Project Background
The petroleum and chemical industry is an important basic industry and pillar industry in China, and the output value of chemicals accounts for about 40% of the world. At the same time, there are many major accidents in the field of hazardous chemicals, and safety production is still in a critical period of climbing over hurdles and overcoming difficulties. As a process industry, promoting the deep integration of a new generation of information technology and safety management such as industrial Internet, big data, and artificial intelligence (AI) in the field of hazardous chemicals is an important strategic choice to promote the modernization of the safety governance system and governance capacity of hazardous chemicals.
An energy technology company is mainly engaged in the technology research and development of ethylene oxide, ethylene glycol and ethylene downstream products. There are two main DCSs for industrial production control in the factory area, namely Hollysys DCS and Honeywell DCS. At present, the data of two sets of DCS major hazard sources are directly uploaded to the provincial platform, which does not have a security management system, and there are potential security risks in data security and industrial site control. The data is not aggregated to form a data center, and the existing industrial site parameters cannot be effectively used for digital transformation.
This program is designed to solve the above pain points".Data collection + data archiving + comprehensive visualization + industrial control information security protection"As one of the integrated solutions.
Construction goals
Under the framework of "one center, two platforms" deployed in the "Industrial Internet + Safe Production" Action Plan (2021-2023), we will focus on strengthening the security protection of the industrial Internet in factories, follow relevant security norms, design security protection strategies and safety management systems, and comprehensively consider device and equipment security, monitoring and perception security, disposal and recovery security, network and communication security, physical host and environment security, virtualization security, application system security, Key security protection objects and scenarios such as user security, data transmission and storage security, etc.
Build an enterprise security information database with agile connectivity, accurate perception, and low-latency perception and monitoring capabilities, and build an intelligent visual management platform.
System architecture
Product Review:
Secure, physically isolated "2+1" system architecture
Independent computing units and storage units, each running its own operating system and application system.
The secure enclave uses private encrypted data exchange technology, and data exchange does not rely on the TCP IP protocol.
Private, custom operating system.
It has a complete identity authentication management insecurity audit function to ensure the confidentiality, integrity and non-repudiation of the system.
Powerful data exchange capability and multiple industrial communication protocol support
Industrial communication protocol, OPC Modbus 60870-5-104 mainstream PLC protocol of various manufacturers; Disconnection caching and resuming uploads.
Real-time data exchange, data throughput of 10,000 points and seconds.
Complete security policy deployment
Multiple redundancy protocols support port redundancy, link aggregation, dual-node hot standby, and load balancing.
Watchdog technology.
Efficient collection and storage of industrial massive data
1.Rich industrial data types are supported.
pspace supports industrial data types such as floating-point, integer, boolean, and string, and supports collecting "arbitrary" data in binary mode.
2.Efficient collection of industrial data.
The distributed industrial data collector IOSeder supports the collection of production data at industrial sites through Ethernet, mobile telecommunication networks, etc., and supports commonly used standard industrial protocols such as OPCDA UA and Modbus.
3.High-speed read and write performance for real-time and historical data.
The historical data throughput of the database is 500,000 points of seconds for writes and 300,000 points second for reads.
4.Unlimited historical data retention time.
Historical data storage is limited only by the capacity of the storage device, and theoretically can be stored indefinitely.
5.Secondary compression of historical data is supported.
pspace supports logical and physical compression of data, which refers to the use of a "revolving door" data compression algorithm (lkt trend compression algorithm) to process data, effectively reducing storage space. Physical compression, on the other hand, uses a lossless compression algorithm like zip to process data, further reducing storage space and improving application performance.
Rich data and programming interfaces, easy integration of third-party systems
The software supports CAPI,Programming interfaces such as .NET API, J**A API, and Python, as well as data access methods such as OPC Server and SQL Router.
Efficient and abundant data processing and statistical functions
OPC HDA1 is supportedThe data processing function set and statistical query function set defined in the 20 standard, that is, the complete data processing function set (including: append, insert, replace, replace insert, batch delete, delete by timestamp, query by time interval, query by timestamp, etc.).
A comprehensive set of statistical query functions with a total of 22 statistical methods. Full real-time, historical data quality stamping semantic support.
Flexible and convenient template-based design environment
Provide an integrated design environment, which can be embedded in various formats (bmp, gif, jpg, jpeg, cad, etc.), and users can create their own development environment and operation style.
Web web publishing capabilities
With independent web publishing function, the load balancing of web communication enables the system to have high-capacity data throughput capacity.
Multi-functional components are abundant
Trend curves, expert reports, dynamic bar charts, monitoring and other functions, diversified construction of visual platform.
System security and user management
The software provides a complete security protection mechanism to ensure the safety and reliability of the production process, and the user management has multiple levels, and the modification of important process parameters can be restricted according to the level to effectively avoid misoperation in the production process.
Whitelist protection for trusted applications
Any program is subject to a signature check before it is loaded, and only programs that meet the characteristics of the whitelist can enter the running state, thus aborting the malicious program before it starts.
Based on a trusted whitelist mechanism;Application signatures, certificates and other inspection mechanisms are used to cooperate.
Flexibly configurable security baselines.
Whitelist security control for removable storage media
Restrict unauthorized USB peripherals from running on specific hosts, and only allow authorized trusted USB devices to be used on the host.
The security policy of removable storage media can be subdivided into read/write, prohibition, etc.
Configure a security policy for non-USB removable media.
Defend against attacks that leverage removable storage media types.
Object-specific integrity protection
Application Integrity Protection and Operating System Integrity Protection.
Secure the computing environment and process space.
Prevent the computing environment from being tampered with and backdoors and buffer overflows.
Attack protection in the industrial control environment
The unique protection method can effectively prevent industrial control viruses and their variants such as Stuxnet, H**EX, and sandworms, and the attack on the industrial control host by using mobile storage media can also be stopped.
Industrial Safety Isolation and Information Exchange System.
Security isolation
In-GAPS controls the data transmission direction of TCP and UDP applications, and supports one-way or two-way data isolation. Through the in-depth analysis of TCP and UDP protocol packets, the access control of application data is achieved, so that attacks based on network protocols such as TCP and IP cannot pass.
Dual-mode data ferrying
The industrial data synchronization module provides analysis and security protection of measurement point data for the needs of industrial field data communication. Ensure that the dedicated security channel only transmits industrial control production data information, which can ensure the absolute security of the production intranet.
Security protection
It supports intrusion prevention, virus filtering, security attack protection, URL filtering, blacklist filtering, self-protection and other functions, built-in industrial IPS library, continuous upgrade, and can alarm or block if it is found to contain viruses to prevent malicious files from entering the protected network.
Summary of the program
This solution closely focuses on the difficulties, pain points and blocking points of the safe production of hazardous chemicals, deeply analyzes the practical needs of enterprises, chemical parks, industry supervision and national governance, and does a solid job in the practical application of "industrial Internet + hazardous chemical safety production". Through the diversified industrial software products and solutions of Likong Technology, we can effectively improve the problem points, establish a complete information visualization platform, improve the information security system of the industrial control system, and strengthen the ability of enterprises to quickly perceive, real-time monitoring, advance warning, dynamic optimization and intelligent decision-making.
Leave a private message to me for free industrial software, industrial cloud platform and gateway prototypes and solutions. Search the official website of "Force Control Yuanshen", **Fill in the message form: