[1]王奕钧.于零信任机制的工业互联网边界防护方案研究[J].计算机技术与发展,2024,34(03):96-101.[doi:10. 3969 / j. issn. 1673-629X. 2024. 03. 015]
 WANG Yi-jun.Research on Border Protection Scheme of Industrial Internet Based on Zero Trust Mechanism[J].,2024,34(03):96-101.[doi:10. 3969 / j. issn. 1673-629X. 2024. 03. 015]
点击复制

于零信任机制的工业互联网边界防护方案研究()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
34
期数:
2024年03期
页码:
96-101
栏目:
网络空间安全
出版日期:
2024-03-10

文章信息/Info

Title:
Research on Border Protection Scheme of Industrial Internet Based on Zero Trust Mechanism
文章编号:
1673-629X(2024)03-0096-06
作者:
王奕钧
公安部第一研究所,北京 100048
Author(s):
WANG Yi-jun
The First Research Institute of the Ministry of Public Security,Beijing 100048,China
关键词:
工业互联网零信任边界防护关键信息基础设施白名单机制
Keywords:
Industrial Internetzero trustboundary protectioncritical information infrastructurewhitelist mechanism
分类号:
TP393
DOI:
10. 3969 / j. issn. 1673-629X. 2024. 03. 015
摘要:
随着互联网和信息技术的快速发展,传统的工业制造与新兴信息技术、互联网技术开始互相融合,“ 工业互联网” 逐渐崭露头角,并广泛应用于能源、电力、交通、军工、航空航天、
医疗等关系到国家安全、国计民生的重要行业。 工业互联网涉及到众多国家关键基础设施,因此工业互联网的安全将影响到社会安全、公众安全甚至国家安全。 该文对工业互联网中存在的网络安全风险进行分析,并提出一种基于“ 零信任” 机制的边界防护方案,在兼容数量庞大、种类繁多的工业设备、操作系统以及生产应用的同时,为整个生产内网提供整体
安全防护能力。 基于零信任机制的工业互联网边界防护方案区别于传统防护思路,以白名单机制代替黑名单机制,以应用隐身代替技术对抗,以动态验证代替静态检测。 最后,给出了
基于零信任机制实现的工业互联网边界防护应用案例,并结合系统功能分析了该方案的技术优势。
Abstract:
With the rapid development of the Internet and information technology, traditional industrial manufacturing has begun tointegrate with emerging information technology and internet technology. The " Industrial Internet" has gradually emerged and is widelyused in important industries related to national security, national economy, and people’s livelihood, such as energy, electricity,transportation,military industry,aerospace, and healthcare. The industrial internet involves many key infrastructure in countries, so it’s security will affect social security,public security, and even national security. We analyze the network security risks in the industrialinternet and propose a boundary protection scheme based on the " zero trust" mechanism, which provides overall security protectioncapabilities for the entire production intranet while being compatible with a large number and variety of industrial equipment,operatingsystems,and production applications. The industrial internet boundary protection scheme based on zero trust mechanism is different fromtraditional protection ideas,using whitelist mechanism instead of blacklist mechanism,applying stealth instead of technical confrontation,and dynamic verification instead of static detection. Finally, we present an application case of industrial internet boundary protectionbased on zero trust mechanism,and analyze the technical advantages of this solution in combination with system functions.

相似文献/References:

[1]钟云峰,宋伟宁.基于云边协同多任务计算卸载策略[J].计算机技术与发展,2022,32(04):69.[doi:10. 3969 / j. issn. 1673-629X. 2022. 04. 012]
 ZHONG Yun-feng,SONG Wei-ning.Multi-task Computation Offloading Strategy Based on Cloud-side Collaboration[J].,2022,32(03):69.[doi:10. 3969 / j. issn. 1673-629X. 2022. 04. 012]

更新日期/Last Update: 2024-03-10