Active defense lays the foundation for the security of ubiquitous power Internet of Things

The spear is sharp and the shield is thick, one is growing while the other is declining, and the way of defense changes with the situation. General Secretary Xi Jinping emphasized at the first meeting of the Central Leading Group for Cybersecurity and Informatization that there is no national security without cybersecurity, and there is no modernization without informatization. With the rapid development of new technologies such as big data, the Internet of Things, and blockchain, cybersecurity has also entered a new stage and faces new challenges.

In the process of State Grid Corporation of China building a world-class energy Internet enterprise with "three types and two networks", network security is an important cornerstone. How to build a network security defense system that adapts to the construction of ubiquitous power Internet of Things and ensure the stable operation of various businesses?

Building a ubiquitous power Internet of Things active defense system

In ancient Chinese wars, the Central Plains dynasties were often at a disadvantage when fighting against the nomadic peoples in the north. For this reason, rulers of successive dynasties invested a lot of manpower and material resources to build the Great Wall and strengthen the city defenses, but the results were mediocre. Emperor Wu of the Han Dynasty, Liu Che, took the initiative in the battles with the Huns with his powerful cavalry, advanced protective equipment and offensive weapons, defeated the nomadic peoples many times, and brought long-term peace to the country.

The attack and defense process of network security is like the battle between the Central Plains and the Huns. Traditional security protection methods adopt the method of "building the Great Wall", that is, investing a lot of manpower and material resources to build technical defense measures from the dimensions of boundaries, terminals, hosts, applications, data, etc. to achieve passive defense. With the penetration of the Internet into industry and industry, the era of the Internet of Everything has arrived, and the tentacles of network security risks have spread to all aspects of infrastructure. The traditional wall-building passive defense system can no longer meet the needs. It is necessary to defeat the attacker in an active defense way, strangle the network security risk in the cradle, and ensure the safe development of various business of the enterprise.

The construction of the ubiquitous power Internet of Things is to connect all people, things and equipment related to the power grid, gather energy resources, network resources, user resources, data resources, and reputation resources, and provide intelligent services for users, power grids, power generation, suppliers and all sectors of society. People, things and things (equipment) are the three major elements of the construction of the ubiquitous power Internet of Things. The design of the security protection system should also start from the "three defenses" of physical defense, event defense and human defense, and build a full-scenario network security system that is compatible with the "three types and two networks" enterprises. Among them, physical defense is the basic guarantee for the safe operation of the ubiquitous power Internet of Things, event defense is the part that reflects the main value of security protection, and human defense is an important link to ensure that the company becomes a platform-based and sharing-based enterprise.

Data security protection is the core of active defense

The idea of ​​combining physical defense, incident defense, and human defense is an optional path for designing the active defense system of the ubiquitous power Internet of Things. So, what do physical defense, incident defense, and human defense include, and what is the focus of protection?

The focus of physical defense corresponds to the perception layer, network layer and platform layer in the ubiquitous power Internet of Things technology architecture. The perception layer protection is mainly based on the core, identifying "self" and "non-self" to achieve data collection security; the network layer protection focuses on protocol analysis and full flow monitoring to achieve data transmission security; the platform layer protection focuses on situational awareness and secure interaction to achieve data integration security.

The focus of incident prevention corresponds to the application layer in the ubiquitous power Internet of Things technology architecture. Application layer protection focuses on data classification authorization to achieve data application security. In the process of building the ubiquitous power Internet of Things, the special feature of incident prevention is that it is aimed at various application scenarios, especially new businesses such as e-commerce, smart energy services, source-grid-load-storage collaborative services, new energy cloud, multi-station integration, and Internet finance, which involve a large amount of personal information and other content, and strict measures need to be taken to control related risks.

Civil defense is mainly aimed at the protection of internal and external users and the security management system followed by users. The focus of civil defense is on the difference between internal and external. For emerging Internet businesses in the market that need to be expanded quickly and flexibly, we should adapt to the protection concept of the Internet and adopt the security protection strategy of "light authentication and easy access"; for internal business of the company, we should adopt the security protection principle of "strong authentication and detailed control" and implement trusted identity authentication and data encryption transmission.

The key to the “three defenses” is data security protection, which is the core of the active defense system. Data in the energy Internet is the company’s basic strategic resource and a “diamond mine” for sustainable development and value-added realization in the future. Ensuring the security of IoT data from collection, transmission, integration to application, and proposing targeted technical defense measures and management methods that can be implemented are the value of active defense system design.

The key to implementation lies in professional ability and professional team

The reason why Emperor Wu of Han dared to take the initiative to attack the Xiongnu was because of his three magic weapons: a strong cavalry, advanced horses and weapons, and a mature combat system. Among them, a strong cavalry was the root of his success. The same is true for the implementation of the active defense system. The development of new technologies such as basic protection, situational awareness, and accurate early warning is certainly important, but no matter how sophisticated the system design is and how advanced the product deployment is, the main body and key to the success of the new security defense line of the ubiquitous power Internet of Things still lies in the professional security team.

Whether the active defense security team is professional depends on whether it has good major guarantee, service support, attack and defense penetration, technical support and detection and testing capabilities.

In recent years, the national network security protection work has been arduous and demanding. Enterprises should focus on accumulating a network security talent pool, solution pool, and equipment pool, and form a complete set of technical defense measures, hidden danger investigation, security reinforcement, monitoring and early warning, emergency response and other protection plans and implementation methods, laying a good foundation for the rapid and systematic development of future protection work.

A professional security team is needed between the company headquarters and provincial power companies to ensure that the requirements of the security protection system are effectively implemented. On the one hand, the service support team must have sufficient personnel and concurrent service capabilities covering multiple provincial power companies; on the other hand, it must accumulate service qualifications and accumulate general capabilities through qualifications. The service support team should also have the ability to assist various units in the security operation and advanced analysis of the network security analysis room.

One of the characteristics of active defense is the ability to identify the source of network actions and implement preemptive, preventive or countermeasure actions. Therefore, efforts should be made to introduce external high-end talents and cultivate internal talents, establish a company red and blue team with complete attack and defense capabilities, and cultivate a loyal, responsible and technically proficient network attack and defense team for the construction of ubiquitous power Internet of Things.

技术支持能力的构建前提是产品自主研发能力的积累。国网信息通信产业集团有限公司所属网安公司自主研发的基础安全设备配置核查工具、思极慧眼主动安全保障平台等产品使用成效显著，在专业支持方面，也为通信、营销、设备等专业提供了网络安全专业技术支持。

Most of the risks of IoT are caused by undiscovered vulnerabilities in IoT applications and terminal devices during the R&D process. Security vulnerabilities should be fully tested and tested during the R&D and production process to improve delivery quality, which will play an important role in "moving the checkpoints forward and preventing risks before they occur" in network security work during the construction of IoT.

The cross-border characteristics of the ubiquitous power Internet of Things are more obvious, covering all aspects of information perception, data transmission and intelligent processing. As the construction continues to deepen, only by taking timely and proactive measures through more accurate and intelligent security protection measures and quickly solving problems in the construction of the Internet of Things can the network security of power grid companies be effectively guaranteed.