WannaCry virus invasion, industrial control systems urgently need to wear a safety coat

http://www.lk186.com

Article source: China net Release time: 2017-5-18

Introduction: at present, China's industrial control system security protection capability is still in its infancy, vulnerable to hacker attacks. As the outbreak of WannaCry, in case the variants spread to the industrial system of the host, paralysis of the worst outcome is resulting in the production of industrial control system, the system can not run normally, but also may lead to accidents. With the intensification of the two integration, China's fragile industrial control system is badly in need of protection.

In May 12th 20, the new "worm" ransomware "WannaCry" broke out in the world, spread up to hundreds of countries, involving a number of key industries in the field of energy, electric power, transportation, medical, education, etc..

But according to the reporter, the industrial system was witness in the crisis. Insiders said, in fact, at present, China's industrial control system security protection capability is still in its infancy, vulnerable to hacker attacks.

As the outbreak of WannaCry, in case the variants spread to the industrial system of the host, paralysis of the worst outcome is resulting in the production of industrial control system, the system can not run normally, but also may lead to accidents.

With the intensification of the two integration, China's fragile industrial control system is badly in need of protection.

Security risks need warning

Early warning, prevention first. On the second day of the outbreak of WannaCry, the National Center for industrial development of information security research on the emergency release of "warning notice malicious blackmail software WannaCry to me by letter Industrial raging threatened", if not to mention prevention and control, will inevitably cause a great threat to the security of information industry in china.

The notice mentioned that the presence of industrial host security risks were attacked. China's industrial areas (such as industrial host operation station, engineer station, historical server etc.) the widespread use of the Windows general-purpose operating system, especially a large number of applications of the default port 445 Windows 2000 and Windows XP system, WannaCry is likely to be exploited for attack, and quickly spread to the industrial enterprise network even the industrial control network, to be encrypted to host industrial lock normal operation, or even cause the entire industrial enterprise network paralysis.

Secondly, the sensitive data of industrial enterprises have the risk of being locked, tampered and destroyed. Once caught, the ransomware can be dozens of types of target systems and equipment in the file encryption, involving documents, databases, video and audio, image, graphics, such as compressed packets almost all file types, may lead to industrial production and operation of sensitive data such as non normal collection and reading, caused serious economic losses to the industry production.

At present, many countries in the electricity, petroleum, telecommunications, transportation and other fields have been seriously affected, for example, the Spanish power company Iberdrola, natural gas company Gas Natural and telecom giants such as Telefonica have suffered the ransomware attacks. Notice said: "in view of the rapid spread of malicious software, a wide range of impact, China's key industrial areas have been affected, if not to guard against and control, large range of" caught "is only a matter of time."."

In fact, due to the "two nets" fusion, the traditional information network faces viruses, Trojans, intrusion attacks, denial of service and other security threats are spreading to the industrial control system. Beijing Helishi System Engineering Co. Ltd. information security system architect Liu Ying said, the industrial control system network threats including network trojan virus attacks, intercept, monitor and control authority data theft, data tampering, communication robustness attack etc..

Specifically, the network virus Trojan attacks including viruses, malicious code, APT attack vulnerabilities, backdoor services and other types of attacks, the threat of industrial control system through the known operating system vulnerabilities and backdoors, email attacks and zero day vulnerabilities etc.; access interception can obtain permission to operate through the operating system or software vulnerabilities or more advanced permissions, steal or brute force attack means of brute force password.

In addition, Liu Ying also said that the majority of industrial control systems using plaintext transmission, lack of protection for data monitoring, data stored in clear text of greater risk. Not only that, but the communication robustness of the control system is weak. In the face of network attack, it is easy to cause communication link interruption and even face the risk of system restart.

The defense moves from passivity to initiative

At present, the smart factory and digital workshop into intelligent manufacturing standard, each link will also be a new generation of information technology throughout the design, production, management, service and other manufacturing activities, the depth of information self perception, self decision, precise control of intelligence optimization since the implementation has become the basic function of intelligent manufacturing.

However, it needs to be emphasized that the major security objective of intelligent manufacturing is to ensure that the system function is not invalid and out of control." Comprehensive economic research of machinery industry instrument technology institute deputy director Mei Ke stressed.

Industrial control system usually includes a sensor, converter, transmitter, controller, actuator and instrument, industrial control system is like the industrial equipment in the brain, it under the command of a large number of instruments are combined to form the system, to complete a variety of complex control tasks.

In recent years, industrial control system security incidents emerge one after another. Last year Kabasiji safety laboratory reveals in the industrial control industry "ghouls" network attacks, attack by the United Arab Emirates bank camouflage email, using spear phishing emails, the Middle East and other countries of the industrial organization initiated a private network intrusion.

The WannaCry attack, once again for industrial control system safety control sounded the alarm. How to build a safe protection system, how to correctly deal with industrial control system network security problems, much attention of industrial enterprises.

In the past, the traditional network security model was passive defense of blocking, blocking, checking and killing, and the active defense system should be used for reference." Liu Ying says.

Industrial control systems, a senior expert in the field of information security Li Hongpei also said that from the point of view of attack and defense confrontation, the system will always be compromised, that is to say, only the deployment of traditional security protection mechanism is not enough.

For the defects of the system of defense, to take the lead." Li Hongpei said, "the key to successful defense is how to timely insight into the security flaws in the system, and as soon as possible to take the initiative to make up.". In addition, how to detect attack behavior as soon as possible and dispose of it in time, and reduce the time window that the system is attacked freely."

The key technology of information security, Liu Ying introduced several, such as authentication mechanism based on digital certificate, verification of two-way access equipment; using the symmetric algorithm to system communication data encryption and decryption processing; and access control technology, intrusion detection technology, virtual isolation technology, trusted startup technology etc..

Xu Jigang, vice president Chinese Energy Construction Group Limited company Engineering Research Institute in power plant as an example, the power plant to prevent information security key is to set up the three major line of defense, the first is the security of power plant information system and external system; second is the defense power plant control system and product suppliers; the third is safe defense and control system of power plant information system of power plant.

Xu Jigang also focused on information security defense for the power plant information system mainly pointed out that the supervisory information system (SIS) is the operation of data center power plant, located at the center of all power plant automation system, its focus is the defense must cut off the invasion of SIS all the data read from the real-time or historical database user system.

These people generally believe that the current urgent need to increase investment in industrial control network security equipment, to prevent related enterprises from being attacked, to avoid huge losses.

Industrial systems industry or welcome "Jinhai""

The WannaCry hit, many network security companies are in the first time to make emergency response program. In short, the extortion virus outbreak, the network security industry to greet the catalytic.

"The key infrastructure of more than 80% rely on the industrial control system to realize the automatic operation of industrial control system has been widely used in various fields related to the network security space as beneficial to the people's livelihood, national strategy, industrial network security industry contains a huge opportunity." "The chairman and chief strategy officer of the technical committee of Beijing mercy Network Technology Co., Ltd.," sun said.

What is the status of the domestic network security industry? Chinese network security industry alliance chairman Shen Jiye had made several points: one is the industrial scale is small, many manufacturers and diverse, many products, the overall level is not high and homogeneity; two is the fierce competition in the industry, poor species invasion, industrial ecological destruction. But at the same time, this is a hot industry, the future prospects are optimistic about the parties.

In fact, China's industrial control system is huge and heavy dependence on imports, the intelligent transformation makes the production network from the open to the Internet, further aggravate the threat of network security system, and the new industrial control system is still a lack of large-scale network security planning and design.

Fortunately, the state has taken note of this situation, attaches great importance to and began to deploy a series of measures aimed at improving the network security of industrial control systems in china. The establishment of the leading group of the central network security and information technology marks the strategic period of China's comprehensive protection of cyberspace security. The promulgation of the People's Republic of China network security law (Draft) and the People's Republic of China National Security Act have also made China's network security legislation reached an unprecedented height.

In the industry view, industrial control systems industry is in the ascendant, who first seize this piece of blue ocean, the harvest may be a "golden sea."".