The hottest it left ot right how to solve the netw

It left? Ot right? How to solve the safety dilemma of distribution materials

June this year is the 19th safe production month in China. Focusing on the theme of eliminating potential accidents and building a strong safety defense line, the national energy industry is vigorously carrying out work safety month activities. In the overall planning of epidemic prevention and control and economic and social development, the importance of energy security is particularly prominent. In 2020, the government work report of the two sessions mentioned twice to ensure energy security, and emphasized to strengthen the work of six stabilities and implement the task of six stabilities

with the digital transformation of power and its energy industry, the connotation of energy security has also changed. Energy security is not only the sufficient energy supply in the traditional concept, but also the network security related to digital transformation. IOT is helping organizations improve productivity and profitability by releasing the data potential of distribution systems. However, with the interconnection of equipment and the further integration of it and OT, network security risks also increase. If the network attack leads to power failure, it will cause huge economic losses and may even endanger lives

how to solve the security dilemma of it to the left and ot to the right, and formulate a comprehensive network security management strategy? Recently, Schneider Electric released the report "power distribution liaison safety", which analyzes the differences between it and OT in terms of responsibilities, experience and work priorities, and introduces the focus of electrical system network safety and the coping strategies provided by IEC 62443 standard

while connecting more and more devices, systems, processes and buildings, IOT also increases the risk of network attack

it left? Ot right

with the increase in the number of IOT connected devices and the integration of it/ot systems, it and ot teams must cooperate closely in network security management to ensure that all attack surfaces are protected, and that both teams can quickly respond to any network security vulnerabilities or attacks on the basis of mutual coordination

however, due to the differences in responsibilities and experience between the two sides, collaboration may be a challenge for both sides

it and ot teams often have overlapping priorities in network security, but not all of them have the same focus. For example, an industrial IOT survey shows that it teams are most concerned about data protection, preventing financial losses and complying with industry regulations; The OT team emphasizes the improvement of reliability, availability, efficiency and production, the safety within the organization, and the protection of equipment and systems

at the same time, the IT department has expertise in the field of network security, but the IT team usually does not have any experience in OT systems (such as power distribution). Similarly, although the OT team has professional knowledge in power, it often lacks or has no experience in network security

it and ot teams also have differences in security priorities: it teams usually focus on ensuring confidentiality, integrity and availability, so as to ensure the security of the system. The OT team is mainly committed to ensuring security, reliability and confidentiality, so as to maintain the normal operation

the difference between it and ot teams in terms of responsibilities and expertise

iec 62443 standard optimizes the cooperation between it and ot to deal with network safety risks

IEC 62443, jointly formulated by the International Association for Standardization (ISA) and the International Electrotechnical Commission (IEC), which refers to the force at the moment of complete fracture and separation of samples, provides a series of standards to meet the needs, That is, the industrial automation control system (IACS) is designed to have network safety robustness and flexibility, and is applied in the widest possible sense, covering all types of plants, facilities and systems, hardware and software systems, such as DCS, PLC, SCADA, joint electronic sensing and monitoring and diagnostic systems. The use of IOT to monitor and control the distribution system can be included in this broad category, so the standard is applicable

IEC 62443 standard has been recognized by many countries and regions, and has been adopted by many organizations including Schneider Electric. The standard establishes seven pillars of network security and four standardized security levels. IEC 62443 standard lays the foundation for the cooperation between it and ot teams and builds a bridge for the cooperation between the two teams

based on the above work priorities, IEC 62443 standard has formulated the following seven basic requirements to protect the OT system supporting IOT:

1 Access control: before activating communication with a component, verify the identity of any user requesting access to the component, so as to protect the component

2. Use control: verify that the user has obtained the necessary authorization before allowing the user to perform operations, so as to prevent unauthorized operations on component resources

3. Data integrity: ensure that components can operate as expected in both operating and shutdown states (for example, during energy production and storage, or during maintenance downtime). 4. Test process: the experimental process, measurement, display, analysis, etc. are completed by microcomputer

4. Data confidentiality: confidential or sensitive information generated by components is protected whether in a static state or during transmission

5. Restrict data flow: ensure that the equipment is connected to the segmented network, and define the disconnection strategy, one-way shutdown, firewall and isolation area in the segmented network to avoid unnecessary data flow

6. Timely response to intrusion events: when an intrusion event is found in a mission critical or security critical scenario, notify the relevant departments, report the necessary evidence related to the intrusion event, and take timely remedial measures to deal with network security events

7. Resource availability: ensure that the availability of applications or devices will not be reduced, nor will they be unable to provide basic services

four standardized security levels: organizations must define their required security levels item by item against these seven requirements. The higher the security level, the better it can resist more complex attacks. The security level defines the network security functions embedded in the equipment level and the entire ot (such as power distribution) system. Improving the robustness of equipment and systems can make them more resistant to network threats:

tensile test (stress-strain test) 1 is generally to clamp the two ends of material samples on two fixtures with a certain distance between them

the four network safety levels defined in IEC 62443 Standard

for electrical system designers and their customers, determining which network safety functions should be provided may be a complex and cumbersome process. IEC 62443 simplifies this process by allowing end users to specify target safety levels for distribution systems and components of facilities that ensure network safety compliance. System designers, facility owners and managers should implement many important steps under the guidance of IEC 62443 standard to ensure that their interconnected distribution systems (including network, control and safety system solutions) are as safe as possible

take precautions and strengthen the network security protection of the electric system

in China, from the state to the power industry, the network security protection of the electric system has always been the top priority. In order to thoroughly implement the strategy of strengthening the power grid and comprehensively implement the network security work, the National Energy Administration issued the guiding opinions on strengthening the network security work in the power industry as early as 2018 to guide and promote the network security work from the perspective of the overall situation of the power industry. Under the tide of new infrastructure construction, the two major power companies are accelerating the pace of digital transformation, while also constantly strengthening the network security protection of electricity. Schneider Electric actively participates in the construction of network information security and has become a member of many alliances, including industrial information security industry development alliance, China Network Security Industry Alliance, and industrial control system information security industry alliance

globally, as a member enterprise of cybersecurity tech accord, Schneider Electric has been working closely with governments, customers and partners in various countries to deal with network security risks and challenges. Schneider Electric and its partners have worked together on digital innovation projects for many times to ensure that 3. Standard configuration network security measures are thoroughly implemented in every development stage from edge computing to cloud. In the field of electricity, Schneider Electric ensures the business continuity of customers through comprehensive network security. Enhance network security from the sensor level to the application level, including people, processes, and organizations