The security scenario of the nuclear power plant is similar to that of the thermal power platform. For details, sees section 4.1.1. Generally, it contains the following contents:
Security threat detection: An industrial control vulnerability scanning system is deployed to scan
vulnerabilities in the operating system and applications in the SCADA/HMI.
Network border protection: unidirectional Isolation devices are deployed between the layer 2 information network and the plant-level management layer and between the security-level control system and non-security-level control system for unidirectional data transmission. Industrial security gateways are deployed between the monitoring network and the field control layer and between the monitoring network and third-party dedicated instrument control system, so as to block virus propagation and hacker attacks from the monitoring network, prevent unauthorized operations, and avoid impact on the control network and damage to the production process.
Internal network monitoring: An industrial control intrusion detection system is deployed on the layer 2 information network and an abnormal behavior audit system is deployed on the monitoring network. Both systems are deployed in out-of-path mode, in a bid to accurately detect abnormal network traffic, discover potential network attacks and abnormal behaviors by means of in-depth analysis of industrial control protocols, and then generate alerts immediately.
Host security reinforcement: The host security should be reinforced by configuring security settings, such as account privilege, password policy, system service, patch update, and log management. According to nuclear service requirements and related information security standards, baselines should be configured for various host assets, and an industrial control benchmark verification system should be deployed to conduct regular security configuration audits.
Comprehensive terminal management and control: An industrial control terminal management and control system should be deployed on the host terminal to implement strict control access, status monitoring, process monitoring, virus protection, patch upgrade, malicious code monitoring, operation behavior audits, and whitelist-based application management and control.
To be continued.