摘要
随着国内外网络安全形势日益复杂严峻,国家及部委相继出台网络安全相关政策法规,要求并组织指导各类企业积极做好国家关键信息基础设施的网络安全管理及技术防护工作。核电厂工控系统的网络安全防护建设也在不断重视和加强,而国内核电数字化仪控系统(DCS)当前参考使用的网络安全标准不能全方位、全生命周期地深入指导系统网络安全建设活动。本文结合我国网络安全法规/标准的要求与核电行业特点,向国内核电DCS厂商建立基于IEC 62443-4-1、适合我国核电DCS的网络安全开发流程提供建议,以期抛砖引玉。
With the increasingly complex and severe cyber security situation worldwide, the government have issued cyber security-related policies and regulations and all enterprises are requested to put more efforts on cyber security protection of national critical information infrastructure. Though the cyber security protection construction of nuclear power plants should be especially emphasized on and strengthened, the currently used cyber security standards in nuclear power digital control systems(DCS) cannot guide the cyber security construction activities in an all-round and life-cycle manner. This paper combines the requirements of China’s cybersecurity regulations/standards with the characteristics of the nuclear power industry, and provides suggestions for domestic nuclear power DCS vendors to establish a cyber security development process based on IEC 62443-4-1, which is suitable for China’s nuclear power DCS.
作者
李红霞
刘元
黄敏
Li Hongxia;Liu Yuan;Huang Min(Shanghai Engineering Science&Technology Co.,Ltd,Shanghai,200241;Beijing WINICSSEC Technologies Co.,Ltd,Beijing,100085)
出处
《工业信息安全》
2022年第8期65-70,共6页
Industry Information Security