As a national basic industry closely related to the national economic lifeline and people's life, the energy industry has always been the pioneer of China's information construction, and information equipment has also become the main production equipment in the energy industry. Information equipment stores the enterprise's core production data, runs the core business system, and carries the energy dispatching command. The operation safety and work safety of information equipment have become the top priority of safe production in the energy industry.
The energy industry covers a wide range. As an important branch of the whole energy industry, electric power plays an important role in national production and life. In order to standardize and unify the planning, implementation and supervision of China's power grid and power plant computer monitoring system and dispatching data network security protection, In order to prevent the attacks on the power grid, power plant computer monitoring system and dispatching data network and the resulting power system accidents, ensure the safe, stable and economic operation of China's power system, and protect the safety of important national infrastructure, the overall security protection scheme of power secondary system came into being, This puts forward a higher standard for the management and security protection of power system. The regulations on security protection of power secondary system (Order No. 5) and the overall scheme for security protection of power secondary system define the specific measures for information security construction from the level of policies and regulations and technical scheme. The scheme follows the 16 character policy of "security zoning, network dedicated, horizontal isolation and vertical certification". With the rapid development of power system informatization, production and business systems are becoming richer and more complex. Large area production control system, such as electric energy management system, electric energy measurement system, wide area vector measurement system, etc; Management information area, such as power trading system, ERP system, production system, financial control system, power marketing system, etc. Many business systems have cross regional data exchange, which puts forward very high requirements for the management of many information equipment. The comprehensive development of network security level protection evaluation and risk assessment also puts forward more specific requirements for the security management and operation and maintenance of information equipment in the power industry.

Industry demand

In the power industry, the operation status of information equipment needs to be monitored in time and inspected regularly to ensure that problems are found in time and relevant faults are eliminated in time. At the same time, any operation of information equipment directly affects the safety production of the enterprise, so it is necessary to conduct safety monitoring throughout the process and keep the original records.
In view of the wide variety and large number of information equipment in the power industry, we list the common security status in the power industry:
1. There are many servers, networks, databases and information application systems. Each administrator needs to manage multiple devices, and the management interfaces are diverse. Single sign on (SSO) cannot be realized, and the account and password are easy to be cracked;
2. Third party maintenance personnel, system administrators, network administrators and equipment supplier personnel cannot control and audit the operation of equipment and system; Unable to assess whether the third-party service personnel have operated beyond their authority on the power secondary information equipment, and unable to monitor the whole operation process;
3. The unified management policy cannot be set, and the remote access behavior of managers to servers and network devices cannot be authenticated, authorized, audited and managed.

Palladium unified security management and comprehensive audit system is a new generation of security audit monitoring system. It adopts the integrated design of software and hardware and is managed by B / s or C / s. its main function is to realize the whole process monitoring of personnel operating power information equipment and information system processes such as server, network equipment and database, and to monitor and audit the whole process, And real-time blocking of illegal operations.

The system has powerful input and output audit function, which can not only record each instruction of user operation in detail, but also record the whole process of user operation, and has the function of audit playback to realize "online and offline" double-layer monitoring, which greatly enriches the function of equipment safety monitoring and ensures that the leadership, management and patrol auditors are well documented.

The deployment of Palladium's unified security management and comprehensive audit system can improve the overall security protection level of the power industry from the following three aspects:

1. Improve the authority control ability of Enterprises -- the basis for reducing costs and information security risks.

Authority control (authentication, authentication and audit): conduct one-to-one real name account and password verification for each operation and maintenance personnel. The specific operator can be found through the login account, and set the use authority for each operator. The operator can only access the allowed equipment within the allowed range, so as to avoid wrong operations caused by human reasons, Track and record the access, operation and equipment operation of each operator. Any equipment access and change are controllable, recordable and traceable.

2. Strengthen the equipment inspection mechanism of the enterprise - strengthen the equipment patrol inspection system of "two tickets and three systems", find problems in time and eliminate relevant faults in time.

Equipment patrol inspection is the patrol inspection and regular work of information equipment to ensure that the patrol inspection personnel regularly follow up the task to patrol the equipment operation status and ensure the stable operation of the system.

3. Realize the work process monitoring of the enterprise - realize the work process monitoring and accurately judge the cause and responsibility of the accident.

Work process monitoring: handle the whole process monitoring for all operation processes of information equipment, ensure that staff have complete records of each work of information equipment, and realize "online and offline dual monitoring".  

Deployment mode

1. Comply with the safety production system of "two tickets and three systems" in the power industry, comply with the safety specifications of secondary protection, and meet the monitoring requirements of the power industry for equipment safety;

2. All operations of information equipment are monitored in the whole process to fully realize "online and offline two-level monitoring", leaving no dead corner. The security events can be traced and determined through the playback function.