass security management and control system and realizing triple security management and control of the data, the networks and the systems.
The invention provides a bypass industrial control information safety industrial control system, which comprises: the system comprises an operation layer, a control layer and an equipment layer, wherein IO information acquisition and control are realized between the control layer and the equipment layer through a field bus;
the operation layer comprises a control system and a safety control system; the safety management and control system is used for providing a safe and reliable information interaction channel for the upper MES system or the cloud big data server; the control layer comprises a safety gateway device and a standby gateway device for instruction analysis and IO multidimensional analysis;
the safety gateway equipment exchanges information with the control system through a standard network communication protocol, the safety gateway equipment and the standby gateway equipment exchange information with the safety control system through an industrial Ethernet and encrypt and decrypt the information by adopting a national secret trusted algorithm, and the safety gateway equipment and the standby gateway equipment realize uplink synchronous data updating through the Ethernet.
In the bypass industrial control information safety industrial control system, the Ethernet adopts the optical fiber exchanger with the physical safety control technology to realize data transmission.
In the bypass industrial control information security industrial control system of the present invention, the security gateway device includes:
the data management module is used for carrying out data classification, data classification and data partitioning to realize IO multidimensional definition and analysis;
the data auditing module is used for conducting bidirectional instruction auditing, address auditing and bidirectional data threshold auditing;
the encryption and decryption module is used for encrypting and decrypting the information exchanged with the security management and control system;
and the alarm module is used for generating and outputting an alarm signal according to the security audit result.
In the bypass industrial control information safety industrial control system, the alarm module is a GPRS module so as to generate and output short message alarm information.
In the bypass industrial control information safety industrial control system, the alarm module is an LED indicator lamp so as to generate and output lamplight alarm.
In the bypass industrial control information safety industrial control system, the alarm module outputs an alarm signal to the safety control system through an Ethernet port.
In the bypass industrial control information security industrial control system, the security gateway equipment and the standby gateway equipment both adopt intelligent field bus modules with double-port RAM interfaces so as to realize IO information acquisition and control of the equipment layer.
In the bypass industrial control information security industrial control system, the security gateway equipment adopts a working mode, the standby gateway equipment adopts a frame listening mode, and the field bus module of the standby gateway equipment receives and transmits data through the frame listening field bus, so that the uplink synchronous data update of the standby gateway equipment and the security gateway equipment is realized.
In the bypass industrial control information safety industrial control system, the control layer is also provided with a controller, and the controller realizes data transmission with the control system and the safety gateway equipment respectively through a standard network communication protocol.
The bypass industrial control information safety industrial control system does not change all equipment, networks and functions of the original industrial control system, and is applicable to large, medium and small industrial control systems and industrial control networks which are newly built or modified. Only a gateway cabinet or distributed installation is needed to be additionally arranged in the main control room, the construction is convenient, the cost is low, and the maintenance is easy. The safety control system is used as a standby monitoring system of the control system and is used for monitoring and managing important data, process and information of the control system. The method realizes the conversion from blocking to dredging of an industrial control information security system, and mainly comprises the steps of supplementing holes one by one, and analyzing and dredging from a data source. The method realizes the transition of the security defense of the industrial control network from 'up' to 'down', and changes the prior industrial control network top Ethernet defense arrangement into the two-way defense of the field bus at the bottom layer. The method realizes the transformation from point to surface of industrial control information security technology, and changes the application of the prior local security technology into the transformation of triple heterogeneous integral security system.
Drawings
FIG. 1 is a block diagram of a bypass industrial control information security industrial control system of the present invention.
Detailed Description
As shown in fig. 1, which is a block diagram of a bypass industrial control information security industrial control system according to the present invention, the control system according to the present invention is divided into three layers from a network structure, including: the system comprises an operation layer, a control layer and an equipment layer, wherein information exchange is realized between the operation layer and the control layer through an industrial Ethernet, and IO information acquisition and control are realized between the control layer and the equipment layer through a field bus.
As shown in fig. 1, the operation layer includes a control system 1 and a safety management system 2. The security management and control system 2 is used for providing a safe and reliable information interaction channel for an upper MES system or a cloud big data server, and an information security bridge from a data top layer to a bottom layer is established. The control layer comprises a security gateway device 3 and a standby gateway device 4 for instruction analysis and IO multidimensional parsing to implement bi-directional active security defense. The security gateway device 3 exchanges information with the control system 1 through a standard network communication protocol, the security gateway device 3 and the standby gateway device 4 exchange information with the security management and control system 2 through an industrial Ethernet, the Ethernet realizes data transmission by adopting an optical fiber switch 5 with a physical security controlled technology, and the data transmission adopts a national cryptographic trusted algorithm for encryption and decryption. The security gateway device 3 and the standby gateway device 4 realize uplink synchronous data update through the ethernet. The device layer comprises a plurality of devices 7.
On the premise of keeping the integrity and the device independence of the original technology of the system, the system of the invention carries out data isomerization and network isomerization on the original system by adding the safety gateway device 3 and the standby gateway device 4, thereby realizing the isomerization of the bypass system, integrating various controllable and autonomous innovative safety technologies in the isomerization process, and establishing a triple information safety management and control system of the data, the network and the system. The security gateway device 3 includes: the system comprises a data management module, a data auditing module, an encryption and decryption module and an alarm module.
And the data management module is used for carrying out data classification, data classification and data partitioning so as to realize IO multidimensional definition and analysis.
(1) The data classification is specifically as follows:
a. uplink data: analog quantity input (telemetry), state quantity input (remote signaling), pulse quantity input (remote pulse);
b. downlink data: analog output (remote control), state quantity output (remote control).
(2) Data classification, specifically, classifying data into:
a. important: immediately alarming, and setting upper and lower limit thresholds;
b. secondary: delay early warning, setting upper and lower limit thresholds;
c. conventional: does not alarm and has no threshold value.
Wherein, the downlink data are all important data; uplink data classification (improving real-time performance).
(3) The data partition specifically comprises:
the important and secondary classified data are divided into regional attributes according to the geographical position of important facilities, and if a plurality of classified data of the same region are abnormal at the same time (m is selected as n strategy), an alarm can be immediately given.
And the data auditing module is used for conducting bidirectional instruction auditing, address auditing and bidirectional data threshold auditing.
(1) Two-way instruction auditing:
a. uplink port: information frame format, integrity checking, abnormal control frame;
b. downstream port: repeated control frames, bus noise attacks, data anomaly frames.
(2) Address auditing: substation address range, on-line/off-line of the substation.
(3) Two-way data threshold auditing:
a. uplink data: whether the remote measurement, remote pulse and remote signaling values are normal;
b. downlink data: whether the remote control operation value and the point number are adjusted remotely are normal.
And the APT attack, abnormal control and illegal data can be deeply analyzed, filtered, alarmed, blocked and tracked through the security audit.
And the encryption and decryption module is used for encrypting and decrypting the information exchanged with the security management and control system 2, and encrypting and decrypting by adopting a national encryption and trusted algorithm.
And the alarm module is used for generating and outputting an alarm signal according to the security audit result. In the implementation, the alarm module can adopt a GPRS module, and an RS-232 port of the security gateway device 3 is connected with the GPRS module to generate and output short message alarm information. The alarm module can adopt LED indicator lights to generate and output lamplight alarms. The alarm module can output an alarm signal to the safety control system 2 through an Ethernet port.
The security gateway device 3 adopts the following defense technique for security anomalies: alarm, blocking and linkage protection. The bidirectional instruction audit adopts an alarm and blocking mode; address auditing adopts an alarm mode; the two-way data threshold audit adopts the forms of alarm, blocking and linkage protection.
The safety gateway device 3 and the standby gateway device 4 both adopt intelligent field bus modules with dual-port RAM interfaces to realize IO information acquisition and control of a device layer. The read-write format and the field bus data area of the dual-port RAM are the same, so that corresponding intelligent field bus modules can be selected for different H2 field buses (such as Profibus-DP, deviceNet, lonWorks and the like); the software drivers are identical and only the field bus type in the configuration file of the device needs to be modified.
The safety gateway device 3 adopts a working mode, the standby gateway device 4 adopts a frame listening mode, and the field bus module of the standby gateway device 4 receives and transmits data through the frame listening field bus, so that the uplink synchronous data update of the standby gateway device 4 and the safety gateway device 3 is realized.
In a specific implementation, the control layer may further be provided with a controller 6, where the controller 6 realizes data transmission with the control system 1 and the security gateway device 3 through a standard network communication protocol, respectively.
According to the invention, by adding the safety gateway device 3 and the standby gateway device 4 and by-passing heterogeneous information, redundant double networks can be configured, and the standby gateway device 4 can still guarantee the safety control of the bottom layer device of the industrial control system for the extreme case that the controller 6 and the safety gateway device 3 are abnormal at the same time.
The foregoing description of the preferred embodiments of the invention is not intended to limit the scope of the invention, but rather to enable any modification, equivalent replacement, improvement or the like to be made without departing from the spirit and principles of the invention.
Claims (8)
1. A bypass industrial control information security industrial control system, comprising: the system comprises an operation layer, a control layer and an equipment layer, wherein information exchange is realized between the operation layer and the control layer through an industrial Ethernet, and IO information acquisition and control are realized between the control layer and the equipment layer through a field bus;
the operation layer comprises a control system and a safety control system; the safety management and control system is used for providing a safe and reliable information interaction channel for the upper MES system or the cloud big data server; the control layer comprises a safety gateway device and a standby gateway device for instruction analysis and IO multidimensional analysis;
the safety gateway equipment exchanges information with the control system through a standard network communication protocol, the safety gateway equipment and the standby gateway equipment exchange information with the safety control system through an industrial Ethernet and encrypt and decrypt the information by adopting a national secret trusted algorithm, and the safety gateway equipment and the standby gateway equipment realize uplink synchronous data updating through the Ethernet;
the security gateway device includes: the system comprises a data management module, a data auditing module, an encryption and decryption module and an alarm module;
the data management module is used for carrying out data classification, data classification and data partitioning to realize IO multi-dimensional definition and analysis;
(1) The data classification is specifically as follows:
a. uplink data: analog quantity input, state quantity input and pulse quantity input;
b. downlink data: analog quantity output and state quantity output;
(2) Data classification, specifically, classifying data into:
a. important: immediately alarming, and setting upper and lower limit thresholds;
b. secondary: delay early warning, setting upper and lower limit thresholds;
c. conventional: alarm is not given, and a threshold value is not provided;
wherein, the downlink data are all important data; classifying uplink data;
(3) The data partition specifically comprises:
dividing the important and secondary classified data into regional attributes according to the geographic position of the important facility, and immediately alarming if a plurality of classified data of the same region are abnormal at the same time;
the data auditing module is used for conducting bidirectional instruction auditing, address auditing and bidirectional data threshold auditing; the advanced analysis, filtering, alarming, blocking and tracking of APT attack, abnormal control and illegal data are realized through the safety verification energy;
(1) Two-way instruction auditing:
a. uplink port: information frame format, integrity checking, abnormal control frame;
b. downstream port: repeated control frames, bus noise attacks, data anomaly frames;
(2) Address auditing: the address range of the substation and the online/offline of the substation;
(3) Two-way data threshold auditing:
a. uplink data: whether the analog quantity input, the state quantity input and the pulse quantity input values are normal or not;
b. downlink data: whether the analog quantity output, the state quantity output operation value and the point number are normal or not;
the encryption and decryption module is used for encrypting and decrypting the information exchanged with the security management and control system;
the alarm module is used for generating and outputting an alarm signal according to the security audit result;
the security gateway device adopts the following defense technology for security anomalies: alarming, blocking and linkage protection; the bidirectional instruction audit adopts an alarm and blocking mode; address auditing adopts an alarm mode; the two-way data threshold audit adopts the forms of alarm, blocking and linkage protection.
2. The bypass industrial control system for industrial information security as described in claim 1, wherein the ethernet network uses a fiber optic switch with physical security controlled technology to implement data transmission.
3. The bypass industrial control system according to claim 1, wherein the alarm module is a GPRS module for generating and outputting a short message alarm message.
4. The bypass industrial control information security industrial control system of claim 1, wherein the alarm module is an LED indicator light to generate and output a light alarm.
5. The bypass industrial control information security industrial control system of claim 1, wherein the alarm module outputs an alarm signal to the security management and control system through an ethernet port.
6. The bypass industrial control information security industrial control system of claim 1, wherein the security gateway device and the standby gateway device each employ an intelligent field bus module with a dual port RAM interface to implement IO information collection and control for the device layer.
7. The bypass industrial control system according to claim 6, wherein the security gateway device adopts a working mode, the standby gateway device adopts a frame listening mode, and a field bus module of the standby gateway device receives and transmits data through a frame listening field bus, so that uplink synchronous data update of the standby gateway device and the security gateway device is realized.
8. The bypass industrial control information security industrial control system according to claim 1, wherein the control layer is further provided with a controller, and the controller realizes data transmission with the control system and the security gateway device respectively through a standard network communication protocol.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711165524.6A CN107703901B (en) | 2017-11-21 | 2017-11-21 | Bypass industrial control information safety industrial control system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711165524.6A CN107703901B (en) | 2017-11-21 | 2017-11-21 | Bypass industrial control information safety industrial control system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107703901A CN107703901A (en) | 2018-02-16 |
CN107703901B true CN107703901B (en) | 2023-12-19 |
Family
ID=61185797
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711165524.6A Active CN107703901B (en) | 2017-11-21 | 2017-11-21 | Bypass industrial control information safety industrial control system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107703901B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109118745B (en) * | 2018-07-12 | 2020-12-15 | 国网江西省电力有限公司电力科学研究院 | Industrial control information sending system |
CN111176223A (en) * | 2019-10-22 | 2020-05-19 | 青岛海尔工业智能研究院有限公司 | Production line safety management system and method |
CN112346423A (en) * | 2020-11-16 | 2021-02-09 | 中冶赛迪电气技术有限公司 | Intelligent MCC hierarchical control system based on optical fiber communication technology |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101695069A (en) * | 2009-10-22 | 2010-04-14 | 南京科远自动化集团股份有限公司 | Enetgw communication gateway |
CN103036886A (en) * | 2012-12-19 | 2013-04-10 | 珠海市鸿瑞软件技术有限公司 | Industrial controlling network safety protecting method |
CN103167543A (en) * | 2011-12-19 | 2013-06-19 | 中国科学院沈阳自动化研究所 | Redundance gateway based on windows image acquisition (WIA) network |
CN104908779A (en) * | 2015-05-05 | 2015-09-16 | 南车株洲电力机车研究所有限公司 | Marshalling double-heading data flow redundancy method and system |
CN106302806A (en) * | 2016-09-13 | 2017-01-04 | 腾讯科技(深圳)有限公司 | A kind of method of data synchronization, system, synchronous obtaining method and relevant apparatus |
CN106341396A (en) * | 2016-08-24 | 2017-01-18 | 北京匡恩网络科技有限责任公司 | Industrial control system with intrusion tolerance and security protection method |
CN106452854A (en) * | 2016-09-27 | 2017-02-22 | 南京国电南自轨道交通工程有限公司 | Subway comprehensive monitoring system synchronous communication method based on multi-connection primary-secondary redundancy |
CN106502234A (en) * | 2016-10-17 | 2017-03-15 | 重庆邮电大学 | Industrial control system method for detecting abnormality based on double skeleton patterns |
CN106921994A (en) * | 2017-03-21 | 2017-07-04 | 中国科学院信息工程研究所 | The multidimensional cooperative monitoring processing system and platform of a kind of facing moving terminal |
CN207557748U (en) * | 2017-11-21 | 2018-06-29 | 丹东华通测控有限公司 | A kind of bypass industry control information security industrial control system |
-
2017
- 2017-11-21 CN CN201711165524.6A patent/CN107703901B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101695069A (en) * | 2009-10-22 | 2010-04-14 | 南京科远自动化集团股份有限公司 | Enetgw communication gateway |
CN103167543A (en) * | 2011-12-19 | 2013-06-19 | 中国科学院沈阳自动化研究所 | Redundance gateway based on windows image acquisition (WIA) network |
CN103036886A (en) * | 2012-12-19 | 2013-04-10 | 珠海市鸿瑞软件技术有限公司 | Industrial controlling network safety protecting method |
CN104908779A (en) * | 2015-05-05 | 2015-09-16 | 南车株洲电力机车研究所有限公司 | Marshalling double-heading data flow redundancy method and system |
CN106341396A (en) * | 2016-08-24 | 2017-01-18 | 北京匡恩网络科技有限责任公司 | Industrial control system with intrusion tolerance and security protection method |
CN106302806A (en) * | 2016-09-13 | 2017-01-04 | 腾讯科技(深圳)有限公司 | A kind of method of data synchronization, system, synchronous obtaining method and relevant apparatus |
CN106452854A (en) * | 2016-09-27 | 2017-02-22 | 南京国电南自轨道交通工程有限公司 | Subway comprehensive monitoring system synchronous communication method based on multi-connection primary-secondary redundancy |
CN106502234A (en) * | 2016-10-17 | 2017-03-15 | 重庆邮电大学 | Industrial control system method for detecting abnormality based on double skeleton patterns |
CN106921994A (en) * | 2017-03-21 | 2017-07-04 | 中国科学院信息工程研究所 | The multidimensional cooperative monitoring processing system and platform of a kind of facing moving terminal |
CN207557748U (en) * | 2017-11-21 | 2018-06-29 | 丹东华通测控有限公司 | A kind of bypass industry control information security industrial control system |
Also Published As
Publication number | Publication date |
---|---|
CN107703901A (en) | 2018-02-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11843628B2 (en) | Cyber security appliance for an operational technology network | |
Zhou et al. | A fog computing based approach to DDoS mitigation in IIoT systems | |
CN103391185B (en) | A kind of cloud security storage of track traffic Monitoring Data and processing method and system | |
Gao et al. | SCADA communication and security issues | |
CN107703901B (en) | Bypass industrial control information safety industrial control system | |
CN205670253U (en) | A kind of trusted gateway system of industrial control system | |
CN105204487A (en) | Intrusion detection method and intrusion detection system for industrial control system based on communication model | |
CN106911529A (en) | Power network industry control safety detecting system based on protocol analysis | |
CN109995796A (en) | Industrial control system terminal safety protection method | |
CN207557748U (en) | A kind of bypass industry control information security industrial control system | |
Coppolino et al. | Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study | |
CN110620791A (en) | Industrial safety data ferrying system with early warning function | |
CN209627407U (en) | The safety isolation network gate of limited connection | |
CN108279636A (en) | Industrial machine room security protection system | |
WO2021227465A1 (en) | Security defense method and system for industrial control system network | |
CN209805847U (en) | Safety production data front-end processor | |
Islam et al. | Secure real-time heterogeneous iot data management system | |
AbuEmera et al. | Security framework for identifying threats in smart manufacturing systems using STRIDE approach | |
CN103873469A (en) | Broadcast control system | |
Mahboob et al. | Intrusion avoidance for SCADA security in industrial plants | |
CN112437054A (en) | Vehicle ad hoc network safety control method based on optical transmission | |
CN112532612A (en) | Industrial control network safety protection system | |
Calvo et al. | Key Vulnerabilities of Industrial Automation and Control Systems and Recommendations to Prevent Cyber-Attacks. | |
Pricop | Security of industrial control systems-an emerging issue in romania national defense | |
RU113442U1 (en) | AUTOMATED PROTECTED INFORMATION MANAGEMENT SYSTEM IN A TERRITORALLY DISTRIBUTED APPLIED MANAGEMENT SYSTEM |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |