[Expert point of view] PetroChina Jing Xiaowei: National key information infrastructure systematic protection top -level design thinking

The network space is not quite peaceful, and the network security work is far away. We must firmly confidence, make up our minds, maintain perseverance, find a focus, resolutely prevent formalism, strengthen risk awareness and crisis consciousness, establish bottom line thinking, and do various protection measures. When the magic is one foot, the road is one foot ", strive to make the protection work of Guanji to a new level!

—— Jing Xiaowei

---

The current situation of network space struggle is severe, and competition around network space leadership and control has intensified. The network security game between the country has become increasingly fierce. The national key information infrastructure (hereinafter referred to as Guan Ji) has become a strategic place for network space. On May 7, 2021, the largest fuel pipelines in the United States, Keronier Pipeline Transportation Company, was attacked by extortion software, forced to close more than 8,000 kilometers of oil pipelines, and the national oil and gas pipeline business was seriously affected. With the integration of the new generation of information and communication technology in a wider range, deeper level, higher level, and the real economy, Guanji network security risks and challenges have also continuously penetrated, spread, and enlarged. A generation of Internet (IPv6) and other fields have increased security research and application efforts. It is of great significance to study the compliance requirements, reality risks and problems faced by Guanji.

1. The main content of the regulations on the protection of the foundation safety

In April 2021, the 133 Executive Meeting of the State Council passed the "Regulations on the Safety Protection of Key Information Infrastructure" and implemented from September 1, 2021. The regulations have a total of 6 chapters and 51. The general rules partly specify the basis, conceptual extension, responsibilities, protection principles, protection content, etc. Chapter 2 "Critical Information Infrastructure Identification" clarifies the protection of the work department, identification procedures, and consideration. Chapter III "Operator Responsibility Obligations" stipulates the three synchronization principles, the general responsibility of the operator, the establishment of a safety management institution, the eight responsibilities of the safety management institution, the safety testing and risk assessment, the event report, the product and service procurement of the procurement;四章“保障和促进”规定了保护工作部门安全规划、国家网信部门统筹协调、保护工作监测预警、应急管理、检查检测、技术支持和协助、信息保护、批准和授权、安全保卫、教育、 Standardized construction, institutional construction and management, military -civilian integration and other work content. Chapter 5 The punishment conditions and punishment content of "legal responsibility". The Regulations on the protection of the Guan foundation laid a solid foundation for the design of the top -level protection of the Guanji system.

Second, the difficulty and challenges of the protection of the base protection

Traditional protection methods are difficult to cope with the huge Guanji system. In the context of the long -term existence of offensive and defensive confrontation and systemic risks, the problem of the protection of the Kyrgyzstan is highlighted, which is mainly manifested in:

1. Each Guanyan involves a large number of systems, wide range, many types of business assets, complicated entries, and fast updates

Corresponding to the scope of the function of support, the assets are unclear, the risks are unclear, the phenomenon of the loopholes of the problem is prominent, and the lack of security correlation analysis capabilities related to business -related perspectives is easy to take care of each other. The core system causes major losses.

2. Network interconnection, non -fixed system users, and scope of data push continuously expand

Safety design generally lacks a unified operation platform for platforms. Management is easy to cause unclear responsibilities, unclear processes, random operation, lack of audit control, low work efficiency, and difficulty in traceability.

3. Fast changes in the supply chain, fast system upgrades, fast operation and maintenance personnel changes fast

Safety management lacks a unified scientific design, does not attach great importance to, and insufficient investment. The phenomenon of re -construction of light and dimension, the phenomenon of heavy hardware and light personnel is generally existed, and the institutionalized and normalized management and control capabilities need to be further improved.

4. Insufficient emergency response ability

Safety threats and incidents lack a closed -loop management of rapid discovery, early warning, and disposal. The precision research and judgment and prediction system of security trends cannot be automated, precise, and integrated.

5. The widely used technology of new technologies brings new challenges

New technologies such as cloud computing and big data have changed information and business environments, bringing new security threats, but many key information infrastructure units still adopt traditional security protection methods, lacking data -based threat analysis.

Third, the systemic design of Kuanji protection

Because each heavy insurance involves multiple information systems, the same type of decentralization system needs to be integrated to build a Kyruct system such as industrial control, big data, portals, mobile applications, data centers, cloud computing, key production systems, and each one. The system builds a centralized security protection platform. Figure 1 is a schematic diagram of network and system security design, and the local area network carries key production systems.

Figure 1 Network and system security design schematic diagram

The centralized integration network system is designed according to the special network, logically divided into production areas, data areas and application areas. The production area is summarized from the data sets collected by the device to the data area, and the network security audit and processing are concentrated and entered the data of the data.

1. Production network protection based on the next generation of Internet technology

Using IPv6 technology to build an independent production network, centralized protection of the border, and clarifying the network boundary. The use of transition technology enables the new IPv6 network to connect with the original IPv4 network, maximize the use of existing resources and services, and verify the effectiveness of the security solution in the IPv6 environment and optimize. Using address conversion technology (IVI) and transition technology (4Over6) can achieve IPv4 to IPv6 transition network. Figure 2 is an example of the product network address conversion based on IPv6. Realize the internal support of the special network to support multiple conversion areas, and innovate some technologies (DNS64, multiple prefixes). Figure 2 Example of the production network address conversion based on IPv6

2. Situation perception system construction

Online operation and maintenance monitoring is an indispensable part of safety, but the current management department does not know the risk distribution, assets, loopholes and other information of the production system of various production units. The perception system has a fine analysis of monitoring traffic from various production units, and comprehensively perceive the safety of the production system. Figure 3 shows the application architecture and implementation of a system support platform supporting platform. Logically, it mainly includes three levels, namely: platform layer, data layer and application layer. Based on big data technology, the platform layer supports various types of data intake and provides Web technology framework. The data layer includes access data includes network behavior data (D), related information data (i), knowledge data (K), and intelligence data (i). Among them, network behavior data is a category of large types and large amounts of data. Based on the big data security analysis engine, the application layer is based on the core of the workflow engine. The installation method is used to develop a new detection method and can be inserted into the workflow in time to improve the system scalability.

Figure 3 A trend perception system support platform application architecture and implementation

3. Safety monitoring

Each production unit lacks system safety monitoring methods and does not know its own equipment assets. When non -authorized equipment access and abnormal traffic appear in the network, there is no basic monitoring and analysis and judgment method. It is necessary to establish a production system safety monitoring system in various production units to meet the needs of asset management, equipment monitoring, flow analysis, risk analysis, emergency treatment and other needs.

4. Simulation verification test

The implementation of any safety measures in the production system may affect the production business. Safety equipment deployment, safety strategy adjustment, patch upgrade, etc. need to undergo strict simulation testing under the offline environment. At the same time The research of offensive and defensive technology requires an offline simulation environment. When new equipment or maintenance equipment is entered into the factory, there may be risks such as high -risk vulnerabilities or carriers and viruses. Such as: the type of industrial control system involves SCADA data collection and monitoring control system, DCS distribution control system, PSC intelligent transformation and power distribution monitoring system, DSP digital signal processing system, PLC programming logic control system. The main risks include fragile network structure, hacker attacks , Computer virus infection, system vulnerabilities, lack of effective safety management of industrial control systems and equipment, etc., industrial control systems have high requirements on stability and real -time. Separate production and testing environment, industrial control information security products and solutions must be fully tested at the offline industrial control system. Therefore, the production system simulation verification test has an important role. Figure 4 shows the logic design diagram of simulation verification testing in the field of oil and gas production. Including device layers, control layers, monitoring layers and management. In order to effectively verify the effectiveness and adaptability of the protective means, real industrial control equipment and control software should be adopted during the construction of the simulation environment. In order to try to make the test results objective and sufficient, the testing and evaluation tools of the same category should deploy at least two brands of tools for cross -verification.

Figure 4 Simulation verification test logic design schematic diagram

5. Border security

There are necessary information interaction with the office network to provide decision -making information for the production management system. The existing production environment often uses dual -network cards or firewall isolation control. The lack of overall security solutions needs to solve the security isolation and information interaction. contradiction. The lack of effective isolation and monitoring mechanisms within the production system needs to divide the security domain, establish a network security structure, sort out network boundaries, and improve security technical measures.

6. White environment construction

Virus and external invasion are the direct threat of the production system. At present, most production systems do not have anti -virus and invasion protection capabilities. Even if they are configured with anti -virus software and invasive detection systems, due to the relative isolation environment, there are no upgrade conditions, and the virus warehouse will not be upgraded for a long time. And the feature library, the system loses its utility. At the same time, due to the possibility of accidental killing of antivirus software, it will directly affect the normal production of the production system. It is necessary to study effective protection strategies, establish white environmental mechanisms from the level of hosting, network, equipment, etc., and standardize the use of mobile storage media to avoid or reduce safety risks.

7, patch and strategy

There are many high -risk vulnerabilities in the production system, and the patch renewal upgrade is more difficult. The network security pressure faces is great. According to the loopholes information, the patch and strategy management mechanism is established, the upgrade patch test verification, the solution is developed, and the security strategy adjustment and Upgrade and avoid the use of known safety risks.

8. Safety analysis of business models

Any passive defense measures based on firewalls, network gates, and security gateways, and limited protection effects are possibly bypassed. In order to maximize the safety and protection capacity of the production system, actively discover threats, and early warning risks need to conduct in -depth modeling analysis of the data in the production system, and establish a security state model of various business data. Only the business model is in a safe state. Users, operations, operation and maintenance management, etc. are compliance, otherwise they are considered illegal behaviors and implemented blocking action. 9. Non -authorized behavior block

In the production system, when the upper machine operators access the Internet, they need to establish a blocking mechanism to prevent high -risk operations inside; need to pass the equipment access certification and blocking mechanism to ensure the safety access of the authorized equipment and block illegal equipment; At this time, it can monitor and analyze the attack behavior, and block the invasion.

10. Access and transmission safety

The industry's production system covers a large coverage, and the wireless transmission method is wide. It lacks security mechanisms such as node access verification and wireless transmission such as information collection and production control, and there is risk of counterfeiting and information interception. Effective device access verification, wireless communication transmission and encryption mechanisms need to be established.

In addition to the top -level design of the security protection of the Guanji system, it is also necessary to pay attention to the following protection work according to the actual situation of the production environment:

The first is to deeply analyze the attack path and traceability method of the attack path that is broken out of the daily inspection, and guide the Internet, system, and data centers to converge the Internet, including Internet sensitive information cleaning, asset combing, network border combing, export investigation and application reduction Wait, improve network anti -attack capabilities.

The second is to strengthen management notifications and technical issues, strengthen the training of anti -fishing, anti -social workers and supply chain security theme education and network security practical skills training, and enhance all employees' network security awareness and basic skills.

The third is to strengthen traceability analysis and investigation methods and technologies, add special systems, attach great importance to the acquisition, screening, analysis and application of external network security information, and enhance the ability of situation perception in offense and defense confrontation.

The fourth is to implement system rectification measures and security reinforcement plans, and promote the positive protection of general measures and means, including sorting out the assets of the special network, the deployment of the network space surveying and mapping system, the internal horizontal attack monitoring, the security protection of the professional network Management and control measures, strengthening wireless network security monitoring and protection, development and testing system security, source code security, and consolidating the foundation of network security defense.

Fifth, for the key systems, centralized power systems, and nervous systems in the special network, concentrated strength key defense, including improving the ability of vulnerabilities to discover and rectification and repair, strengthen security protection capabilities in the aspects of hosting, terminal, data, mail, etc. , Strengthen identity certification and domain control services, and promote the implementation of the protection and reinforcement plan.

(Source: key information infrastructure security protection alliance plan)

About the author: Jing Xiaowei, a doctoral degree in computer department, is currently the deputy general manager of the Digital and Information Management Department of China Petroleum Corporation. With nearly thirty years of information construction experience, the whole process has participated in the establishment and implementation of the overall planning of PetroChina Information Technology, organized and implemented overall network security solutions, organized and constructed a global computer network, data center, and energy cloud computing platform , Office Management, Production Management and Management Information System. In terms of network security, more than 20 enterprises and industry standards have been organized, 16 security baseline configuration specifications were drafted and released, and the organization has compiled information management books such as "Enterprise Information Security Management" and "Enterprise Information Infrastructure Management".

- END -