CN103941652A - Method and device suitable for security protection and security audit of various DCS production control systems - Google Patents
Method and device suitable for security protection and security audit of various DCS production control systems Download PDFInfo
- Publication number
- CN103941652A CN103941652A CN201310022236.0A CN201310022236A CN103941652A CN 103941652 A CN103941652 A CN 103941652A CN 201310022236 A CN201310022236 A CN 201310022236A CN 103941652 A CN103941652 A CN 103941652A
- Authority
- CN
- China
- Prior art keywords
- dcs
- data
- security
- security protection
- collection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to computer software, hardware and wireless communication technologies, particularly to a method and device suitable for security protection and security audit of various DCS production control systems. The method and device provide functions of DCS picture monitoring, operating recording, event backtracking, identity authentication, authority control, security data exchange, operation management optimization, can form a production control system information security integrated solution together with conventional information security products such as a firewall and network security audit, and all or part of modules of the method and device are suitable for security protection of industrial production control fields such as power grid and petrochemistry. The method and device is independent of a DCS host, does not install any software plug-ins, and has no influence on DCS production control quality and reliability; and the method and device in the invention innovatively adopts an I/O device tandem connection method to collect and control behavior data of the DCS, realizes security protection and security audit of the DCS, and filling up the blank of DCS security protection and audit products in the domestic market.
Description
Technical field
The present invention relates to information security, digital signature, computer software, hardware and the network communications technology, particularly a kind of method and apparatus that is applicable to the security protection of all kinds of DCS production control system and security audit.
Background technology
All kinds of DCS production control systems have fund-intensive and technology-intensive feature, taking electricity power enterprise as example, a 1000MW thermal power generation unit cost is about 5,000,000,000 yuan, and an enterprise generally has one or several genset, transmits electric power to electrical network with the productive capacity taking on a certain scale; The generating set degree of depth depends on robotization control, and master control all adopts monoblock collective and distributive type DCS production control system, and a unit is equipped with a set of master control DCS and number cover auxiliary control system.DCS production control system is similar to the nerve center of genset, responds to tens thousand of sensors that spread all over unit, coordinates to control main and auxiliary equipment operation and produces, and directly affects equipment health and the economy operation of genset.Due to production control system fault or maloperation, gently cause genset tripping operation, electrical network and user are impacted; Heavy cause the great damage of equipment, even there is human casualty accident.For this reason, the security protections to DCS at different levels of industry and enterprise are attached great importance to, and according to the principle of " network partition, private network are special, lateral isolation, longitudinally certification ", production control system are protected as a closed system.
But under the dual-pressure of financial responsibility and social responsibility, the security protection ability of sacrificial system is selected by tradition DCS business men and electricity power enterprise, concentrate one's energy to improve the control quality of system and the reliability of raising system, thereby cause the security protection of the DCS of generation current enterprise production system to have very large protection blank, and the security protection means that cannot adopt other industry generally to adopt, form some security protection difficult points:
1. power station production control system main frame reinforcement measure cannot be completely practicable.Because current power station unit generating capacity is larger, unit tripping is very large to electric network influencing, guarantee that production control system safe and stable operation is enterprise and system contractor's maximum target, by industrial practice, production control system main frame does not allow any software except host operating system and control system is installed, thereby the security protection softwares such as anti-virus software cannot be installed;
2. production control great Qu and other network partition must safety be isolated, and only allow the production real time data of production control great Qu to other network partition one-way transmission necessity.For anti-virus software, main frame patch server software etc. need to from external network regularly obtain upgrade code safety prevention measure cannot production control great Qu implement;
3. modern fuel-burning power plant automaticity is high, all according to the fixing post that requires of industry " new factory new method ", 1000MW unit actual motion personnel are only equipped with 3-5 people, the operational management post of some important system quantity of delimiting the organizational structure is little, Position Responsibility is very concentrated, cause information security function too concentrated, even there is system management, data base administration is even developed, operation and maintenance concentrates on a people phenomenon, lack again effective security audit and complete event is reviewed means, give system safety operation, crash analysis and behavior auditing bring very large hidden danger,
4. the production feature of power industry is that uninterrupted operation continuously in 7 × 24 hours is produced in generating, generating set is expensive simultaneously, system complex, and automaticity is high, rely on very much control system, do not allow system to carry out all kinds of safety on line test and appraisal from safety in production angle.Cause and cannot carry out daily comparatively deep security inspection to main frame, only in the time that compressor emergency shutdown overhauls, do some security protection inspection work, system routine security protection management is proposed to higher requirement;
5. the universal of portable computer, movable storage device and 3G network isolated, formed larger threat without the production control system of anti-virus software and patch upgrading protection simple employing " Network Isolation, private network is special " at present.Exist external engineering maintainer's portable computer to carry Virus entry, movable storage device ferry-boat formula is attacked, and 3G network is broken numerous risks such as private network isolation.Only can prevent by stricter machine room discrepancy system and Host Administration at present.
The industrial circle such as State Grid Corporation of China and petrochemical complex also have apparatus expensive, automaticity high, produce uninterrupted etc. and the similar feature of electricity power enterprise.SCADA power scheduling and the telecontrol system of State Grid Corporation of China, the industrial automation control system that petroleum chemical enterprise is used, the products that adopt company such as international well-known industry control brand such as ABB, GE, Rockwell (Rockwell), Honeywell (Honeywell), Emerson (Ai Mosheng), Siemens (Siemens) etc. more, closely similar with the situation of electricity power enterprise, the professional security protection difficult point that electricity power enterprise exists is perplexing these industry and enterprises too.
In October, 2010, the viral large area outburst of Stuxnet " shake net " of the first special destruction industrial control system in the whole world, causes Iranian nuclear power station to postpone generating, casts one piece of cookle in protecting information safety industry.This virus for SiemensWinCC monitoring be widely used in generating, electrical network, petrochemical industry and other industrial control fields with acquisition system, to cause that every profession and trade pays much attention to, every profession and trade is very urgent to the demand of ripe industrial control field safety product.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of security protection novel, that be applicable to all kinds of DCS production control systems of domestic electricity power enterprise and the method and apparatus of security audit.The functions such as system interface monitoring, operation note, event are recalled, authentication, control of authority, secure data exchange, operational management optimization are provided, can form electricity power enterprise's production control system information security total solution with the conventional information such as fire wall, network security audit safety product, all or part of module of product is applicable to the security protection of the commercial production such as electrical network, petrochemical industry control field.
The present invention adopts following technical scheme:
The security protection of DCS production control system and the method for auditing safely of innovation, comprise the following steps:
1. do not affecting under the prerequisite of DCS system control quality and reliability, by monitor, keyboard, mouse serial connection mode, collection, storage and playback DCS operator station, engineer station's picture and operation note, realize the DCS of electricity power enterprise production control system overall monitor and audit;
2. the certification of DCS Operation and Maintenance personnel identity and the control of authority function that meet electricity power enterprise's production management reality are provided, the identification means such as optional IC-card, RFID radio-frequency card, Fingerprint Identification Unit, give validated user keyboard, mouse operating authorities according to authority configuration flexibly, record identity audit log, meet the demand of electricity power enterprise to the management of DCS production control system O&M personal security and audit;
3. adopt CA signature authentication technology, for DCS main frame increases ferry-boat formula secure data switching equipment.To the data of input DCS system, according to the management process of electricity power enterprise in product outside (as Enterprise MIS management information system) apply for, check, approval and digital signature, after secure data switching equipment is confirmed not to be tampered, let pass and enter DCS system by the data after the mobile memory medium copy signature of certification; To output data, with authenticate mobile memory medium copy out through secure data switching equipment; Authority configuration mode is flexibly provided, records input and output daily record, realize safety management and audit to DCS production control system;
4. the time limit that the data such as the DCS system interface that gathered, personnel's operation note, authentication record, exchanges data record need according to user preserves for a long time, provide friendly interface, management tool software easy to operate, complete function represent and analyze, in conjunction with the built SIS plant level supervisory information system of electricity power enterprise and the poor economy competition software of consumption, for electricity power enterprise's event is recalled, crash analysis, performance evaluation, staff training, operational management optimization provide strong technical support;
5. product is perfect through the industry specialists demonstrations such as national Electricity Monitoring Commission and typical electricity power enterprise pilot, obtains power industry and is suitable for qualification, meets the requirement of electricity power enterprise's electric power secondary system security protection;
6. product authenticates the information system security class protection assessment center certification with the Ministry of Public Security through China Information Technology Security Evaluation Center, and obtaining three-level system selling license proves, meets electricity power enterprise's three grades of infosystem hierarchical protection requirement;
7. product and fire wall, network security audit, other conventional information safety products such as network uni-directional physical isolation apparatus form complete production control system security protection solution, utilize the function of safety protection such as the monitor audit of this Realization of Product to DCS system, utilize fire wall and Network Security Audit System to realize safety management and the audit to external engineering maintenance personnel computer access DCS grid, utilize network uni-directional physical isolation apparatus to realize the physical isolation of DCS system and other system, form system at the production control great Qu of electricity power enterprise, network, three, the border omnibearing security protection system of level, fill up the blank of the production control great Qu of generation current enterprise general safety protection.
The present invention includes a kind of security protection of DCS production control system and the device of security audit:
Hardware components:
DCS security protection and security audit main frame (server): for moving data, logout playback and analysis software, the system configuration of background service program, reception and storage front-end data acquisition device;
Front end VGA video data acquiring device: in the mode being connected in series, from DCS main frame and operator station acquisition operations picture, compression, be sent to server stores after preferential, packed data as far as possible under the prerequisite of guaranteeing image quality;
Front end keyboard and mouse data collector: in the mode being connected in series, from the operation note of DCS main frame and operator station collection keyboard and mouse, be sent to server stores; Reserved expansion interface on device, the dissimilar authentication means of can pegging graft, receives the user profile from authentication means, distinguishes authority, open or forbid the operation of user to keyboard and mouse; Front-end information display device interface is also provided on device, shows current operation personal information and other system prompt or alarm;
Authentication means: the device of developing respectively the different identity checking means such as IC-card, rfid card/China second-generation identity card, fingerprint, scrambler, USB Key, the reserved expansion interface of access front end keyboard and mouse data collector, the subscriber identity information of collection is delivered to front end keyboard and mouse data collector, for verifying authorization;
Ferry-boat formula secure data switch: adopt CA signature authentication technology and mobile memory medium authentication techniques, can write authentication information to the mobile memory medium inserting and carry out authorization identifying, only have the mobile memory medium authenticating could on this device, carry out data exchange operation.First,, according to the management process of electricity power enterprise, beyond this device, (as Enterprise MIS management information system) used the digital signature tools/controls that product software part provides, and the data of DCS system to be entered and approver's information are carried out to digital signature; Then, let pass and enter DCS system host (Windows or Unix operating system, Windows is in the majority) after secure data switching equipment is confirmed not to be tampered by the data after the mobile memory medium copy signature of certification; When output data, use the mobile memory medium of certification to copy out through secure data switching equipment; Data message and the authentication information of input and output are sent to server stores, realize safety management and audit to DCS production control system inputoutput data;
Front-end information display device: connect from front end keyboard and mouse data collector information output interface, be installed on operation O&M personnel's display below, show current operation personal information and other system prompt or audible and visual alarm by LED liquid crystal display.
Software section:
Behavior collection and memory module: run on server end; Receive multichannel front end VAG video data acquiring device data, be saved to memory device, according to the requirement of picture playback and longer-term storage compress, segmentation etc. optimizes storage, when conditions permit, the longer the better storage time; Receive multichannel front end keyboard, mouse harvester data, be saved to memory device; Configuration front end VGA video data acquiring device parameter;
Behavior tracking and playback audit module: run on server end; Can, according to mode playback picture and operation notes such as time, personnel, value time, order of classes or grades at school and events, support single picture and many picture playbacks, consider to support multi-display playback; Support the fragment collection of picture and service data, classification, remarks and derivation to preserve; Personal management and value are inferior, order of classes or grades at school configuration;
Authentication and authority management module: run on server end; Receive multichannel front end keyboard and mouse data collector data, be saved to memory device, be optimized storage according to replay request; Can be by personnel, value time, the mode such as order of classes or grades at school to controlled keyboard and mouse batch operation authority; By time, personnel, value time, authority License Status, authentication historical record screen inquiry and added up; Personal management and authority configuration; Configuration front end keyboard and mouse data collector parameter;
Secure data exchange management and control and audit module: run on server end; Receive the DCS system inputoutput data information of ferry-boat formula secure data switch record; Can screen inquiry and statistics by time, file bag title, approver, authentication store medium everyone, authentication state;
Behavioural analysis, abnormality alarming, performance appraisal and operation optimum management module: run on service end; Authentication record, secure data exchange record, keyboard and mouse operation note are carried out to statistical study; Abnormal alarm parameter is set, abnormal operation is carried out to alarm prompting; In conjunction with SIS plant level supervisory information system, operating personnel are carried out to performance appraisal, according to the period automatic screening operation note of the poor economic analysis of SIS system consumption, for playback and study; Produce real-time data base in conjunction with SIS plant level supervisory information system, the default rule of reminding, in the time that production real time data meets default prompting rule, forward end information display device sends prompting message, reminds operating personnel to retrieve for examination in time dependent picture, promotes operation optimum management;
Third party software data exchange interface: output interface, provide the data-interface such as picture and operation through fire wall to management information great Qu, call for third party software; Input interface, obtains unit through fire wall from production control great Qu SIS plant level supervisory information system real-time data base and produces in real time and historical data, for performance appraisal and operation optimum management analysis.
Compared with prior art, embodiment of the present invention tool has the following advantages:
Irrelevant with DCS system host, any software package is not installed, on DCS production control quality and reliability without impact;
The employing I/O input-output device serial connection mode of innovation formula gathers and management and control the behavioral data of DCS system, realizes the protection of DCS security of system and security audit;
Product applicability is strong, because only realizing security management and control by I/O equipment, adopts which kind of DCS production control system irrelevant with main frame, is applicable in theory all kinds of brand DCS production control systems;
Fill up the blank of the DCS of home market electricity power enterprise security protection and audit product, avoid, on DCS main frame, the safety information products such as anti-virus software are installed, avoid threatening control quality and the reliability of DCS system.
Brief description of the drawings
Fig. 1 is embodiments of the invention schematic diagram.
Embodiment
Below in conjunction with accompanying drawing, the embodiment of the embodiment of the present invention is described in further detail.
As shown in Figure 1, be the enforcement schematic diagram of the system (comprising software and hardware) in the present invention.
The connection of system:
The keyboard of DCS and mouse connect the device of this invention, then by keyboard and mouse connecting line, the keyboard of DCS and mouse input are connected with keyboard and the mouse output of the device of this invention;
The VGA output of DCS is divided into two by VGA separation vessel, and a road connects DCS display, and another road connects the device of this invention;
The USB of DCS is connected with the device in this invention by USB line, or the Ethernet interface of DCS is connected with an Ethernet interface in this invention;
ID card, rfid card, card reader of ID card can be connected with the device in this invention by USB or RS232;
Fingerprint device/finger scan machine can be connected with the device in this invention by USB or RS232;
Scrambler can be connected with the device in this invention by USB or RS232;
Equipment in this invention is move media: USB flash disk, S A T A hard disk, I D E hard disk provide U S B or other corresponding interface.
Collection in this invention and control device provide ethernet line to be connected with LAN (Local Area Network);
Collection in this invention and control device are by connecting outer power supply source power supply.
Workflow:
First in this invention, on the collection on security protection and security audit server and control device managing software module, register collection and the control device in this invention, can use MAC Address or the hard disk of collection and control device to register for No. ID;
User presses the collection in this invention and control device after above-mentioned connected mode connection, opening device, and this device authenticates to security protection and security audit server by network, and after certification is passed through, this equipment enters data collection and control duty;
User administration software module in this invention on security protection and security audit server is registered user, for user provide ID card, rfid card, I.D. or password among any or their combination in any carry out customer identity registration;
ID card, rfid card, card reader of ID card or the scrambler that user provides by the collection in this invention and control device any one or their combination in any wherein reads user identity, the user identity reading is uploaded to security protection and security audit server by collection and control device, security protection and security audit server are identified user identity, validated user in this way, security protection and security audit server notification collection and control device are connected being connected of keyboard and mouse and DCS, thereby user has the authority that operates DCS with keyboard and mouse;
Collection in this invention and control device keyboard, mouse and the display to D C S carries out data acquisition, compression, keeps in and upload to security protection and security audit server by network;
In this invention, the behavior tracking of security protection and security audit server and playback audit software module can be according to mode playback picture and operation notes such as time, personnel, value time, order of classes or grades at school and events;
By the move media managing software module on security protection in this invention and security audit server, user's move media is registered, by move media managing software module to the move media identification file that writes a read-only not reproducible encryption in move media, the numbering that has comprised this move media in this encrypt file, user name, authority etc.
User inserts move media after the collection and control device in this invention, collection and control device can upload to the identification file of this move media in the security protection and security audit server in this invention, the numbering that security protection and security audit server were decrypted and read this move media by move media managing software module to move media identification file, user name, after the log-on message of authority and security protection and security audit server is checked move media and is credible move media, security protection and security audit server are by the authority of move media, move media content data file digital signature password passes back in the collection and control device in this invention,
Collection and control device are connected with the move media of DCS and are connected;
Gather and control device is checked the deciphering of move media content data file and digital signature by the key obtaining from security protection and security audit server, DCS can copy trusted file by the credible move media from collection and control device;
DCS also can be by the file copy on DCS to credible move media simultaneously, DCS first by file copy to gather and control device on, gather and control device will use the key obtaining from security protection and security audit server to being replicated file encryption and digital signature, then by the file copy after encryption and digital signature to feasible move media.
Collection in this invention and control device can upload to security protection and security audit server together with timestamp by above any operation; Security protection and security audit server will be uploaded to such an extent that information is processed and deposited in database, and user can be represented and inquire about all information by the software of security protection and security audit server.
Behavioural analysis, abnormality alarming, performance appraisal and operation optimum management software on security protection and security audit server carries out statistical study to authentication record, secure data exchange record, keyboard and mouse operation note; Abnormal alarm parameter is set, abnormal operation is carried out to alarm prompting; In conjunction with SIS plant level supervisory information system, operating personnel are carried out to performance appraisal, according to the period automatic screening operation note of the poor economic analysis of SIS system consumption, for playback and study; Produce real-time data base in conjunction with SIS plant level supervisory information system, the default rule of reminding, in the time that production real time data meets default prompting rule, forward end information display device sends prompting message, reminds operating personnel to retrieve for examination in time dependent picture, promotes operation optimum management.
By the description of above embodiment, those skilled in the art can be well understood to the present invention and can realize by the mode of software and hardware.Based on such understanding, the contribution part that technical scheme of the present invention is made prior art can embody with the form of software and hardware product.
Above-described embodiment of the present invention, does not form limiting the scope of the present invention.Any amendment of doing within the spirit and principles in the present invention, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.
Claims (6)
1.DCS production control system auth method: it is characterized in that, comprise the steps:
(1) first in this invention, on the collection on security protection and security audit server and control device managing software module, register collection and the control device in this invention, can use MAC Address or the hard disk of collection and control device to register for No. ID;
(2) user presses the collection in this invention and control device after above-mentioned connected mode connection, opening device, this device authenticates to security protection and security audit server by network, and after certification is passed through, this equipment enters data collection and control duty;
(3) in this invention, the user administration software module on security protection and security audit server is registered user, for user provide ID card, rfid card, I.D. or password among any or their combination in any carry out customer identity registration;
(4) the ID card that user provides by the collection in this invention and control device, rfid card, card reader of ID card or scrambler any one or their combination in any wherein reads user identity, the user identity reading is uploaded to security protection and security audit server by collection and control device, security protection and security audit server are identified user identity, validated user in this way, security protection and security audit server notification collection and control device are connected being connected of keyboard and mouse and DCS, thereby user has the authority that operates DCS with keyboard and mouse.
2.DCS production control system side behavior acquisition method: it is characterized in that, comprise the steps:
(1) collection in this invention and control device keyboard, mouse and the display to D C S carries out data acquisition, compression, keeps in and upload to security protection and security audit server by network;
(2) in this invention, the behavior tracking of security protection and security audit server and playback audit software module can be according to mode playback picture and operation notes such as time, personnel, value time, order of classes or grades at school and events.
3.DCS production control system mobile memory medium management method: it is characterized in that, comprise the steps:
(1) by the move media managing software module on security protection in this invention and security audit server, user's move media is registered, by move media managing software module to the move media identification file that writes a read-only not reproducible encryption in move media, the numbering that has comprised this move media in this encrypt file, user name, authority etc.;
(2) user inserts move media after the collection and control device in this invention, collection and control device can upload to the identification file of this move media in the security protection and security audit server in this invention, the numbering that security protection and security audit server were decrypted and read this move media by move media managing software module to move media identification file, user name, after the log-on message of authority and security protection and security audit server is checked move media and is credible move media, security protection and security audit server are by the authority of move media, move media content data file digital signature password passes back in the collection and control device in this invention,
(3) collection and control device are connected with the mobile memory medium of DCS and are connected;
(4) gather and control device is checked the deciphering of move media content data file and digital signature by the key obtaining from security protection and security audit server, DCS can copy trusted file by the credible move media from collection and control device;
(5) DCS also can be by the file copy on DCS to credible move media simultaneously, DCS first by file copy to gather and control device on, gather and control device will use the key obtaining from security protection and security audit server to being replicated file encryption and digital signature, then by the file copy after encryption and digital signature to credible move media.
4.DCS production control system behavior auditing method: it is characterized in that, comprise the steps
(1) collection in this invention and control device can upload to security protection and security audit server together with timestamp by above any operation; Security protection and security audit server will be uploaded to such an extent that information is processed and deposited in database, and user can be represented and inquire about all information by the software of security protection and security audit server;
(2) behavioural analysis, abnormality alarming, performance appraisal and the operation optimum management software on security protection and security audit server carries out statistical study to authentication record, secure data exchange record, keyboard and mouse operation note; Abnormal alarm parameter is set, abnormal operation is carried out to alarm prompting; In conjunction with SIS plant level supervisory information system, operating personnel are carried out to performance appraisal, according to the period automatic screening operation note of the poor economic analysis of SIS system consumption, for playback and study; Produce real-time data base in conjunction with SIS plant level supervisory information system, the default rule of reminding, in the time that production real time data meets default prompting rule, forward end information display device sends prompting message, reminds operating personnel to retrieve for examination in time dependent picture, promotes operation optimum management.
5. a device of realizing DCS production control system data collection and control according to the method described in right 1,2 and 3, is characterized in that at least comprising:
(1) front end VGA video data acquiring module: in the mode being connected in series, from DCS main frame and operator station acquisition operations picture, compression, be sent to server stores after preferential, packed data as far as possible under the prerequisite of guaranteeing image quality;
(2) front end keyboard and mouse data acquisition module: in the mode being connected in series, from the operation note of DCS main frame and operator station collection keyboard and mouse, be sent to server stores; Reserved expansion interface on device, the dissimilar authentication means of can pegging graft, receives the user profile from authentication means, distinguishes authority, open or forbid the operation of user to keyboard and mouse; Front-end information display device interface is also provided on device, shows current operation personal information and other system prompt or alarm;
(3) authentication module: the device of developing respectively the different identity checking means such as IC-card, rfid card/China second-generation identity card, fingerprint, scrambler, USB Key, the reserved expansion interface of access front end keyboard and mouse data collector, the subscriber identity information of collection is delivered to front end keyboard and mouse data collector, for verifying authorization;
(4) ferry-boat formula secure data Switching Module: adopt CA signature authentication technology and mobile memory medium authentication techniques, can write authentication information to the mobile memory medium inserting and carry out authorization identifying, only have the mobile memory medium authenticating could on this device, carry out data exchange operation.First,, according to the management process of electricity power enterprise, beyond this device, (as Enterprise MIS management information system) used the digital signature tools/controls that product software part provides, and the data of DCS system to be entered and approver's information are carried out to digital signature; Then, let pass and enter DCS system host (Windows or Unix operating system, Windows is in the majority) after secure data switching equipment is confirmed not to be tampered by the data after the mobile memory medium copy signature of certification; When output data, use the mobile memory medium of certification to copy out through secure data switching equipment; Data message and the authentication information of input and output are sent to server stores, realize safety management and audit to DCS production control system inputoutput data.
6. a server software of realizing security protection and security audit according to the method described in right 4, is characterized in that, comprising:
(1) behavior collection and memory module: run on server end; Receive multichannel front end VAG video data acquiring device data, be saved to memory device, according to the requirement of picture playback and longer-term storage compress, segmentation etc. optimizes storage, when conditions permit, the longer the better storage time; Receive multichannel front end keyboard, mouse harvester data, be saved to memory device; Configuration front end VGA video data acquiring device parameter;
(2) behavior tracking and playback audit module: run on server end; Can, according to mode playback picture and operation notes such as time, personnel, value time, order of classes or grades at school and events, support single picture and many picture playbacks, consider to support multi-display playback; Support the fragment collection of picture and service data, classification, remarks and derivation to preserve; Personal management and value are inferior, order of classes or grades at school configuration;
(3) authentication and authority management module: run on server end; Receive multichannel front end keyboard and mouse data collector data, be saved to memory device, be optimized storage according to replay request; Can be by personnel, value time, the mode such as order of classes or grades at school to controlled keyboard and mouse batch operation authority; By time, personnel, value time, authority License Status, authentication historical record screen inquiry and added up; Personal management and authority configuration; Configuration front end keyboard and mouse data collector parameter;
(4) secure data exchange management and control and audit module: run on server end; Receive the DCS system inputoutput data information of ferry-boat formula secure data switch record; Can screen inquiry and statistics by time, file bag title, approver, authentication store medium everyone, authentication state;
(5) behavioural analysis, abnormality alarming, performance appraisal and operation optimum management module: run on service end; Authentication record, secure data exchange record, keyboard and mouse operation note are carried out to statistical study; Abnormal alarm parameter is set, abnormal operation is carried out to alarm prompting; In conjunction with SIS plant level supervisory information system, operating personnel are carried out to performance appraisal, according to the period automatic screening operation note of the poor economic analysis of SIS system consumption, for playback and study; Produce real-time data base in conjunction with SIS plant level supervisory information system, the default rule of reminding, in the time that production real time data meets default prompting rule, forward end information display device sends prompting message, reminds operating personnel to retrieve for examination in time dependent picture, promotes operation optimum management;
(6) third party software data exchange interface: output interface, provide the data-interface such as picture and operation through fire wall to management information great Qu, call for third party software; Input interface, obtains unit through fire wall from production control great Qu SIS plant level supervisory information system real-time data base and produces in real time and historical data, for performance appraisal and operation optimum management analysis.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310022236.0A CN103941652A (en) | 2013-01-22 | 2013-01-22 | Method and device suitable for security protection and security audit of various DCS production control systems |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310022236.0A CN103941652A (en) | 2013-01-22 | 2013-01-22 | Method and device suitable for security protection and security audit of various DCS production control systems |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103941652A true CN103941652A (en) | 2014-07-23 |
Family
ID=51189367
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310022236.0A Pending CN103941652A (en) | 2013-01-22 | 2013-01-22 | Method and device suitable for security protection and security audit of various DCS production control systems |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103941652A (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104809932A (en) * | 2015-04-22 | 2015-07-29 | 北京广利核***工程有限公司 | Digitized security level control system simulation device of nuclear power plants |
| CN105528562A (en) * | 2014-10-22 | 2016-04-27 | 北京中电瑞铠科技有限公司 | A PS/2 mouse and keyboard operational audit and control method and device |
| CN105592107A (en) * | 2016-03-01 | 2016-05-18 | 南京富岛信息工程有限公司 | Device and method for safely collecting industrial process data on basis of FPGA |
| CN106559432A (en) * | 2016-12-06 | 2017-04-05 | 山东省电子信息产品检验院 | A kind of industrial control system and its safety device |
| CN106610886A (en) * | 2015-10-22 | 2017-05-03 | 阿里巴巴集团控股有限公司 | Operation record chain generation method and device |
| CN107193264A (en) * | 2017-06-07 | 2017-09-22 | 四川谊田集群科技有限公司 | The method and system that a kind of industrial automation event is traced to the source |
| CN107659421A (en) * | 2016-07-26 | 2018-02-02 | 耿跃峰 | A kind of intelligent industrial automated system |
| CN108011749A (en) * | 2017-11-09 | 2018-05-08 | 南京捷安信息科技有限公司 | A kind of auditing method of converting station debugging control device debugging configuration information |
| CN108848132A (en) * | 2018-05-28 | 2018-11-20 | 南京国电南自电网自动化有限公司 | A kind of distribution scheduling station system based on cloud |
| CN109917761A (en) * | 2019-03-13 | 2019-06-21 | 浙江浙能长兴天然气热电有限公司 | A kind of method and system improving DCS of Power Plant security protection |
| CN112115483A (en) * | 2020-09-27 | 2020-12-22 | 成都中科合迅科技有限公司 | Trusted computing application method for protecting nuclear power DCS (distributed control System) engineer station |
| WO2021147143A1 (en) * | 2020-01-21 | 2021-07-29 | 厦门邑通软件科技有限公司 | Operation behavior record management method, system, and device |
| CN114693280A (en) * | 2022-05-31 | 2022-07-01 | 山东国盾网信息科技有限公司 | Digital collaborative office platform based on electronic signature technology |
| CN115454784A (en) * | 2022-11-09 | 2022-12-09 | 成都成电金盘健康数据技术有限公司 | User behavior analysis system and method based on keyboard and mouse activity records |
| CN117093979A (en) * | 2023-10-19 | 2023-11-21 | 西安热工研究院有限公司 | Method, system and medium for trusted switching of DCS controller in non-network environment |
| CN117195240A (en) * | 2023-11-02 | 2023-12-08 | 西安热工研究院有限公司 | Trusted DCS upper computer data configuration verification and release method and system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH1115526A (en) * | 1997-06-26 | 1999-01-22 | Fuji Electric Co Ltd | Time sequential data processor, time sequential data processing method and storage medium recording time sequential data processing program |
| CN101201887A (en) * | 2006-12-15 | 2008-06-18 | 王耀 | Application method of id card in personal identification system |
| CN101222712A (en) * | 2008-02-02 | 2008-07-16 | 代邦(江西)制卡有限公司 | Mobile terminal supporting virtual SIM card and its user identity authentication method |
| CN101330386A (en) * | 2008-05-19 | 2008-12-24 | 刘洪利 | Authentication system based on biological characteristics and identification authentication method thereof |
| CN101441734A (en) * | 2007-11-19 | 2009-05-27 | 上海久隆电力科技有限公司 | Unite identification authentication system |
| CN101742504A (en) * | 2008-11-24 | 2010-06-16 | 国民技术股份有限公司 | Method for carrying out identity authentication by utilizing short messages |
| CN102722163A (en) * | 2012-06-27 | 2012-10-10 | 国核自仪***工程有限公司 | Distributed control system (DCS) network architecture |
-
2013
- 2013-01-22 CN CN201310022236.0A patent/CN103941652A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH1115526A (en) * | 1997-06-26 | 1999-01-22 | Fuji Electric Co Ltd | Time sequential data processor, time sequential data processing method and storage medium recording time sequential data processing program |
| CN101201887A (en) * | 2006-12-15 | 2008-06-18 | 王耀 | Application method of id card in personal identification system |
| CN101441734A (en) * | 2007-11-19 | 2009-05-27 | 上海久隆电力科技有限公司 | Unite identification authentication system |
| CN101222712A (en) * | 2008-02-02 | 2008-07-16 | 代邦(江西)制卡有限公司 | Mobile terminal supporting virtual SIM card and its user identity authentication method |
| CN101330386A (en) * | 2008-05-19 | 2008-12-24 | 刘洪利 | Authentication system based on biological characteristics and identification authentication method thereof |
| CN101742504A (en) * | 2008-11-24 | 2010-06-16 | 国民技术股份有限公司 | Method for carrying out identity authentication by utilizing short messages |
| CN102722163A (en) * | 2012-06-27 | 2012-10-10 | 国核自仪***工程有限公司 | Distributed control system (DCS) network architecture |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105528562A (en) * | 2014-10-22 | 2016-04-27 | 北京中电瑞铠科技有限公司 | A PS/2 mouse and keyboard operational audit and control method and device |
| CN105528562B (en) * | 2014-10-22 | 2019-11-12 | 北京中电瑞铠科技有限公司 | PS/2 mouse, keyboard operation audit and control method and device |
| CN104809932B (en) * | 2015-04-22 | 2017-09-01 | 北京广利核***工程有限公司 | A kind of nuclear power plant's digital safety level Control system simulation device |
| CN104809932A (en) * | 2015-04-22 | 2015-07-29 | 北京广利核***工程有限公司 | Digitized security level control system simulation device of nuclear power plants |
| CN106610886A (en) * | 2015-10-22 | 2017-05-03 | 阿里巴巴集团控股有限公司 | Operation record chain generation method and device |
| CN106610886B (en) * | 2015-10-22 | 2019-06-28 | 阿里巴巴集团控股有限公司 | A kind of operation note chain generation method and device |
| CN105592107B (en) * | 2016-03-01 | 2018-10-23 | 南京富岛信息工程有限公司 | A kind of safe harvester of industrial process data based on FPGA and method |
| CN105592107A (en) * | 2016-03-01 | 2016-05-18 | 南京富岛信息工程有限公司 | Device and method for safely collecting industrial process data on basis of FPGA |
| CN107659421A (en) * | 2016-07-26 | 2018-02-02 | 耿跃峰 | A kind of intelligent industrial automated system |
| CN106559432A (en) * | 2016-12-06 | 2017-04-05 | 山东省电子信息产品检验院 | A kind of industrial control system and its safety device |
| CN107193264B (en) * | 2017-06-07 | 2019-05-10 | 四川谊田集群科技有限公司 | A kind of method and system that industrial automation event is traced to the source |
| CN107193264A (en) * | 2017-06-07 | 2017-09-22 | 四川谊田集群科技有限公司 | The method and system that a kind of industrial automation event is traced to the source |
| CN108011749A (en) * | 2017-11-09 | 2018-05-08 | 南京捷安信息科技有限公司 | A kind of auditing method of converting station debugging control device debugging configuration information |
| CN108011749B (en) * | 2017-11-09 | 2021-01-08 | 南京捷安信息科技有限公司 | Auditing method for debugging configuration information of transformer substation debugging management and control device |
| CN108848132A (en) * | 2018-05-28 | 2018-11-20 | 南京国电南自电网自动化有限公司 | A kind of distribution scheduling station system based on cloud |
| CN109917761A (en) * | 2019-03-13 | 2019-06-21 | 浙江浙能长兴天然气热电有限公司 | A kind of method and system improving DCS of Power Plant security protection |
| WO2021147143A1 (en) * | 2020-01-21 | 2021-07-29 | 厦门邑通软件科技有限公司 | Operation behavior record management method, system, and device |
| CN112115483A (en) * | 2020-09-27 | 2020-12-22 | 成都中科合迅科技有限公司 | Trusted computing application method for protecting nuclear power DCS (distributed control System) engineer station |
| CN114693280A (en) * | 2022-05-31 | 2022-07-01 | 山东国盾网信息科技有限公司 | Digital collaborative office platform based on electronic signature technology |
| CN115454784A (en) * | 2022-11-09 | 2022-12-09 | 成都成电金盘健康数据技术有限公司 | User behavior analysis system and method based on keyboard and mouse activity records |
| CN117093979A (en) * | 2023-10-19 | 2023-11-21 | 西安热工研究院有限公司 | Method, system and medium for trusted switching of DCS controller in non-network environment |
| CN117093979B (en) * | 2023-10-19 | 2024-01-16 | 西安热工研究院有限公司 | Method, system and medium for trusted switching of DCS controller in non-network environment |
| CN117195240A (en) * | 2023-11-02 | 2023-12-08 | 西安热工研究院有限公司 | Trusted DCS upper computer data configuration verification and release method and system |
| CN117195240B (en) * | 2023-11-02 | 2024-05-28 | 西安热工研究院有限公司 | Trusted DCS upper computer data configuration verification and release method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103941652A (en) | Method and device suitable for security protection and security audit of various DCS production control systems | |
| CN208227074U (en) | Electric power monitoring system network security monitors terminal | |
| CN107171293B (en) | The system and method for relay protection O&M information multidimensional publication is realized in smart grid | |
| US8769412B2 (en) | Method and apparatus for risk visualization and remediation | |
| US10027711B2 (en) | Situational intelligence | |
| US10019677B2 (en) | Active policy enforcement | |
| CN103400226A (en) | Integrated tobacco industry information security, operation and maintenance application platform system | |
| CN102361354A (en) | Remote intensive management and control system of unattended converting station automatic system | |
| CN106055984A (en) | Classified management method applied to security baseline software | |
| CN115310078B (en) | Application method of auditing system on industrial production line | |
| CN106603488A (en) | Safety system based on power grid statistical data searching method | |
| Walker et al. | Cybersecurity in photovoltaic plant operations | |
| CN113506096B (en) | Inter-system interface method based on industrial internet identification analysis system | |
| CN112965981B (en) | Data checking method, device, computer equipment and storage medium | |
| Le Blanc et al. | Characterizing cyber tools for monitoring power grid systems: What information is available and who needs it? | |
| CN101159733B (en) | Electronic burst event management system | |
| CN115600189A (en) | Commercial password application security evaluation system | |
| JP2008027272A (en) | Site information management system | |
| CN106326769B (en) | A kind of field monitoring information processing unit | |
| CN114358439A (en) | Wisdom supervisory systems | |
| Lee et al. | Protection profile for secure e-voting systems | |
| CN104243401A (en) | Safety protecting method for large-scale network | |
| Mohammed et al. | Survey of information security risk management models | |
| Liu et al. | Study on Cyber Security Risk Assessment of Digital Instrumentation &Control System of Nuclear Power Plant | |
| Plummer MS | Cybersecurity Policy Rubric and Analysis for the State of Maine Electrical Transmission Grid |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140723 |
|
| WD01 | Invention patent application deemed withdrawn after publication |