When the continuously penetration from internet technology into industrial field, requirement for uploading flow data to the internet and building a dedicated industrial cloud platform is growing. However, considering data security, the industrial enterprises only transmit management data or environmental data to the internet but not process real-time data.
In the present technology, a solution of sending the industrial flow data to the internet has not yet invented.
A method of protecting industrial control network is disclosed in the Chinese patent database with the application number 201210553196.8; the method comprises the steps:
(1) The industrial information system applies hierarchy system under the requirement of information security of industrial control network; the industrial information system is divided to three layers: an industrial control layer, a manufacturing execution layer and an operation management layer; data communicated in the industrial control layer applies security arrangement;
(2) according to the characters and the control scopes of the industrial control system, the industrial control layer is divided to different blocks, which are separated by firewalls, for message filtering and access controlling; the industrial communication protocol is checked and analyzed; illegal communication's real-time warnings, source confirming and history recording are performed to ensure real-time diagnosis of the network;
(3) data is communicated between the industrial control layer and the manufacturing execution layer safely in non-internet way by using a network isolator; the internal and external operation system of the network isolator are alternatively and asynchronously connected; potential communication of the manufacturing execution layer with the industrial control layer is cut down by impenetrability TCP connection technique combining with access control technique; the communication between the industrial control layer and the manufacturing execution layer is one-way isolated;
(4) the arrangement, management, analysis, warning and audit center of the industrial control layer are built by the industrial security management platform module; the firewalls and network isolation devices are configured and managed; the warning information of the network events are stored and retrieved and the warning are graded; the terminals in the white list are allowed to access; the industrial control protocol is analyzed and abnormal events are captured; potential risks are analyzed; virus, worms and illegal incursions are captured; these provide reliable basis for network troubleshooting, analyzing and safely auditing the industrial control system. Above mentioned solution is provided that data is communicated in non-internet way by a network isolation module between the industrial control layer and the manufacturing execution layer; the internal and external process systems of the security isolation module are asynchronously connected; potential communication from the manufacturing execution layer to the industrial control layer is cut down by the impenetrability TCP connection technique combining the access control technique so as to achieve one-way isolation between the industrial control layer and the manufacturing execution layer. This isolating method is complicated, even though both process systems are not connected synchronously, data attack cannot be prevented. As long as the system is connected to Ethernet, there is surely a matter of risk; for example, port scanning, invalid accessing, network monitoring and network attacking.
Furthermore, the industrial field commonly applies with hierarchy network topology construction, which comprises a device layer, an information layer, a control optimization layer and a management decision layer, as figured in FIG. 1. This construction is not accomplished at one stroke but a standard structure through a long developing history of the process control and industrial intelligence. Although the hierarchy construction realizes distributed information monitoring and controlling and it updates complicated and distributed manually controlling to a centralized computer monitoring and manual policing, the big hierarchy system is of high cost maintenance, high system upgrade bottleneck, limited performance, information isolated island and weak expansibility.
Traditional controlling center and monitor room is built in hierarchy mode, thereby it needs work space, software and hardware devices, SCADA/DCS software systems and professional operators; the initial investment and daily maintenance cost a large expenditure; in addition, some systems are idle for a long period after the controlling center is built that they do not perform their monitoring, resulting in a burden to the enterprise.
Existing known construction highly costs as it needs to build the site controllers (PLC/DDC) and the controlling center, to pay for the software and hardware, to arrange the monitoring software and redundant systems, to build professional team, to keep daily operation and maintenance, etc; the system upgrade bottleneck includes independence of the communication protocols of different factories, limited and bad stability and maintenance of the computing performance of the controllers; the limited performance mainly includes: limited communication efficiency between the layers, limited reliability and limited expansibility.
At the same time, the hierarchy construction is provided that the signal is uploaded in layers from the micro bottom layer (device layer) to the macro top layer (management decision layer), then the macro top layer sends operation commend to the bottom layer in layers. Signal collected from the site devices and uploaded to each higher layer needs data managing and logical judging. when the hardware devices increase, the working frequency of the bottom layer is higher, meaning that the decentralized controlling and logical processing are getting higher; the data magnitude of the top layer grows multiply. Large enterprises are able to build this huge and complicated hierarchy construction, but for small and micro enterprises, it is difficult.