ICS Information Security Assurance Framework 15

ICS Information Security Assurance Framework 15

February 10, 2020 | Mina Hao

Wind Power

System Introduction

Based on computers, communication devices, and test control units, the wind power monitoring system provides a basic platform for real-time data collection, switch status monitoring, and remote control of wind power plants. It can work with detection and controls devices to form an arbitrarily complex monitoring system. It plays a vital role in the monitoring of wind power plants by helping enterprises eliminate information silos, reduce operating costs, improve production efficiency, and accelerate the speed of responding to anomalies in the process of power transformation and distribution. Figure 4.4 shows its system architecture Currently, the electric power monitoring system is vertically connected to dispatching planes 1 and 2 and the centralized control center of the wind power plant.

Security zones of the wind power plant are divided according to NRDC’s No.14 Decree. The power station network is divided into the production control zone and management information zone. The production zone is subdivided into control zone (security zone I) and non-control zone (security zone II), depending on whether the control is real-time. The production control zone and dispatching planes 1 and 2 use a vertical encryption and authentication device for vertical authentication and encryption. The control and non-control zones are logically isolated and respectively connect to the first data network (plane 1) and second data network (plane 2).

According to NRDC’s No.14 Decree, in the wind power plant, the monitoring system, substation integrated automation system, AGC, AVC, and PMU are put in the control zone; the wind power prediction system, status monitoring system, fault recorder, power acquisition unit are put in the noncontrol zone; separated networks are built for the management information zone and OMS workstation.

System Protection Solutions

Border Protection Solution

  • Horizontal border protection

According to NRDC’s No.14 Decree, a dedicated horizontal electric security isolation device is deployed between the production control zone and the management information zone of the wind power plant. Network devices and firewalls should be deployed for access control between the control zone (security zone I) and non-control zone (security zone II), so as to achieve logical isolation, packet filtering, and access control. According to the data access direction, a forward or backward security isolation device should be deployed between the production control zone and the management information zone. All subsystems of the electric power monitoring system should adopt the logical isolation technology, such as the VLAN or firewall technology.

  • Vertical border protection

According to NRDC’s No.14 Decree, a vertical encryption authentication device should be deployed for the wind power monitoring system for remote communication, so as to realize bidirectional identity authentication, data encryption, and access control.

  • Third-party border protection

According to NRDC’s No.14 Decree, a firewall should be deployed between the monitoring system management zone and external network, ensuring the border security and data transmission security. A security gateway (firewall) should be deployed between the information management zone and external network perimeter and between the OMS workstation and the dispatching zone III.

Comprehensive solution

  • Intrusion detection

According to NRDC’s No.14 Decree, intrusion detection systems should be deployed respectively for the production control zone (security zone I), non-control zone (security zone II), and OMS workstation aggregation switch. Proper rules should be configured for detecting intrusion behaviors hidden in normal information flows, analyzing potential threats, and security audit. Intrusion detection systems are deployed in out-of-path mode. They only receive and analyze the data mirrored by the switch, but do not forward data.

  • Reinforcing the host and network device

According to NRDC’s No.14 Decree, master servers of critical application systems (such as the plantlevel information monitoring system of the wind power plant), communication gateways at network perimeters, and web servers should use secure and reinforced operation systems. Reinforcement methods include security configuration, security patches, using special software to enhance the access control capability of operating systems, and configuring secure applications. Configuration changes and patch installation should be tested first. The host security reinforcement software is adopted in the process of reinforcing the monitoring system of the wind power plant. Reinforcement software should be available in Windows and Linux editions.

  • Storage device and peripheral management

According to NRDC’s No.14 Decree, the wind power plant should strictly manage the use of peripheral devices (such as storage devices and printers), so as to prevent malware from entering the power monitoring system via such devices. The host security reinforcement software can be deployed to identify USB interface-based external devices (such as the USB flash drive, keyboard, and mouse).

  • Security audit

According to NRDC’s No.14 Decree, the monitoring system in the production control zone should have the security audit function, so as to record and analyze important operations on operating systems, databases, and service applications, thereby discovering violations, viruses, and hackers’ attack behaviors. After a user logs in to the system, his/her operation behaviors should be strictly audited. Network running log, running logs of the operating system, database access logs, running logs of business application systems, and running logs of security facilities should be collected in a centralized mode and automatically analyzed.

  • Data backup

According to NRDC’s No.14 Decree, critical service data should be backed up regularly and archived data should be stored remotely. Key applications, software, configuration files should be backed up regularly.

  • Malicious code protection

According to NRDC’s No.14 Decree, organizations should update signatures and view virus detection and removal records in time. The malicious code update file should be tested before installation. Sharing a malicious code management server between the production control zone and the management information zone should be strictly prohibited. An antivirus management server should be deployed in the production control zone and antivirus software should be deployed on Linux and Windows hosts in the production control zone. The antivirus management server can be used to manage and upgrade antivirus software in a centralized mode.

To be continued.