Network security and informatization are two wings of one body and two wheels of drive. Business-oriented informatization development lacks security escorts and cannot meet the requirements of today's Internet-based and intelligent development. In order to effectively solve the security problems faced by the Industrial Internet at present and in the later period, the state has issued a series of high-level documents on the Industrial Internet of Things in recent years, such as "Guiding Opinions on Deepening the "Internet + Advanced Manufacturing Industry to Develop the Industrial Internet", " "Guiding Opinions on Strengthening Industrial Internet Security Work", "Guiding Opinions on the Development of Industrial Big Data", etc. Both clearly put forward the requirements for industrial Internet data security protection.
As the supporting element driving the operation of the system, data is the basic element driving production operation. In the era of "data is comparable to gold", how to maximize the value of data while ensuring data security is what enterprises should focus on and think deeply about. . The investment in security protection capabilities has always given way to business in the process of enterprise development. The main reason is that business generates value, and security generates costs. Since security cannot generate direct value (and it is easy to ignore the hidden value generated by security), it cannot be compared with explicit costs. To make a direct comparison, so the safety construction has always been an auxiliary status. However, with the release of relevant state-level documents and constant changes in the internal and external environment, the added value of security is increasing (responsibility, requirements, external threats, commercial protection, etc.), so that the value and cost of security can be compared intuitively. The demand and quantity of construction are also increasing.
1. Industrial Internet data security life cycle risks
data collection
Data collection is based on time, using external means to collect internal newly generated data. Industrial Internet data is divided into two parts. One is the data generated by various information systems that support industrial production, such as: ERP, CRM, MES, etc., mainly based on relational data. The other type is the data generated during the production process, including various equipment, instruments and meters on the production line, and product operation data. The data collection stage mainly faces risks such as hijacking, tampering with control commands, and data distortion caused by sensor failure.
data transmission
Data transmission is the process of transferring data from one entity to another with the carrier of industrial fieldbus, industrial Ethernet, and wireless network. This stage mainly faces risks such as plaintext transmission, content sniffing, content interception, and content tampering.
data storage
Data storage is the process by which data is persisted in any digital format. In the industrial Internet, the carrier of data can be any device with storage function, including sensors, PCL, industrial PC, server, network equipment, security equipment, etc. Data in the Industrial Internet can be divided into analog signals (current or frequency, voltage) and digital signals (binary, octal, hexadecimal). This article focuses on the latter. Risks at this stage include unauthorized access, data theft, data destruction and tampering, and plaintext storage.
data processing
Data processing refers to the process of reprocessing data within an organization, including stages of operations such as calculation, analysis, and visualization. The access risks stored at this stage are unauthorized use, viewing, tampering and forgery, etc.
data exchange
Data exchange is the process of data exchange between internal and external organizations or personnel. Industrial Internet data itself is diverse and diverse. At the same time, the positioning of the Industrial Internet determines the ubiquitous connection and high-frequency requirements between resources. Therefore, ensuring the security of data exchange is one of the challenges organizations face. Currently, data The risks faced during the exchange process include risks such as unauthorized access, leakage of sensitive data, and insufficient data protection.
data destruction
Data destruction refers to the corresponding operation means for data and data storage media, using technical methods of different strengths (such as non-retrievable, file deletion, multiple copying, non-recoverable, etc.). Data destruction is the end point of data management and an important stage in forming a closed loop. This stage mainly faces risks such as deliberate data recovery, incomplete destruction, and non-standard destruction process.
Security construction at each stage of the data life cycle
2. Architecture Design of Industrial Internet Data Security Protection System
The key points of data security construction lie in the three levels of protection technology, deployment location, and which process problems to solve. If the three levels are not clear, the security protection effect will be flawed. Integrate data security protection means, data life cycle, and enterprise data flow architecture to form an overall mapping relationship, and more clearly demonstrate the security technology, security location, and data cycle nodes of the industrial Internet from multiple perspectives. means to solve security problems at different locations of the enterprise, and which processes of the data life cycle should be protected in different locations of the enterprise.
Further concretize and implement the above ideas, based on the location relationship of the enterprise (enterprise external area, enterprise internal area, workshop, on-site), combined with data security protection technology to form a preliminary data security protection design (preliminary design) network architecture diagram, The details are as follows (an example diagram, the main purpose of which is to clearly express the deployment location of data security technology):
The overall content of the above picture is relatively simple, so I won’t introduce too much here.
Industrial Internet data has distinct characteristics and individual requirements. The complexity, diversity, and importance of industrial production processes are also directly reflected in industrial data. The diversity, diversity, and massiveness of data also determine the security of industrial Internet data. In addition to the traditional solution system, it is necessary to find more targeted ideas and specific protective measures. As a data security practitioner, we should further systematically study the global, structural, and targeted security protection strategies of the industrial Internet, so that data can better support industrial development.