On November 13-15, the 13th (2014) Annual Conference of China Petroleum and Chemical Automation was held in Wuxi, Jiangsu. Petroleum and chemical network and information security issues became important topics for the annual conference. Experts at the meeting unanimously agreed that with the increasing integration of advanced information technology and the petrochemical industry, the hidden problems of network and information security have become increasingly prominent. The lack of specialized and home-made core technologies and equipment has restricted the improvement of China's petrochemical industry network and information security.

Delegates believe that the network and information security issues are not only related to the industrial safety lifeline, but also related to the national energy and national economic security, and should be elevated to the national strategic height to attach importance. Tang Xin, deputy director of the Cyber ​​Security Coordination Office of the State Internet Information Office, said that at present, we are experiencing a thriving third revolution, the information revolution. While information technology brings convenience and efficiency to human beings, serious security problems also follow. At present, the cyberspace security situation is increasingly severe, and new problems and new situations continue to emerge. “The oil and chemical industry as an important energy and basic raw material industry, its network and information security is directly related to national security and social stability, and is an important part of the national network security work,” he said.

It is reported that with the accelerated development of the integration of the two industries in the petrochemical industry, petrochemical companies generally adopt highly automated production technology equipment and highly information-based operation and management methods, which greatly increase production efficiency. At the same time, the rigorous network information security risks also go hand in hand. The petrochemical industry network information security protection has its particularity. The first is the special attacking subject of its protection, which is different from traditional network attacks such as network fraud and network intrusion for the purpose of seeking finance and profit, and the industrial intruder is not a “hacker” in the general sense, but may be a terrorist organization. Even the organizations supported by the forces of hostile countries; Second, the consequences of attack and destruction are serious. For example, once the key facilities of oil and gas pipelines or large petrochemical installations are attacked, they will directly threaten the development of the national economy and social stability.

Tang Xin emphasized: “The particularity of the network and information security in the oil and chemical industry also reflects the difficulty of protection. On the one hand, the industrial control system of the petrochemical industry employs a large number of embedded operating systems and dedicated communication protocols, which are traditionally safe. Protection products and services are difficult to apply directly and require professional and tailored security protection. On the other hand, critical infrastructure operation and maintenance requirements are high, and many systems are running 24/7 without interruption. It's more difficult."

Chen Minghai, secretary-general of the China Petroleum and Chemical Automation Application Association, told the China Chemical Daily that China's petroleum and chemical companies' key control systems and information processing systems have basically adopted foreign technologies and equipment, which has caused us to lack autonomy in ensuring information security. Rights and core technologies have brought hidden dangers to the development of industry security. "To increase the industry's level of understanding of information security, strengthen the ability to independently innovate, and use domestic technology to solve the hidden dangers of information security is an important task at present, and it should be considered at the national strategic level," stressed Chen Minghai.

Industry perspective

Looking forward to home-made products early

● Qi Xuezhong, deputy director of the Department of Information System Management of Sinopec: At present, most of the information products and industrial control products used in the petrochemical industry in China are imported from abroad. In this regard, China has very few technologies and products with independent intellectual property rights. Only relying on foreign advanced technology will never go far. I have worked in the petrochemical system for more than 30 years and have always hoped that China will make breakthroughs in industrial products in the information technology and petrochemical industries, and gradually realize localization alternatives.

We hope that the state will give enterprises more encouragement policies in the localization of information products, and related software developers and hardware manufacturers in China will continue to strengthen their innovation capabilities. Sinopec is willing to work with them to promote the process of localization of information security. In the process of promoting informationization, Sinopec has also been devoting itself to the development and application of localized software. Under the support of the national "863" program, Sinopec has successfully developed the MES system in collaboration with Zhejiang University and the Chinese Academy of Sciences. Promote the application of domestic refining companies. Practice has proved that our independently developed MES system is not inferior to foreign products and has achieved good results in improving the fine management level of enterprises.

● Yuan Qingbin, chief engineer of PetroChina Jinzhou Petrochemical Company: World-class companies need advanced level information technology as their support. “Informatization cannot reach the advanced level in the world, and comprehensive energy companies do not possess world standards” has become a manager of CNPC at all levels Consensus. The extensive application of information technology has played an increasingly important role in the enterprise's innovative production and management, optimization of resource allocation, and improvement of work efficiency. At the same time, its safety and reliability are becoming more and more important. The ex-Soviet gas pipeline explosion in Siberia is a serious cyber security accident. Therefore, informatized products and technologies must have our own core technologies. To completely change the passive situation where the device cannot be touched, the configuration cannot be changed, and the account cannot be moved, domestic equipment manufacturers, software developers, and system integrators are required to strengthen their independent innovation capabilities and develop professionally-made domestic products as soon as possible. It will fundamentally improve the protection capabilities of China's cyberspace and increase the domestic and controllable domestic software and hardware and service share.

● Tang Xin, deputy director of the National Internet Information Office Cyber ​​Security Coordination Bureau: To ensure the security of our network information, we must make efforts in independent innovation, actively promote the use of domestically controlled technology and products, even if it is slower The performance is lower, but it must be applied steadfastly. It is necessary to put forward clear requirements for products and services that enter the Chinese market, and it is strictly prohibited to take away data and control system operations without the user knowing. Do "Own data own decision, own system control."

Of course, autonomy is not behind closed doors, but also based on an open environment, focusing on the positive background of economic globalization. At the same time, it is necessary to strengthen personnel training, implement cyber security personnel construction projects, study and establish a first-level discipline of cyberspace security, improve relevant policies, and attract and use network security talents.