Foreword: The birth of a good article requires you to constantly collect data and sort out ideas. This website has collected a wealth of model articles on the subject of network emergency security plan for you, which are only for reference. Welcome to read and collect them.
Part 1: Model of Network Emergency Security Plan
(1) Purpose
For scientific response network Establish and improve information security with information security (hereinafter referred to as information security) emergencies meet an emergency Response mechanism, effective prevention, timely control and maximum elimination of information security The emergency plan is formulated for the hazards and impacts of various emergencies reserve plan 。
(2) Working principles
1. Unified leadership and coordination. The regional information security emergency response work shall be under the unified leadership and coordination of the regional informatization work leading group, and the relevant departments shall cooperate and implement in accordance with the principle of "unified leadership, centralized responsibility, comprehensive coordination, and each performing its own duties".
2. Clarify responsibilities and standardize according to law. In accordance with the requirements of "territorial management, graded response, timely discovery, timely report, timely treatment, and timely control", the people's governments of all towns, sub district offices, and departments directly under the district level shall prevent, monitor, warn, report, respond, coordinate, and control information security emergencies according to law. In accordance with the principle of "who is in charge, who is responsible, who operates, who is responsible", the responsibility division system and accountability system are implemented.
3. Integrate resources by combining different sectors. Make full use of the existing information security emergency support service facilities to integrate the information security work force of our district. Fully rely on the local information security work force of relevant provincial and municipal departments, further improve the emergency response service system, and form a joint force of regional information security assurance work.
4. Focus on prevention and strengthen monitoring. Publicize and popularize the knowledge of information security prevention, firmly establish the awareness of "prevention first and unremitting", regularly make ideological preparations, preplan preparations, mechanism preparations and work preparations to deal with information security emergencies, and improve the public awareness of prevention and the comprehensive level of information security assurance of basic networks and important information systems. Strengthen the daily monitoring of information security risks, find and prevent major information security emergencies, take effective and controllable measures in time, quickly control the impact of events, and strive to minimize losses.
(3) Scope of application
This plan is applicable to Level III and IV emergency treatment and specific response to Level I and II emergency treatment.
The emergency response of the basic communication network shall be implemented in accordance with the relevant regulations of the Ministry of Information Industry, and the district people's government shall actively support and cooperate.
2、 Organization and responsibilities
(1) Emergency command organization
Under the unified leadership of the District Information Work Leading Group, the District Network and Information Security Emergency Response Committee (hereinafter referred to as the District Information Security Emergency Response Committee) is established to serve as a comprehensive discussion and coordination mechanism for the District People's Government to handle the emergency work of information security emergencies. The main responsibilities are: to carry out the disposal work according to the requirements of the national, provincial, municipal and district informatization leading organizations; To study and decide on major issues related to regional information security emergency work; Decide to launch the emergency plan for Level III and IV information security emergencies, and organize forces to deal with Level III and IV emergencies; Uniformly lead, organize and command the emergency response and disposal of major information security emergencies; Items assigned by the district informatization work leading group and other responsibilities stipulated by laws, regulations and rules.
The special emergency committee for district information security is composed of the deputy district head in charge of informatization as the director and the heads of relevant units.
The office of the District Information Security Special Emergency Committee is located in the District Computer Information Center, and its main responsibilities are:
1. Supervise and implement the decisions and measures made by the district informatization leading group and the district information security special emergency committee;
2. Draw up or organize to draw up the work plan and emergency plan of the district people's government to deal with information security emergencies, and organize the implementation after the approval of the district people's government;
3. Urge and inspect the formulation, revision and implementation of the special emergency plan for information security of the relevant departments directly under the town, street and district, and give guidance;
4. Urge and inspect the monitoring and early warning of information security emergencies of the relevant departments directly under each town, street and district, and give guidance;
5. Summarize all kinds of important information about information security emergencies, conduct comprehensive analysis, and put forward suggestions;
6. Supervise, inspect, coordinate and guide the information security emergency prevention, emergency preparedness, emergency disposal, post recovery and reconstruction work of relevant departments directly under each town, street and district;
7. Organize the formulation of publicity and training plans for information security common sense and emergency knowledge, as well as business training and drill plans for emergency rescue teams, and urge the implementation after reporting to the district people's government for approval;
8. Other work assigned by the District Information Work Leading Group and the District Information Security Special Emergency Committee.
(2) Responsibilities of each member unit of the District Information Security Special Emergency Committee
District computer information center: make overall planning for the construction of emergency response technology platform, organize the formulation of emergency response policy documents and technical plans for the whole district in conjunction with the ___ Public Security Branch, the National Security Corps, the District National Security Bureau and other relevant units, be responsible for the training of security incident handling, and timely collect, report and report the emergency situation, Be responsible for reporting relevant work to the district people's government.
___Public Security Branch: closely monitor the spread of harmful information on the Internet in China, stop the malicious speculation on social hot spots and sensitive issues on the Internet, and monitor the network operation security of government websites, news websites, portal websites, and major national events and key websites during the conference. Prevent and handle major computer virus outbreaks and large-scale network attacks. Investigate and deal with harmful information that spreads rumors, creates panic, disturbs social order, and maliciously attacks the party and government on the Internet according to law. Combating illegal and criminal acts that attack, disrupt the safe operation of the network, and create online terrorist events.
State Security Brigade: collect information on potential foreign enemy attack plans and capabilities, and carry out various reconnaissance work against spy organizations, hostile forces, ethnic separatist forces, forces and other collusion inside and outside, and use computer networks to endanger national security; Investigate and deal with crimes suspected of endangering national security according to law; Investigate and deal with illegal and criminal activities that steal state secrets or produce and disseminate information endangering national security on computer networks according to law.
area
Finance Bureau: formulate policies and plans related to fund guarantee; Ensure the funds required for the construction of emergency response system and emergency response. District State Secrecy Bureau: organize and coordinate relevant departments to investigate and deal with the acts of leaking and stealing state secrets on the computer network according to law, do a good job in security classification identification and take remedial measures.
(3) On site emergency handling team
After a security incident, the District Information Security Special Emergency Committee set up an on-site emergency handling team to provide technical support and guidance for the handling of computer system and network security incidents, respond quickly according to the correct process, and propose a statistical analysis report of the incident.
The on-site emergency handling team is composed of the following personnel:
The management includes the Deputy Director of the Emergency Committee, leaders of relevant member units and department heads. The main task is to ensure the formulation and implementation of security policies; Identify the main threats to the normal operation of the network and information system; Determine the sequence of actions to be taken in case of problems; Make key decisions; Special circumstances for approval of exceptions, etc.
In terms of technology, it shall include relevant municipal experts and technical personnel from relevant regional information security technical support institutions. Mainly responsible for dealing with the system with problems from the technical aspect; Detect intrusion events and take technical measures to reduce losses.
3、 Early warning and prevention mechanism
(1) Information monitoring and reporting
1. Public security, national security corps, district computer information center and other units should strengthen information security monitoring, analysis and early warning, further improve the ability of information security supervision and law enforcement, and increase the fight against computer crimes.
2. Establish information security accident reporting system. The unit that has an information security emergency shall immediately investigate and verify the incident, preserve relevant evidence, and report relevant materials to the district computer information center within 5 hours after the incident is found or should be found.
(2) Early warning
After receiving the information security emergency report, the District Computer Information Center shall report the relevant situation to the District Information Security Special Emergency Committee in a timely manner after preliminary verification. On the basis of further comprehensive situation, research and analysis of possible damage degree, propose preliminary action countermeasures, convene coordination meetings as appropriate, and implement action plans, instructions and orders according to the decisions of the Emergency Committee.
(3) Early warning support system
The district computer information center shall establish and gradually improve the information monitoring, transmission network and command decision support system to ensure resource sharing, normal operation and strong command.
(4) Prevention mechanism
Actively promote classified protection of information security and gradually implement information security risk assessment. For the construction of basic information networks and important information systems, full consideration should be given to survivability and disaster recovery, and information security emergency response plans should be developed and improved. For the sudden and large-scale security incidents of the basic information network, the relevant departments establish institutionalized and procedural processing procedures.
4、 Emergency handling procedure
(1) Determination of level
The reference elements for the classification of information security incidents include information security level, public impact and asset loss. Each reference element is described as follows:
(1) Information security level is an element to measure the importance of information involved in information security incidents caused by information theft or disclosure of secret information;
(2) Public impact is an element to measure the scope and degree of negative impact caused by information security incidents;
(3) Business impact is an element to measure the negative impact of information security incidents on the normal business development of the incident unit;
(4) Asset loss is an element to measure the cost of funds needed to restore the normal operation of the system and eliminate the negative impact of information security incidents.
Information security emergencies can be classified into four levels: general (Level IV), major (Level III), major (Level II) and particularly significant (Level I).
Level IV: information security incidents that occur in a large area and may cause great damage.
Level III: The network and information system of important departments, key websites or other networks and information systems related to social affairs or economic operation in the region have been severely impacted in a large area.
Level II: The breakdown of important departments or local basic networks, important information systems, and key websites in the district will lead to business interruption, and the vertical or horizontal extension may cause serious social impact or large economic losses.
Level I: information security incidents in which hostile elements use information networks to carry out large-scale organized propaganda, incitement and infiltration activities, or multiple locations or multiple basic networks, important information systems and key websites of units directly under the district are paralyzed, resulting in business interruption, causing or likely to cause serious social impact or huge economic losses.
(2) Plan launch
1. In case of Class IV network information security incident, the district government shall launch the corresponding plan and be responsible for emergency response; In case of Level III network information security incident, the district government will launch the corresponding plan, and the special emergency committee for information security of the district will be responsible for the emergency handling work; In case of Level I and II information security emergencies, report to the municipal people's government to start the corresponding plan.
2. After receiving the report, the District Information Security Special Emergency Committee Office shall immediately report it to the District Emergency Committee, and together with the relevant member units, organize an expert group to evaluate the nature and level of the emergency and the timing of launching the plan as soon as possible, propose to the District Emergency Committee to launch the plan, and report to the District People's Government for approval.
3. After the District People's Government makes the decision to launch the plan, the District Information Security Special Emergency Committee will immediately start the emergency handling work.
(3) On site emergency treatment
The unit where the incident occurred and the on-site emergency handling team shall collect information related to the incident as much as possible, identify the category of the incident, determine the source of the incident, and protect the evidence so as to shorten the emergency response time.
Check the results caused by the threat, and assess the impact and damage caused by the event: for example, check the integrity, confidentiality or availability of systems, services, and data; Check whether the attacker has invaded the system; Whether you can enter again at will; The extent of loss; Determine the main hazards exposed, etc.
The impact of the event is further expanded to limit potential losses and damages. Possible suppression strategies generally include: shutting down services or all systems, disconnecting physical links of related systems from the network, and modifying the filtering rules of firewalls and routers; Blocking or deleting the compromised login account, blocking the access of suspicious users to the network; Improve the monitoring level of system or network behavior; Set traps; Enable the takeover system in case of emergency; Implement special "defense state" security alert; Counterattack the attacker's system, etc.
eradicate. After the event is suppressed, the root cause of the event is found out through the analysis results of the malicious code or behavior, and the corresponding remedial measures are defined and thoroughly eliminated. At the same time, law enforcement departments and other relevant agencies accurately locate the attack source and take appropriate measures to interrupt it.
Clean up the system, recover data, programs, and services. Restore all compromised systems and network devices to normal task status. The recovery work should be very careful to avoid data loss caused by operational errors. In addition, if confidential data is involved in the recovery work, the recovery requirements of the confidential system need to be additionally followed. If the attacker obtains the access right of the super user, a complete recovery should force all passwords to be modified.
(4) Report and summary
Review and sort out all kinds of relevant information of the event, and record all situations in the document as far as possible. The unit that has a major information security incident shall report the handling results to the municipal informatization leading group for filing within 5 working days after the incident is handled. (See Annex III for the Report Form of Handling Results of Major Information Security Incidents)
(5) End of emergency action
According to the disposal progress of information security incidents and the opinions of the on-site emergency handling working group, the District Computer Information Center organizes relevant departments and expert groups to conduct a comprehensive assessment of the disposal of information security incidents, and puts forward suggestions for the end of emergency actions, which shall be submitted to the District People's Government for approval. Whether the emergency action is over or not shall be decided by the district people's government.
5、 Safeguard measures
(1) Technical support
The district computer information center shall establish a technical platform for early warning and emergency response to further improve the ability to detect and analyze security incidents: technically, it shall gradually realize multiple links such as discovery, early warning, disposal and notification, and the linkage mechanism for emergency response between different networks, systems and departments.
(2) Emergency team support
Strengthen the training of information security talents, strengthen information security publicity and education, build a high-quality, high-tech information security core talents and management team, and improve the awareness of information security defense of the whole society. Vigorously develop the information security service industry and enhance social emergency support capacity.
(3) Material condition guarantee
Arrange special funds for informatization construction in the district to prevent or respond to information security emergencies, provide necessary financial support, and strengthen material support conditions for information security emergency response.
(4) Technical reserve guarantee
District computer
The Information Center organizes relevant experts and scientific research forces to carry out research on emergency operation mechanism, emergency treatment technology, early warning and control, organize to participate in relevant provincial and municipal training, and promote and popularize new emergency technology. 6、 Publicity, training and drills
(1) Public information exchange
The district computer information center shall use various news media to carry out publicity before and after the revision and drill of the emergency plan; Regularly use various safety activities to publicize information security emergency laws, regulations and common sense of prevention and emergency to the public.
(2) Personnel training
To ensure the effective operation of the information security emergency plan, the District Information Security Special Emergency Committee regularly or irregularly holds training courses or seminars of different levels and types, so that emergency personnel at different posts can fully understand and master the knowledge and skills of information security emergency handling.
(3) Emergency drill
To improve the level of emergency response to information security emergencies, the District Information Security Special Emergency Committee Office regularly or irregularly organizes plan drills; Inspect whether the communication, coordination, command, etc. between all links of the emergency plan meet the requirements of speed and efficiency. Through drills, further clarify the responsibilities of each post in emergency response, and timely supplement and improve the problems and deficiencies in the plan.
7、 Supervision, inspection, rewards and punishments
(1) Plan implementation supervision
The District Information Security Special Emergency Committee Office is responsible for supervising and inspecting the whole process of the implementation of the plan, urging member units to take emergency measures according to the responsibilities specified in the plan to ensure timely and in place.
1. The unit that has a major information security incident shall timely and truthfully report the relevant information of the incident in accordance with the regulations, and shall not conceal or delay the report or encourage others to conceal or delay the report. Any unit or individual has the right to directly report to the District Information Security Special Emergency Committee if it finds that there is any concealment, delayed report or false report of major information security incidents.
2. After the completion of emergency actions, the District Information Security Special Emergency Committee Office shall evaluate the timeliness and effectiveness of emergency actions taken by relevant member units.
(2) Rewards, punishments and responsibilities
1. The following situations can be evaluated and reviewed by the District Information Security Special Emergency Committee Office, and rewarded after being approved by the District Information Security Special Emergency Committee: advanced units and collectives that have made special contributions in emergency actions; Personnel who put forward important proposals in emergency actions to save a lot of emergency resources or avoid heavy losses; Field operators who have made significant achievements in the first line of emergency action. Reward funds shall be provided by district and town finance or relevant units.
2. After the occurrence of major information security incidents, if the relevant responsible units and persons have concealed, delayed, omitted and other dereliction of duty, the District Information Security Special Emergency Committee Office will circulate a notice of criticism; If serious adverse consequences are caused, the relevant competent department will investigate the administrative responsibility of the responsible leader and person according to the circumstances; If a crime is constituted, the relevant department shall investigate its legal responsibility according to law.
3. If the instructions of the special emergency committee for information security in the district are not implemented in time and affect the effect of emergency action, the relevant personnel shall be held accountable according to the Regulations of the State Council on Administrative Accountability for Extraordinary Security Accidents and relevant regulations.
8、 Supplementary Provisions
The major network and information security emergencies mentioned in this plan refer to the serious impact on the normal operation of the network and information system of the local government agencies, the basic network and important information systems related to the national economy and the people's livelihood due to natural disasters, equipment software and hardware failures, internal human error or damage, hacker attacks, radio frequency interference and computer virus damage, etc, In case of business interruption, system destruction, data destruction, or information theft or leakage, as well as large-scale organized propaganda, incitement and infiltration activities by domestic and foreign hostile forces and hostile elements using information networks, or large-scale sabotage activities against domestic communication networks or information facilities, key websites Events that cause adverse effects on social stability or public interests, as well as direct or indirect economic losses to a certain extent. The subject of information security incidents refers to the producer of information security incidents or the ultimate cause of information security incidents. The object of information security incidents refers to the computer system or network system affected by or in which information security incidents occur. According to the characteristics of computer system and network system, the objects of information security incidents can be divided into three categories: information system, information content and network infrastructure.
1. This plan is revised and improved in time according to the change of emergency force, the application of new technologies and resources and the development trend of emergency events through drills and practical tests;
2. The members and mailing addresses attached to this plan should also be revised at any time in case of changes;
3. This plan shall be revised by the District Computer Information Center in conjunction with the ___ Public Security Branch, the National Security Corps and the District National Security Bureau, and shall be implemented after being reviewed and approved by the District People's Government executive meeting.
4. This plan is revised by means of revision or page change.
5. The regional computer information center is responsible for the interpretation of this plan.
6. The daily work of this plan is in the charge of the district computer information center.
Part 2: Model of Network Emergency Security Plan
Keywords secondary system; Network; Safety protection; reserve plan
CLC No. TP39 Document Identification Code A Article No. 1674-6708 (2010) 33-0228-02
Region Scheduling Data Network Security Assessment and Emergency System
CAO Jianfeng
AbstractSecondary power system in accordance with the national security of the relevant requirements of the Fuzhou region of the second grid system to assess network security, in view of the Fuzhou region of the second grid system issues of network security defense research, practice, and to identify areas of Fuzhou, the second grid weak point of the safety of the system, and scientific solutions. For the safety assessment report to study the formulation of security policy, the implementation of pilot programs and practice, and then test it again to build and improve the regional power network security defense system to system, and summed up the defense system the formation of the standard model.
KeyWordSecondary system;networking;security
0 Introduction
As an important infrastructure of the power system, the power monitoring system and dispatching data network are not only related to the production, operation and service of the power system, but also closely related to the safe operation of the power grid dispatching and control system. They are important components of power system security. Electric power production is directly related to the national economy and the people's livelihood, and its safety has always been one of the focuses of the relevant national departments.
With the development of communication technology and network technology, more and more power control systems are connected to the power dispatching data network. With the improvement of the primary equipment in power system, its controllability has met the requirements of closed-loop. With the establishment of centralized control substation mode, the reduction of personnel in substations and the increase of efficiency, a large number of remote control is adopted, which poses new severe challenges to the security, reliability and real-time of power control system and data network. On the other hand, Internet technology and the Internet have been widely used, making viruses and hackers increasingly rampant. At present, some dispatching centers, power plants and substations do not pay enough attention to network security when planning, designing and building control systems and data networks, which constitutes a serious hidden danger to the safe operation of power grids. In addition, there is also the threat of hackers' "eavesdropping" and "tampering" on the transmitted power control information by means of "overlapping" in the dispatching data network, and then carrying out illegal and destructive operations on the primary power equipment. Therefore, the security and reliability of power monitoring system and data network system has become a very urgent problem.
1 Overview of Fuzhou Power Grid Secondary System Network Security Assessment
1.1 Overview
The security assessment of the secondary system of Fuzhou Dispatching includes: secondary system asset assessment, network and business architecture assessment, communication relationship analysis between nodes, secondary system threat assessment, existing protection measures assessment, host security assessment, network system assessment, security management assessment, business system security assessment, secondary system risk calculation and analysis, security recommendations and other assessment contents, After the assessment, security reinforcement was carried out for the weak points of the system, and the Emergency Plan System of Fuzhou Power Dispatching Automation System was formulated to improve the reliability and security of the operation of the dispatching automation system, effectively prevent and correctly and quickly handle the power dispatching automation system paralysis events, and constantly improve the ability of Fuzhou Power Grid to prevent and control dispatching automation events, Minimize its impact and losses, and ensure the safe operation of the power grid. The basic implementation process of safety assessment is shown in Figure 1.
1.2 Network security assessment process
1.2.1 Asset investigation
As a key step of information collection, asset survey is the first step to start safety assessment and the basis of safety reinforcement. Its main purpose is to accurately and comprehensively obtain the list of information assets of the assessed system.
Therefore, during the implementation of the appraisal project, we attached great importance to the process and methods of asset survey in order to collect accurate and comprehensive information on the asset list. For each asset, we need to collect various attributes more accurately, so we plan the whole asset survey process as follows to ensure the realization of our asset survey objectives.
1.2.2 The vulnerability depth detection method combining forward testing and reverse osmosis is adopted
In this project, security scanning is mainly used to scan the system and network within the evaluation scope in the way of local scanning through the evaluation tool, and to find the security risks, vulnerabilities and threats existing in the network structure, network equipment, server host, data, user account/password and other security object targets from the perspective of intranet and extranet. This paper analyzes the host information security of the power secondary system by using the vulnerability depth detection method combining forward testing and reverse osmosis.
1.2.3 The vulnerability acquisition method combining remote vulnerability scanning and local host automatic script detection is adopted
The penetration test is mainly based on the security vulnerabilities that the security experts have mastered, and simulates the hacker's attack methods to conduct non-destructive attack tests on the system and network. All tests will be carried out under authorization and supervision. Penetration testing and tool scanning can complement each other well. Tool scanning has good efficiency and speed, but there is a certain false alarm rate, and high-level and complex security problems cannot be found; The penetration test requires a large amount of human resources and requires high professional skills of testers (the value of the penetration test report directly depends on the professional functions of testers), but it is very accurate and can find more logical and deeper weaknesses.
1.2. Insurance calculation and analysis
The risk calculation part of the information security risk assessment mainly takes the business system as the object of risk calculation and analysis. Taking the headquarters of Fuzhou Electric Power Bureau as an example, this time, the SCADA system, electric energy acquisition system A total of 4 business systems of OMS system and DMIS website have been evaluated and tested. The information asset value, threat occurrence possibility and vulnerability severity of each business system have been assigned. Through risk calculation, the risk calculation results have been obtained, the risk degree of each system has been determined, and the security weaknesses of the business system have been found.
1.2.5 Safety suggestions
According to the calculated security results, the security of network devices and security devices should be strengthened through management and technology. Users accessing important devices should follow certain rules and regulations, and changes in network configuration and allocation of permissions should be recorded, backed up and archived in a timely manner.
Conduct regular vulnerability virus scanning for important business systems and servers, analyze, record and archive the scanning results. The new system should be scanned and reinforced before going online, and the scanned logs should be timely audited and archived.
Conduct regular security audit on network operation logs, operating system operation logs, database operation logs, and business system operation logs, and submit security audit records and reports. Illegal acts in the reports should be reported and handled in a timely manner.
The configuration logs of network devices and security devices should be stored in the log server instead of the local router or switch, and should be backed up and archived regularly. The types of logs should include all users' views and changes of network devices and security devices.
This article is the original full text, but the PDF browser is not installed. Please download and install the original full text first
2. Construction of overall emergency plan system for regional power grid automation system
2.1 Emergence of emergency plan system
At this stage, the regional dispatching automation systems are closely linked, and the failure of a single system will affect the operation of multiple other systems in a chain way. The construction of the power dispatching data network extends to the county dispatching and 110kV substation. The types of access systems are becoming increasingly complex, and the cask effect of secondary safety protection is becoming increasingly obvious. As the system risk mainly comes from the virus and related system failures, the types of failures are complex and there are triggers or combinations, the idea of the emergency plan gradually gets rid of the idea of automating the single system plan, and gradually changes to the automatic secondary overall emergency plan system. When serious faults occur in the system, the idea is to consider the recovery means and measures as a whole, isolate the fault area, shield some functions of the affected system, and quickly import the daily manual or automatic backup hardware and software into the faulty equipment to recover the system. In the process of daily backup and drill, the complementary ability and constraints between systems shall be comprehensively considered, and the plan system shall be implemented with high efficiency and low cost according to the actual situation. The system attaches importance to the efficiency of the overall recovery of the system and the two-dimensional standard of daily input costs, and incorporates the advantages of various technical and management means.
2.2 Features of emergency plan system
The plan system is adapted to the characteristics of the increasingly close connection of the automation system. It breaks away from the idea of preparing a plan for a system before, and adopts the overall idea of "overall consideration, mutual backup, decentralized management, and centralized recovery" to avoid system islands. Comprehensive consideration, taking into account all systems and overall accident expectations, has strong compatibility and strong operability of each subsystem plan, It is characterized by low entry requirements, effective and fast recovery means, low investment cost, less daily maintenance workload, and high practical promotion value.
Overall framework diagram of the plan system Association diagram of each sub plan
2.3 Relationship between sub plans of the plan system
2.3.1 Coexistence relationship
There are mutual references and complementarities among the plan systems. Simplify the complexity of plan preparation, and transform complex system problems into multiple special problems to solve.
The resources of the centralized control system become the standby equipment in the EMS plan. The overall automation system is considered as a whole, and they are mutually standby. Resources are fully utilized to reduce the cost of the plan.
2.3.2 Mutually exclusive relationship
There is a mutually exclusive relationship between the power supply sub plan and other plans in the plan system. When the overall power supply abnormality is involved, it is necessary to consider sacrificing the small system to preserve the whole of the large system
3 Conclusion
This project has carried out special research and practice on the network security defense system of the secondary system of the regional power grid. The research results have effectively improved the security defense capability of the secondary system network of the regional power grid, and played an important guiding role in the security construction of the secondary system of the provincial dispatching center and the municipal power bureau. According to the research results, the project has constructed the dispatching automation emergency plan system and the fast backup and recovery system developed in conjunction with it, which has low investment and high efficiency, providing strong technical support for the safe and reliable operation of the power grid. The implementation of the project has promoted the dispatch center to have a deep understanding of the current security situation and various security risks of the existing secondary system, and ensure that the dispatch center takes appropriate network security measures and deploys and selects necessary security products for various security risks in the secondary system, It has important guiding significance for the network security construction of the provincial and even national power grid secondary system in the future.
reference
[1] Zhang Wangjun, Tang Yuezhong, Gu Lixin. Security Protection Strategy Analysis of Shanghai Power Grid Dispatching Secondary System. Power Grid Technology, 2004 (18)
[2] Wang Zhihua. Security Operation Center and Its Application in the Secondary System of Dispatching Center. Power System Automation, 2007 (22)
[3] Chen Wenbin. Research on Network and Information Security Technology of Power Secondary System. Electrotechnics, 2008 (11)
[4] Min, Xin Yaozhong, Xiang Li, Lu Changyan, Zou Guohui, Peng Qingqing. Security Protection of Dispatching Automation System and Data Network. Power System Automation, 2001 (21)
[5] Ge Haihui, Lu Xiao, Zhou Zhenyu. Data fusion technology in network security management platform. Power System Automation, 2004 (24)
[6] Hu Yan, Xin Yaozhong. Han Yingduo's structural design method for secondary system security system. Electrotechnics, 2003 (21)
[7] Cheng Bixiang, Research and Application of Physical Isolation Technology in Power Dispatching Automation System, Electrotechnics, 2008 (1)
Part 3: Model of Network Emergency Security Plan
The plan requires that when dealing with sudden communication and network events, local governments at all levels should fully guarantee personnel, transportation, materials, power energy, funds and other aspects, and make appropriate compensation for the losses caused by emergency requisition.
According to the plan, according to the scope of influence, China divides communication early warning into four levels: particularly serious (Level I), serious (Level II), relatively serious (Level III) and general (Level IV), which are marked red, orange, yellow and blue in turn. Among them, the conditions for the launch of the first level response include: the interruption of the inter provincial backbone network of the public communication network, the destruction of the national key communication hub building, etc., resulting in the large-scale interruption of communications in more than two provinces (districts, cities); In case of other particularly serious and major emergencies, which need to provide communication support, but exceed the provincial disposal capacity. In addition, in case of special circumstances, the corresponding level of early warning can be appropriately adjusted according to the actual situation.
The communication guarantee emergency plan system consists of national communication guarantee emergency plan, departmental communication guarantee emergency plan, local communication guarantee emergency plan and communication enterprise communication guarantee emergency plan. Among them, the three major basic telecom operators should perform the following duties:
First, in the planning and construction of communication networks, basic telecom operators should implement the requirements of network security, improve the construction of network security protection, monitoring and early warning, and emergency communication security systems, and constantly improve the self-healing and survivability of networks; Strengthen the monitoring of network operation security and inter network interconnection security and the troubleshooting of potential risks; Improve the emergency response mechanism, revise and improve the communication guarantee emergency plan at all levels, organize drills regularly, strengthen the publicity and education of network operation security and emergency communication guarantee, and improve the ability to respond to emergencies.
Secondly, basic telecom operators should establish and improve the network early warning monitoring mechanism and strengthen the monitoring of telecom network operation.
Part 4: Model of Network Emergency Security Plan
(1) Guiding ideology
Guided by the thought of socialism with Chinese characteristics for a new era and the spirit of Comrade's important speech on network security, we will further strengthen management, improve the information security technology service system, and enhance network security protection capabilities. We will comprehensively improve the network and information security awareness of cadres and workers in the overall situation, and establish a complete network and information security guarantee system.
(2) Basic principles
1. Standardize management and coordinate linkage. Improve the network security organization and management system, implement network security responsibilities, clarify network security functions, and form a security prevention and supervision and management coordination mechanism.
2. Independent prevention and level by level responsibility. In accordance with the requirements of "who is in charge is responsible, who operates is responsible", strictly implement the responsibility system and accountability system for network and information security, implement the responsibilities of user organizations, managers and users in system operation, and clarify the security responsibilities of network and information security management, technology, operation and maintenance, emergency and other work links.
(3) Overall objectives
Establish and improve the network security prevention and control system and network trust system, further improve the network security management, technical support and technical service system, cooperate with the construction of emergency response system and policy, regulation and standard system, and provide efficient security protection for basic information networks, important information systems and information content.
2、 Key tasks
(1) Strengthen network security guarantee and improve comprehensive defense capability
1. Information system security assurance. It is necessary to strengthen the construction of the safety management system, clarify the safety management responsibilities, and provide relevant technical protection measures.
2. Information content security. According to the requirements of "no information on the Internet, no information on the Internet", information should be processed in the information system. Formulate and supervise the implementation of various confidentiality measures to strictly prevent the occurrence of leakage of secrets; It is necessary to strengthen the supervision of various information contents to ensure the safety and reliability of information collection, processing, updating and warehousing. At the same time, ensure the authenticity, accuracy and effectiveness of the information content.
(2) Accelerate the construction of emergency response system and enhance emergency support capability
1. Improve the emergency response capability for security emergencies. Strengthen the notification, summary, research and judgment, analysis, report and early warning of network and information security incidents. Accelerate the construction of emergency response and technical support service team and network security officer team, and improve the comprehensive ability to deal with sudden network and information security incidents.
2. Strengthen application management, filing and updating. It is necessary to organize the preparation, filing and revision of the emergency plan, and ensure the systematicness and integrity of the organization, accident warning, response procedures, emergency support, emergency training, plan management, etc. of the emergency plan system. Establish and improve the information system security account to provide decision-making basis for handling network and information security incidents.
3. Strengthen the training of network security management personnel
Establish a talent training mechanism, strengthen network security training for leading cadres and managers, and improve their sense of responsibility and management level.
3、 Safeguard measures
(1) Strengthen cooperation
All departments and units directly under the authority shall, in accordance with the division of responsibilities, conscientiously implement various tasks, strengthen coordination and cooperation, form a joint force, jointly promote network information security and improve security capabilities. Timely feed back new problems found in network security management, strengthen communication and properly handle them.
Part 5: Model of Network Emergency Security Plan
[Abstract] Hospital information system is the basis for medical institutions to provide efficient and standardized operation services for the public. With the development of computer network system, the construction of digital hospitals has become an inevitable trend in the development of medical institutions. The hospital information system, like other network systems, will be affected by human or natural factors and malfunction, which seriously affects the normal operation of medical institutions and the normal medical treatment of the people. The key to solve this problem is to establish a hierarchical emergency management plan for the hospital's information system failures. This paper describes in detail the importance of the proposed management plan, and discusses in detail how to establish and implement the management plan.
[Key words] Hospital information system; Emergency plan; Hierarchical management
[CLC No.] R197.321 [Document Identification Code] A [Article No.] 1007 ― 8517 (2011) 15 ― 0133 ― 02
Hospital information system is an important guarantee to maintain the normal operation of the hospital. It plays an increasingly important role in ensuring the normal operation of the daily work of the hospital. The basic platform of the hospital information system is the hospital information network, which is an important foundation for medical institutions to provide efficient and standardized operation. Whether the information network operates normally directly relates to whether the hospital information system operates effectively. However, in the operation process of the hospital information system, there will inevitably be human or natural failures. Therefore, in order to avoid the impact on the normal work of the hospital caused by the failure of the hospital information system, we should formulate a hierarchical emergency management plan for the failure of the hospital information system that is suitable for the actual situation of the hospital.
1. The Importance of Formulating Hospital Information System Emergency Plan
1.1 Purpose of formulating emergency plan
Hospital information system emergency plan is an important condition to ensure the normal operation of the hospital. A set of scientific and reasonable hospital information system emergency plan is formulated to ensure that when the information system network of each job post in the hospital fails, it can quickly and effectively understand the impact of information network failure on the hospital in the shortest time according to the work instruction manual, and repair and improve the network failure of the hospital information system in the shortest time, Ensure the normal operation of the hospital. When formulating the emergency plan of the hospital information system, we must combine the operation of the hospital itself to ensure the operability and emergency capacity of the emergency plan.
1.2 Significance of formulating emergency plan
With the development of social informatization, in the medical field, the construction of digital hospitals has become a growing trend of hospital development. At the same time, the dependence of the hospital's various businesses on the informatization system has become increasingly strong. It can be seen that the stronger the medical nature of the digital hospital to the information system, the higher the requirements for the hospital information system. Once the information system fails at the peak of the hospital business, it will seriously affect the normal handling of the hospital business, and even lead to the paralysis of the hospital business system.
Therefore, the hospital has formulated a set of plans in terms of response capacity to emergencies and repair of its own information system in a short period of time to avoid chaos in the medical order of a large number of patients who have not yet visited the hospital, which will lead to medical hazards or negative social impact on the hospital. Therefore, it is of great significance for the hospital to develop a set of simple, scientific and highly operational information network failure grading plan for its own operation and healthy development.
1.3 Principles for formulating emergency plans
When a hospital formulates a hierarchical emergency management plan for the information system, in order to ensure the practicability and operability of the management plan, it is necessary to start from the actual situation of the hospital's own development, give full play to the subjective initiative of each department of the hospital according to the development level and operation mode of the hospital, and achieve benign interaction and mutual assistance between each department. At the same time, the following two principles should be followed when formulating the emergency plan:
First of all, it is necessary to clearly define the scope and extent of the hospital and its information system network failures, classify various information network failures, and formulate corresponding solutions and solutions for each level of network failures. The second principle to follow when formulating the emergency plan is that the staff of all posts in the hospital should not only be proficient in the highly information-based and paperless office work, but also have the emergency ability to quickly restore the traditional workflow process and work methods when the hospital information network breaks down, that is, the hospital should conduct regular emergency drills, Ensure the training of hospital staff's ability to prevent failures and actually solve failures.
2. The Establishment of Hierarchical Emergency Management Plan for Hospital Information System Failures
2.1 Requirements of graded emergency management for each post
Hierarchical emergency management of hospital information system failure can be divided into emergency leading group, operation post of medical business department and technical support group of information center according to posts.
Among them, the members of the emergency leading group are hospital leaders, information departments and heads of all departments of the hospital. Their task is to organize and coordinate the hospital's emergency work, and plan the formulation of the hospital's emergency plan as a whole. At the same time, the emergency leading group also checks and supervises the implementation of the hospital's safety work and safety measures.
The operators of the medical business department are responsible for the paper, charge price list, printing and other office supplies required for various manual operations in the hospital.
The main responsibility of the technical support team of the information center is to develop the main body of the emergency plan for information network failures, and to make up the drill of the emergency plan. At the same time, it should summarize and report the operation status and modification opinions of the hospital information system in a timely manner.
2.2 Classification of emergency plan for information system failure:
Level I plan: equipment failure caused by human or natural disasters. At this time, it must be reported level by level, and rush repair must be carried out under the supervision and coordination of the leader in charge.
Level II plan: due to financial software failure, switch failure, data processing error and other failures involving multiple departments. It shall be reported to the Information Department in time for troubleshooting.
Three level plan: a single department is paralyzed due to network failure or hardware failure. Immediately report to the person in charge for troubleshooting.
Level 4 plan: software or hardware failure of a single work site. At this time, the operator on duty should remove the fault in time.
During the implementation of the graded emergency plan, the emergency leading group should issue the order to start the emergency plan according to the specific fault conditions, and the Information Department should notify each post of the scope of emergency responsibilities and working methods, so as to ensure that the fault can be eliminated in the shortest time and ensure the normal operation of the hospital information system.
2.3 Emergency treatment process for catastrophic failure of information system
3. Conclusion
To sum up, the security of hospital information system should not only be supported by information technology, but also be coordinated among various departments of the hospital. Therefore, maintaining the hospital information system is a complex system engineering. The hospital must carry out regular inspection, constantly supervise the implementation of the emergency plan, strengthen emergency drills, find problems in the drills, and solve them in a timely manner.
At the same time, all hospital personnel should not be fluky. They should attach great importance not only to technology and management, but also to everyone's psychology to better serve patients and society.
reference
[1] Yang Dewen, Design and Implementation of Hospital Information Security Scheme [J], China Hospital Statistics, 2006 (3)
Part 6: Model of Network Emergency Security Plan
This emergency plan is formulated in accordance with relevant national laws and regulations, the requirements of the municipal government and the bureau's party group, and in combination with the actual situation of xxxx, in order to practically do a good job in the emergency response to snow disasters, improve the rapid response ability to snow disasters, and ensure the personal safety of the vast number of workers in snow weather, traffic safety, and the safety and smoothness of xxxx signals.
1、 Scope of application of the scheme:
This plan is an emergency action plan for xxxx to deal with the snow disaster. It is applicable to the emergency response to the situation that the snow weather causes inconvenience to employees' work and travel, safety hazards caused by xxxx's official vehicles and construction and maintenance vehicles, major failures of xxxx's network, and affects large users to watch TV programs.
2、 Organization:
Xxxx established a leading group for disaster prevention and relief in snowstorm weather. The organization is as follows:
Team leader: xxx
Members: xxx xxx xxx xxx xxx
3、 Responsibilities of relevant departments of xxxx:
1. Xxx Department: responsible for the provision of anti-skid facilities for all vehicles in snowstorm weather and the dispatching of emergency vehicles in case of major network failure.
2. Xxx Department: responsible for the storage and supply of emergency equipment and apparatus for snow disaster weather.
3. Xxx Department: responsible for the formulation of emergency repair plan for major network failures in snowstorm weather.
4. Xxx Department, xxx Department: responsible for the patrol work of the snowstorm network trunk line and user distribution network, immediately organize manpower to repair major failures, and restore) signals as soon as possible to ensure safe transmission.
4、 Emergency disposal procedure:
After the snow disaster, the xxxx disaster prevention and relief leading group quickly launched the corresponding emergency plan to implement disaster prevention. 2. In case of snowy weather, all vehicles of xxxx must be equipped with anti-skid facilities to ensure driving safety and prevent accidents.
3. In case of major network failure that affects users to watch programs, the leading group shall urgently mobilize the reserved equipment and quickly call for emergency repair personnel to arrive at the failure site within 30 minutes and 60 minutes for xx network. The members of the leading group should command from the front, work on the site, and immediately develop a repair plan to repair the network as soon as possible.
Part 7: Model of Network Emergency Security Plan
[Key words] Network information system Hospital network security medical record management system
The security of network information is related to national security and social stability and other important issues, and is becoming more and more important with the accelerated development of global informatization. The network security of hospitals is a special matter that should be paid great attention to. With the introduction of the new medical reform plan, it is proposed to establish a resource sharing medical and health information system to promote information construction, focusing on hospital management and electronic medical records, which means that the hospital information system will be a high-tech and high-risk system, It will carry more medical management business, and the vulnerability and complexity of the network information system itself make the network information system face greater threats. Therefore, the security of hospital network system will become more and more important and challenging.
1、 Hospital network security system and its importance
The hospital's network security system includes the security of operating system, medical insurance and Internet,. With the development of technology, the Internet has been widely popularized, making network security a key issue to be considered. This is also the most urgent thing for hospitals at present. The importance of hospital network security is reflected in:
1. Particularity of hospital patient data
The medical record management data of the hospital is like an important medical literature. Each of its data is the most valuable asset of the hospital. Once lost or wrong, it will bring unpredictable losses, because the symptoms and evolution of each patient's disease, as well as the diagnosis and treatment process of each medical staff, have been completely recorded, This is a development and application of medical modernization, and can intuitively show the quality of medical personnel and the technical level of modern medical treatment. The data of the hospital itself is very large and complex. In the past, professional personnel were required to go deep into the department to collect, classify and sort out various medical records. The workload is very large and error prone. Because modern management can be carried out with the help of the hospital's network means, making the storage and processing of medical records more convenient and accurate, This will greatly improve the efficiency of the hospital. So the network security of hospitals is particularly important.
2. More and more cyber security crimes
With the rapid development of information technology, more and more people master the technology of cyber crime, and the loopholes in the network security system are constantly detected. Once the hospital's network system fails, it will not only affect the daily work of the hospital, but also bring very adverse effects to the hospital. At the same time, the huge amount of hospital data also puts forward higher requirements for the data processing ability of the hospital network, so it is very urgent and important to establish and improve a perfect hospital network system!
2、 Analysis of problems in network security
1. The network protocol has security risks
TCP/IP protocol is vulnerable to IP hijacking, Smuff attack and other risks. The hijacker uses the serial number to predict, but implants his own data in the connection. Smuff attack counterfeits the IP address of the victim's host, causing the victim's host to crash. The password setting of the FrP protocol will facilitate intruders to steal passwords and spread viruses such as trojans to steal users' data. @ DDNS provides services such as domain name resolution, which is vulnerable to attacks of counterfeit domain names. The routing protocol defects enable intruders to forge ARP packets, constantly change the serial number, impersonate the host, and then monitor the host's data packets, It affects the stability of the whole network system.
2. Frequent attack events from viruses
The spread of network viruses and frequent attacks by hackers have caused more and more serious harm, which has hindered the normal operation of hospitals. Most network security incidents are caused by the vulnerability of user terminals. In hospital networks, system vulnerabilities and anti-virus software are very common at the scene, while hospital networks are located on the Internet, It is inevitable to encounter various virus attacks. These viruses may cause the hospital system to collapse and infect other computers. The security threat will quickly expand to a wider range. Therefore, what the hospital urgently needs to solve is to ensure the healthy and safe use of user terminals, and to improve its own virus defense system at the same time.
3. There are loopholes in the security system and the security strategy is not perfect
In view of the particularity of hospital information, the construction of hospital information security system will be a very complex project. Some hospitals have not established a sound network security mechanism, nor adopted and adjusted corresponding network security strategies, but only focused on purchasing various network security products, and did not develop relevant medium and long-term plans for themselves. In this case, the hospital's information security products did not play their due role.
4. Operation error of personnel
Operators have weak security awareness, do not understand the responsibilities of network security, do not pass their own operating technology, and cannot cope with network security emergencies, which may lead to the introduction of hazardous procedures, leakage of network information, network collapse and other security risks. Therefore, it is very necessary to strengthen the safety awareness and technical training of operators.
3、 Relevant suggestions and solutions
1. Improve network security policy
According to the specific situation of the hospital, a set of top-down complete security policies should be formulated, and real-time security monitoring should be carried out on the network to ensure that the hospital's network security situation can be known in time, intrusion actions in the network can be found in advance, and the firewall can be used to prevent, so that the hospital can know the defects in the network at any time, Take necessary safety measures before losses occur to improve your own security defense level.
2. With advanced network security technology
(1) Set a firewall between the external network and the internal network, and use the firewall to monitor and filter the data entering and exiting the network, so as to control and block the access behavior of entering and exiting the network with security risks. Timely block the business that should be prohibited, and record the work information and content of the firewall in detail, In order to monitor and warn possible network attacks in advance, the types of firewalls include filter type, detection type and type. In actual application, different firewalls should be installed according to different situations.
(2) Different security domains can be divided and isolated according to different security requirements. Mechanisms such as access control and permissions can be used to control the access of different visitors to the network and equipment, so as to prevent internal visitors from accessing and taking wrong operations in areas they do not have access to. Generally, the network security level is divided into key service areas and external access service areas. We can divide the network into two security areas according to the security level of the network area, namely, the key server area and the external area, and securely isolate between the two areas, It is also necessary to carry out different security isolation according to different security levels. The division and isolation of different security domains should be combined with the security and monitoring needs of the network system, and closely combined with the actual application environment, business processes and organizational forms.
(3) The anti-virus tools should be updated and upgraded regularly, and the network should be regularly scanned for security to prevent viruses and intrusions with security risks. Attention should be paid to strengthening the weak points of the system, and vulnerabilities should be checked and repaired in a timely manner. In addition to the normal anti-virus workstations, the key to eliminating viruses lies in e-mail anti-virus and gateway anti-virus. At ordinary times, it is also necessary to use the scanner to actively scan, find and repair the network security risks in time to prevent hacker attacks.
(4) Advanced encryption and authentication technologies should be adopted. Through encryption, the information to be transmitted can be well kept confidential. This is a very common but effective technology, which is widely used in file transmission and desktop security defense.
(5) To frequently backup data, the core of hospital information system is the database, which is related to patients' treatment data and privacy. The security of the database should ensure the normal storage and application of data, and should take defensive measures against database cracking and attacks. Therefore, the importance of data for hospitals is self-evident. Even if there is no virus and network attack, our own wrong operation or system power failure and other accidents will lead to irreparable loss of data, so we must develop a complete set of protection schemes and emergency measures. Backup is the most commonly used and basic means of system security maintenance, using data backup and recovery functions, Some data can even be stored and backed up remotely, which can avoid serious accidents.
3. Perfect risk evaluation system and strengthen hospital safety management system
It can cooperate with professional security service companies for a long time to establish a complete risk assessment mechanism, strengthen information communication and resource sharing among departments, adopt its advanced risk assessment technology, and combine the actual security situation of its own network system to constantly find the security risks in the information system, Then seek effective remedies. At the same time, special personnel shall be arranged to maintain and optimize the hardware equipment and system. A perfect security management organization can be set up, which is composed of the leaders of a special network security team to implement their responsibilities. Strengthen the construction of network security team to ensure the normal operation of hospital information system. When implementing security policies, institutionalized management should be adopted to standardize the operation of various business systems and the work of database administrators. Information of different sensitive types should be managed according to relevant management systems and methods.
4. Establish emergency plans and conduct drills regularly
During the operation of the hospital network system, various failures will inevitably occur. In order to ensure the normal operation of the hospital's security system, emergency plans should be established to enable the hospital to improve the system's ability to deal with emergencies, minimize adverse effects and losses, and develop emergency plans. First, from the actual business characteristics of the hospital, To carry out emergency drills of different scales, different emergency plans should be formulated for different failures, and a special leading group should be set up as a guarantee. Starting the emergency plan will pose a great challenge to the normal work of the hospital. Because a large number of manpower and material resources need to be mobilized, the conditions for starting the emergency plan should be strictly controlled. After the emergency plan is established, it is also necessary to organize regular drills to ensure the feasibility of the emergency plan.
5. Improve the quality of relevant personnel and strengthen staff training
The quality of operators will directly affect the complete system establishment of the hospital network, and the relevant safety training for employees is a very critical means. Safety training can be divided into safety technology training for professionals of the Information Section and operation safety training for all users. The training of the Information Department is aimed at various security technologies and security strategies, while the operation training of system users mainly depends on how to use various computer equipment safely and how to repair and maintain the equipment.
In a word, we all know that there is no absolutely safe network defense system. The existence of network information security risks is an objective phenomenon, and it is also a system that is constantly evolving and advancing. The development and convenience of science and technology have promoted the hospital's business to rely more and more on network technology. Of course, the related risks have greatly increased. When a failure occurs, Inevitably, it will have an inestimable impact on the service and order of the hospital. Therefore, we must attach great importance to the technical and theoretical network security. With the continuous improvement of computer technology and the hospital's own information system, the future network security system will also be more perfect.
reference
[1] Style Chi Hong Security maintenance measures for hospital information system [J] China Medical Equipment, 2009 (1)
Part 8: Model of Network Emergency Security Plan
1.1 Preparation purpose
Establish and improve the national communication guarantee and communication recovery emergency working mechanism, improve the organization and command ability and emergency disposal ability to deal with emergencies, ensure that the emergency communication command and dispatching work is carried out quickly, efficiently and orderly, meet the needs of communication guarantee and communication recovery work under emergencies, and ensure the safety and smoothness of communication.
1.2 Preparation basis
This plan is formulated in accordance with the Regulations of the People's Republic of China on Telecommunications, the Regulations of the People's Republic of China on Radio Administration, the National Overall Emergency Plan for Public Emergencies and other relevant regulations and rules.
1.3 Scope of application
This plan is applicable to major communication guarantee or communication recovery under the following circumstances.
(1) Extraordinary communication accident;
(2) Particularly serious natural disasters, accident disasters, public health emergencies, social security emergencies;
(3) Important communication guarantee tasks assigned by the Party Central Committee and the State Council.
1.4 Working principles
Under the leadership of the Party Central Committee and the State Council, the principles of unified command, hierarchical responsibility, strict organization, close coordination, rapid response and strong support are adhered to in communication guarantee and communication recovery.
2 Organization and command system and responsibilities
2.1 National communication guarantee emergency organization and responsibilities
The Ministry of Information Industry has set up a national communication guarantee emergency leading group, which is responsible for leading, organizing and coordinating the national communication guarantee and communication recovery emergency work.
The National Communications Guarantee Emergency Response Office is set up under the National Communications Guarantee Emergency Response Leading Group, which is responsible for daily liaison and affairs handling.
2.2 Organization system framework description
The National Communications Security Emergency Leading Group and the National Communications Security Emergency Work Office are responsible for organizing and coordinating the relevant provincial (district, city) communications administrations and the communication security emergency management agencies of basic telecommunications operators to carry out the communication security and communication recovery emergency work for major emergencies.
Each provincial (district, city) communication administration bureau shall establish a provincial communication security emergency management organization in the telecommunications industry, which shall be responsible for organizing and coordinating the communication security emergency management organization of each basic telecommunications operation enterprise in the province (district, city) to carry out the communication security and communication recovery emergency work in the province (district, city).
The headquarters of each basic telecom operation enterprise and provincial companies shall set up corresponding communication guarantee emergency work management organizations, which shall be responsible for organizing the communication guarantee and communication recovery emergency work within the enterprise. The provincial companies of the basic telecom operators are under the dual leadership of the local provincial (district, city) communication administration and the headquarters of the basic telecom operators.
3 Prevention and early warning mechanism
The competent telecommunication departments at all levels and basic telecommunication operation enterprises should establish and improve the prevention and early warning mechanism of communication network security from the aspects of system establishment, technology realization, business management, etc.
3.1 Prevention mechanism
The competent telecommunications departments at all levels should strengthen the supervision and inspection of the network security protection and emergency response preparations of the basic telecommunications operators to ensure the safety and smoothness of the communication network.
3.2 Early warning monitoring
The communication guarantee emergency management organization of the competent telecommunications departments at all levels and the basic telecommunications operation enterprises should establish the corresponding early warning monitoring mechanism to strengthen the monitoring and collection of communication guarantee early warning information.
Alert information is divided into external alert information and internal alert information. External early warning information refers to the emergency alarm outside the telecommunications industry that may require communication support or may have a significant impact on the communication network. Internal early warning information refers to the accident signs on the communication network in the telecommunications industry or the event alarm that some communication network emergencies may have a significant impact on other communication networks.
The competent telecommunications departments at all levels should establish effective information communication channels with the relevant departments of the state and local governments. The network operation management and maintenance departments of basic telecommunications operating enterprises at all levels should monitor and analyze the daily operation of the telecommunications network in real time, and find early warning information in a timely manner.
3.3 Preventive and early warning actions
After the Ministry of Information Industry obtains the external early warning information, the communication guarantee emergency leading group shall immediately hold a meeting to study and deploy the countermeasures for communication guarantee emergency work, and notify the relevant basic telecom operators to make preparations for prevention and communication guarantee emergency work.
After obtaining internal early warning information through monitoring, basic telecom operators should analyze the early warning information and report to the National Communications Security Emergency Office in a timely manner the situation that may evolve into a serious communication accident according to the principle of early detection, early report and early disposal. After receiving the early warning information, the National Communications Security Emergency Response Office will immediately analyze and verify it, and after confirmation, notify other basic telecom operators that may be affected to make preventive and emergency preparations.
3.4 Early warning classification and
3.4.1 Warning classification
Early warning is divided into four levels:
Level I: caused by a particularly serious public emergency, which may cause communication failures in many provinces (districts, cities), or a large area of backbone network interruption, communication hub buildings are damaged, and major situations that require communication support emergency preparedness; Communication network failure may be upgraded to cause communication failure in many provinces (regions, cities) or large-scale backbone network interruption.
Level II: situations caused by major public emergencies that may cause network communication failures of multiple basic telecom operators in the province (district, city), and situations that require communication support emergency preparedness; The communication network failure may be upgraded to cause the network communication failure of multiple basic telecom operators in the province (district, city).
Level III: caused by major public emergencies, which may cause multipoint communication failures in the network of a basic telecom operator in the province (district, city); The communication network failure may be upgraded to cause multipoint communication failure of the network belonging to a basic telecom operation enterprise in the province (district, city).
Level IV: It refers to the situation caused by general public emergencies, which may cause local communication failure of the network of a basic telecom operation enterprise in the province (district, city).
3.4.2 Early warning
The national communication guarantee emergency response leading group can confirm and level I early warning information; The communication guarantee emergency management organization of the provincial (district, city) communication administration can confirm the level II, III and IV early warning information.
The communication guarantee emergency management organizations at all levels shall make corresponding communication guarantee emergency preparations according to the early warning information of the national communication guarantee emergency response leading group.
4 Emergency response
4.1 Response classification
In case of emergency, the emergency response work of communication guarantee and communication recovery is divided into four levels according to the principle of hierarchical responsibility and rapid response:
Level I: The national communication support emergency leading group is responsible for the organization and coordination of the national communication support emergency response leading group and the launch of this plan for the major impact of emergencies, such as communication failures in many provinces, large-scale backbone network interruption, damage to communication hub buildings, and other important communication support tasks assigned by relevant national departments.
Level II: When an emergency causes a communication failure of a provincial (district, city) multi basic telecommunications operation enterprise or a communication guarantee task is assigned by the relevant department of the local government, the communication guarantee emergency management organization of each provincial (district, city) communication administration is responsible for organizing and coordinating, and launching the communication guarantee emergency plan of the provincial (district, city) communication administration, At the same time, report to the National Communications Guarantee Emergency Office.
Level III: In case of multi-point communication failure caused by an emergency in a certain province (district, city), the corresponding communication security emergency management organization of the basic telecommunications operator shall be responsible for the relevant communication security and communication recovery emergency work, launch the corresponding communication security emergency plan of the basic telecommunications operator, and report to the province (district, city) at the same time Emergency communication management organization of Communications Administration.
Level IV: When an emergency event causes a local communication failure of a basic telecommunication operation enterprise in a province (district, city), the corresponding communication guarantee emergency management organization of the basic telecommunication operation enterprise shall be responsible for the relevant communication guarantee and communication recovery emergency work, and launch the corresponding communication guarantee emergency plan of the basic telecommunication operation enterprise.
4.2 Emergency disposal
This plan focuses on emergency disposal in case of Level I emergencies.
4.2.1 Information reporting and processing
When an emergency occurs, enterprises and units that have major communication interruption and communication facilities damage should immediately report the situation to the Ministry of Information Industry. The Ministry of Information Industry shall report to the State Council within one hour after receiving the report.
After obtaining the emergency information, the National Communications Security Emergency Response Office shall immediately analyze the severity of the incident, put forward handling suggestions to the National Communications Security Emergency Leading Group in a timely manner, and the National Communications Security Emergency Leading Group shall make decisions and launch this plan. If the coordination of the State Council is needed, it shall be immediately reported to the State Council.
When this plan is launched, the corresponding communication management bureau and the communication guarantee emergency management organization of the basic telecom operation enterprise shall start the lower level plan in advance or simultaneously.
4.2.2 Information notification
In the process of handling Level I emergencies, the national communication security emergency leading group should strengthen information communication with the units or departments that assign the communication security emergency tasks and relevant basic telecom operators, timely report the information in the emergency handling process, and improve the efficiency of communication security and communication recovery.
The basic telecommunication operation enterprise shall timely report relevant information to the government departments, important units and users related to emergencies.
4.2.3 Communication support emergency task release
In case of Level I emergency, the National Communications Guarantee Emergency Work Office shall, according to the instructions of the National Communications Guarantee Emergency Leading Group, issue a task notice in writing or by fax to the relevant provincial (district, city) communications administrations and basic telecommunications operators. After receiving the task notice, all units shall immediately convey and implement it, establish an emergency command organization for on-site communication support, and organize corresponding personnel to carry out communication support and communication recovery.
4.2.4 Communication support emergency work requirements
After receiving the task notice, the communication guarantee emergency management organization of the relevant provincial (district, city) communication administration and the basic telecommunication operation enterprise shall immediately carry out the communication guarantee and communication recovery emergency work. Specific requirements are as follows:
(1) Communication guarantee and emergency repair shall follow the principle of "first the central government, then the local government, first the key points, then the general ones";
(2) The emergency communication system shall be kept in good condition and be on duty 24 hours a day. All personnel shall stick to their posts for standby;
(3) Actively contact with relevant superior departments and timely report relevant information;
(4) In the process of implementing the communication guarantee task and communication recovery, relevant telecom operators should take the overall situation into consideration and actively cooperate with each other. If necessary, the National Communications Guarantee Emergency Office should coordinate in a unified manner;
(5) In the process of organizing the task execution, the on-site communication support emergency command organization shall report the task execution in a timely manner.
4.2.5 The end of communication support emergency task
After the completion of communication guarantee and communication recovery emergency tasks, the national communication guarantee emergency leading group shall issue a notice of task termination. After receiving the notice, the on-site emergency communication command organization will formally end the task.
4.2.6 Investigation, treatment, consequence assessment, supervision and inspection
The Ministry of Information Industry is responsible for investigating, analyzing and handling the causes of the extraordinarily serious communication accident, evaluating the consequences of the accident, and supervising and inspecting the handling of the accident liability.
4.2.7 Information
The Ministry of Information Industry is responsible for the relevant information work, and may authorize the provincial (district, city) communication administration to carry out information work when necessary.
4.2.8 Communication
In the process of emergency response, it is necessary to ensure that the communication between internal organizations and departments of the emergency response system is smooth. The communication methods mainly include fixed line telephone, mobile telephone, conference television, fax, etc.
5 Post disposal
5.1 Situation report and experience summary
After the communication guarantee and communication recovery emergency tasks are completed, the Ministry of Information Industry shall make statistics and summary of the loss of public telecommunications network facilities in emergencies, and summarize and report the completion of the tasks, so as to continuously improve the communication guarantee emergency work.
5.2 Reward and punishment evaluation and commendation
In order to improve the efficiency and enthusiasm of communication security emergency work, according to the relevant regulations, the units and individuals who have outstanding performance in the communication security and communication recovery emergency process will be commended, and the units and individuals who have caused losses to the state and enterprises due to poor security will be punished.
6 Guarantee measures
6.1 Communication support emergency team
The communication support emergency team consists of the network management, operation maintenance, engineering and emergency mobile communication support organizations of the basic telecom operation enterprises. All basic telecom operators should constantly strengthen the construction of communication security emergency teams to meet the needs of national communication security and communication recovery emergency work.
6.2 Material support
The basic telecommunication operation enterprise shall establish the necessary communication guarantee emergency resource guarantee mechanism, equip the necessary communication guarantee emergency equipment according to the needs of communication guarantee emergency work, and strengthen the management, maintenance and repair of emergency resources and equipment for emergency call at any time.
6.3 Necessary data
The emergency management organization of each basic telecom operation enterprise must have a map, various communication support emergency plans, communication dispatching plans and exception handling flow charts, a list of material reserves, and the contact information of relevant units, departments and competent leaders.
6.4 Technical reserve and guarantee
At ordinary times, the Ministry of Information Industry should strengthen the management of technology reserve and guarantee, establish a daily contact and information communication mechanism between the communication guarantee emergency management organization and experts, and carefully listen to experts' opinions and suggestions in the process of making decisions on major communication guarantee and communication recovery plans.
Timely organize relevant experts and institutions to analyze the current security situation of communication network, evaluate the emergency plan and implementation of communication security, carry out on-site research on communication security, and strengthen technical reserves.
6.5 Publicity, training and drills
Communication guarantee emergency management organizations at all levels shall strengthen the publicity and education of communication network security and communication guarantee emergency, regularly or irregularly conduct technical training and emergency drills for relevant communication guarantee emergency command and management organizations and support personnel, ensure the effective implementation of the emergency plan, and constantly improve the ability of communication guarantee emergency response.
6.6 Supervision and inspection system of communication guarantee emergency work
The communication guarantee emergency management organizations at all levels shall strengthen the supervision and inspection of the communication guarantee emergency work, so as to be prepared for danger in times of peace.
6.7 Work to be guaranteed by other departments
6.7.1 Transportation guarantee
In order to ensure that emergency communication vehicles and communication materials can quickly arrive at the accident site in case of an emergency, the national or local traffic management department shall provide emergency communication vehicles with a special permit to perform emergency tasks. Under special circumstances, the national or local transportation department shall be responsible for providing necessary transportation support for the allocation of emergency communication materials to ensure the rapid arrival of emergency materials.
6.7.2 Power guarantee
In case of emergency, the national or local power department shall give priority to ensuring the power supply demand of communication facilities.
6.7.3 Fund guarantee
The cost of communication security disposal caused by communication accidents shall be borne by the telecommunications operating enterprise; The communication guarantee costs incurred in handling emergencies shall be implemented according to the National Financial Emergency Support Plan.
7 Supplementary Provisions
7.1 Description of terms
(1) Communication refers to the telecommunications network.
(2) Extraordinary communication accidents refer to the destruction of communication hub buildings and large-scale interruption of backbone networks caused by emergencies.
(3) The basic telecom operators refer to China Telecom Group Corporation, China Network Communications Group Corporation, China Mobile Communications Group Corporation, China Unicom Corporation, China Satellite Communications Group Corporation, China Tietong Group Corporation, etc.
7.2 Plan management and update
This plan is managed and updated by the Ministry of Information Industry, and launched by the National Communications Security Emergency Response Office according to the orders and instructions of the National Communications Security Emergency Leading Group. The plan adheres to the principle of periodic review, once a year, and can be modified as needed.
Part 9: Model of Network Emergency Security Plan
(1) On the basis of geological survey and engineering data (namely 3DGIS), automatically generate three-dimensional topographic, tunnel engineering three-dimensional map, three-dimensional drilling, and stratigraphic three-dimensional map; Three dimensional display of production information and real-time dynamic monitoring information in the mine excavation stereogram: gas The three-dimensional distribution of CO and other harmful gases, the three-dimensional distribution of safety and production equipment and their operation status, the main fan, local fan, air door, shearer, belt, water pump, air compressor, water level, etc., and the video monitoring images above and below the shaft fully display the true panorama of the mine surface and underground (including the operation status of production and equipment). (2) Establish a unified information support platform for Kailuan Group's mine Internet of Things, and realize the interconnection and seamless connection of heterogeneous networks with optical fiber ring network as the backbone and wireless communication and industrial field bus as the support; The current safety production and automation system and its equipment of Kailuan Group shall be integrated and transformed; In accordance with the principle of "the integration of the Internet of Things", the isolated system and business should be organically integrated to create a comprehensive business support platform for the Internet of Things in mines to achieve data sharing, information fusion and linkage control between business subsystems. Through the construction of the above objectives, better support will be provided for the post disaster emergency rescue system.
2 Topology structure of mine IoT
The topology of the mine IoT is shown in Figure 1. The backbone of IoT in mines is the optical fiber ring network with the control substation of IoT in mines as the core. Through various intelligent communication interfaces of the control substation, the optical fiber ring network can connect heterogeneous networks, access WLAN, wireless sensor network, industrial field bus and other terminal sensing devices, realize data interconnection and seamless connection within the whole network, and provide a unified network transmission support platform for all application subsystems of the mine Internet of Things. The fusion business of the mine IoT carries out data communication through the mine IoT information platform and shares the IoT data without worrying about the communication problems of heterogeneous networks. Through the data fusion function of the mine IoT, each business only transmits the data content it needs, and does not need to care about network bandwidth, delay, reliability and other issues. These are all completed by the mine IoT and its networking transmission algorithm from adaptive configuration.
3 Implementation plan
According to the construction goal and technical realization route of Kailuan Group's mine IoT demonstration platform, it is first necessary to establish a unified mine IoT transmission platform, then sort out the current application system, and conduct business integration and seamless data connection of various discrete systems with different current system structures and communication modes. Build Kailuan Group's mine Internet of Things integrated information platform and its business subsystems such as integrated monitoring and control, integrated digital communication, integrated positioning management, emergency avoidance, safety early warning and emergency rescue command.
3.1 Mine 3D geographical map The new 3D working condition of the mine is shown in Figure 2. The main roadway on mine is automatically generated according to 3D geographic data. Real time display of the total number of personnel in the whole mine, personnel distribution in different sub stations and regional personnel distribution in 3D geographical map. Mark the positions of sensors, base stations and cameras on the 3D geographical map, and query them by clicking the mouse. The mine roadway layout, production system route and temporary route are vividly displayed through 3D geographic information system, and 3D geographic data are automatically entered through the measuring instrument.
3.2 The comparison between the traditional Internet and the topology structure of the Internet of Things integrated information platform of the mine is shown in Figure 3. The traditional core equipment of optical Ethernet, including switches, routers and gateways, will be replaced with the mine IoT control substation independently developed by the Chinese Academy of Sciences and with completely independent intellectual property rights, and the optical cable will be connected to form an optical fiber ring network to establish the backbone network of the mine IoT. In addition to the optical fiber interface, the mine IoT control substation can also connect WLAN, wireless sensor network and industrial field bus, and has terminal equipment access capability, which can carry the comprehensive mine business. By deploying mine IoT control sub stations in the main locations of the mine, the underground operation sites are covered and the mine business is carried, including safety monitoring, digital broadcasting, wireless communication, positioning management, safety early warning, risk avoidance and disaster relief, etc. On the premise of completing the infrastructure construction of the backbone network of the Internet of Things in mines, in order to establish the business support platform of the Internet of Things in mines and realize the hierarchical structure functions of the Internet of Things in mines, it is also necessary to implement the necessary Internet of Things protocol algorithms, complete the heterogeneous network data fusion and business fusion functions, and realize the support for the business of the Internet of Things in mines. In this way, through information integration, the display and control interfaces of the computers in the central stations of each system on the ground are unified, effectively reducing the software construction costs of the later access system.
3.3 The integrated communication system integrates underground digital broadcasting, underground wired telephone, underground wireless digital communication and underground multimedia scheduling into "integrated digital communication system" according to business relevance. The integrated communication system of Kailuan Group's mine Internet of Things is shown in Figure 4.
3.4 Emergency rescue command system The safety assessment, early warning and emergency rescue command system on the Internet of Things platform in the mine obtains data through the integrated safety monitoring and monitoring system, integrated digital communication system and integrated positioning system, conducts comprehensive analysis and evaluation of the safety status of the underground or a certain area according to the object model obtained from the pre data mining, and conducts comprehensive analysis and evaluation according to the safety assessment The results of early warning analysis, through the "integrated digital communication system" of the Internet of Things, automatically send early warning or alarm information to the radio, alarm, emergency escape route indicator, and the "Internet of Things" handheld computers of relevant management personnel and underground operators in voice, image, text, alarm commands, etc, And notify relevant business departments in the mine and relevant cooperation units outside the mine according to the emergency plan. The mine IoT security early warning and emergency rescue command system of Kailuan Group is shown in Figure 5. (1) Establish emergency rescue command platform and decision support system, and focus on strengthening the construction of emergency teams and emergency equipment. In case of emergency, the emergency rescue plan shall be launched quickly. At the same time, make full use of emergency rescue resources, including emergency technical systems supported by experts; The emergency rescue system uses computer graphics processing technology, multi data fusion technology and 3D virtual reproduction technology to carry out modular design. Through this system, reasonable and timely disaster avoidance route guidance can be carried out for all personnel in dangerous places underground. (2) In the social emergency resources, the geographical location of the superior emergency rescue department should be marked, and the driving routes should be dynamically displayed. In the emergency resource management, the materials and equipment of the rescue team, fire brigade, hospital, underground and underground emergency equipment warehouse shall be managed in a standardized and scientific manner to ensure the reasonable allocation and timely arrival of various emergency resources in emergencies. (3) Establish and improve the real-time display system of mine emergency rescue plan. The dispatching center can display all units and various emergency rescue plans (such as water, fire, gas, coal dust, roof and other emergency rescue plans) in real time on the large screen, providing strong support for emergency rescue. (4) The emergency rescue platform of the group company and secondary units shall share and integrate, including emergency expert database, emergency team, emergency equipment and other emergency resources. Establish an emergency expert database composed of relevant professional leaders and technicians. The expert database includes each expert's work unit, professional situation, contact information, etc., to grasp the information of experts in real time. In case of emergency, experts of all disciplines can arrive in time and seek technical support from domestic and international experts for remote rescue. Establish emergency rescue team library, which includes mine rescue team, medical rescue team, armed security team, etc., to realize dynamic connection between organization and contact information. Establish emergency rescue equipment warehouse. Dispatch all emergency rescue materials and equipment in the mining area, uniformly code the rescue materials and equipment in the mining area, and timely master the dynamic quantity and inventory of materials and equipment of each unit. (5) Integrate the handheld wireless video signals of each mine into the emergency rescue platform. When an emergency occurs in the underground, it is recorded on the site through handheld wireless video equipment and transmitted to the dispatching center, which makes rescue decisions according to the video records. (6) The electronic map database of mining area is established through 3D GIS (geographic information system). Establish the regional geological map of the mining area, the comparison map between the mine and the underground, the mining engineering plan, and the underground disaster avoidance route map. On this basis, through data mining, intelligent reasoning and expert decision-making system, emergency rescue plan deduction, intelligent auxiliary decision-making of emergency rescue scheme and calculation and indication of dynamic emergency escape route are realized, so as to provide strong guarantee for emergency rescue.
4 Conclusion
