The 4th National Industrial Control System Information Security Attack and Defense Competition of Zhuoshi Network Security Cup was successfully concluded

The "Zhuoshi Network Security Cup National Fourth Industrial Control System Information Security Attack and Defense Competition" which kicked off on November 23 at the North China Electric Power University finally came to an end today after two days and multiple rounds of competition.

In recent years, various forms and scales of network information security knowledge competitions and flag-grabbing competitions have emerged in China. The "National Industrial Control System Information Security Attack and Defense Competition" is the only attack and defense competition that focuses on the information security of industrial control systems of critical information infrastructure, is nationwide in scale, and has participating teams from different industry system users, research institutes, and security vendors. The National Industrial Control System Information Security Attack and Defense Competition, which was first launched in 2015 and has been held for four consecutive sessions, has received strong support from the Ministry of Public Security, the National Energy Administration, North China Electric Power University, the Ministry of Public Security Information Security Level Protection Assessment Center, the China Electricity Council and other institutions, and has been highly recognized by industrial control system users, industrial control information security experts, participating teams, and competition observation organizations. It has attracted great attention from the state, industry, network security authorities, research institutes, corporate users, network security evaluation organizations, security vendors, and investment institutions.

[[250509]]

The information security of industrial control systems is an important guarantee for implementing the strategies of building a strong industrial manufacturing country and a strong cyber power. The National Energy Administration recently issued the "Power Industry Cybersecurity Action Plan (2018-2020)", which emphasizes strengthening all-round network security management, fulfilling network security level protection obligations, standardizing network security risk assessments, and improving the security protection level of power monitoring systems.

This competition uses the real monitoring system of a thermal power plant as the training range, and features three aspects of assessment, reinforcement, and attack that are close to actual combat to train security protection capabilities. Through pre-match professional knowledge training, special lectures, summit forums, self-assessment preliminaries, reinforcement finals, and attack finals, it not only achieves the purpose of popularizing knowledge on security protection technologies for power monitoring systems, but also enables contestants to practice in the power industrial control range environment and quickly improve their practical capabilities in industrial control network security protection.

The attack and defense drills used a semi-physical simulation mode to simulate the boiler system, steam-water system, desulfurization system, and coal transportation system of the thermal power plant production area I. The production data was integrated through the interface machine of the production area II and sent to the management and control area for Web publishing and display. From the perspective of fairness, the competition was divided into a user unit group and an evaluation organization group, which verified and measured capabilities from the perspectives of power user protection and inspection and evaluation.

Nearly 120 contestants from 28 teams including State Grid Beijing Electric Power Company, State Grid Fujian Electric Power Company, State Grid Hebei Electric Power Company, State Grid Hunan Electric Power Company, State Grid Jiangxi Electric Power Company, State Grid Mengdong Electric Power Company, State Grid Shandong Electric Power Company, State Grid Shanxi Electric Power Company, State Grid Qinghai Electric Power Company, Guangdong Power Grid Co., Ltd., Shenzhen Power Supply Bureau Co., Ltd., China Southern Power Grid Peaking and Frequency Regulation Power Generation Co., Ltd., China Energy Engineering Co., Ltd., State Grid Guizhou Electric Power Company, Zhejiang Energy Group Co., Ltd., Fujian Hongshan Thermal Power Co., Ltd., Nanjing NARI Information and Communication Technology Co., Ltd., Beijing Jingwei Xin'an Technology Co., Ltd., School of Computer Science, Beihang University, Chengdu Anmeiqin Information Technology Co., Ltd., Hebei Sekputai Computer Consulting Services Co., Ltd., Hebei Qiancheng Electronic Technology Co., Ltd., Jinan Times Confirm Information Security Co., Ltd., Jiangxi Shenzhou Information Security Assessment Center Co., Ltd., Shandong Xinchao Information Technology Co., Ltd., China University of Geosciences (Wuhan), Zhengzhou University and the joint team of Zhejiang University and University of Information Engineering participated in this competition.

This year's attack and defense competition adopts a preliminary and final mechanism. The preliminary competition focuses on the participating teams' ability to detect and evaluate the security of power plant industrial control systems. The evaluation competition items are set according to common safety assessment issues. The evaluation content includes Windows and Linux operating systems, switches, firewalls, forward isolation devices and WEB applications. The 30 questions set are all key contents of typical production control system security assessment inspections and self-assessments. In the end, after three rounds of more than five hours of intense competition, the top four teams in the preliminary rounds of the two groups were selected from the 28 participating teams to enter the finals.

In the final round, the task is divided into two stages: reinforcement and attack. The object of reinforcement is the environment for attack penetration, and the environment of each team is determined by drawing lots. From the perspective of actual combat, the reinforcement stage is to implement reinforcement operations on the host, switch, firewall and isolation equipment of the real production control system without affecting the business; from the perspective of competition, each team is working hard to set obstacles for the penetration attack in the latter stage. Each team tried their best and went all out to actively respond to the challenge.

This competition presents a high level of competition, and it is necessary to have good skills in competition, information security protection capabilities, and understanding of power industrial control business in order to stand out in the competition. In the penetration phase, the participating teams can launch attacks from the safety zone III, safety zone II, and safety zone I of the thermal power training range. For the same attacked object, the difficulty of the attack entrance is different, and the score will also be different.

In this year's competition, a mysterious team of participants attracted special attention. It was a robot team composed of "Industrial Control System Level Protection Self-check Toolbox". Faced with the objects of test composed of the DCS main control system of Guodian Zhishen, Siemens host computer and other systems, after receiving the order of compliance inspection requirements, they used the self-developed Linux configuration inspection tool, PLC equipment inspection tool, Windows security policy inspection tool and traffic collection and analysis tool and other related special power industry level protection self-check tools. While other participating teams were still conducting system analysis, they quickly completed the compliance inspection of more than a thousand checkpoints required by all Level Protection 2.0 and power industry safety specifications in just 28 minutes, which was only 15% of the time required by manual inspection. The accuracy rate reached 100%, which was the best result of all 28 participating teams, more than 30% higher than the first place team. The accuracy, efficiency and convenience of the detection impressed all judges and other teams. The self-check tool has passed the inspection of the Third Research Institute of the Ministry of Public Security and has been successfully applied in many scenarios in the power industry.

[[250510]]

User Group Champion: State Grid Shandong Electric Power Company

After fierce battles in the preliminaries and finals, the State Grid Shandong Electric Power Company team from the user group won the championship of this offense and defense competition, the Nanjing Nanrui Information Communication Technology Co., Ltd. team won the runner-up, and the China Southern Power Grid Peaking and Frequency Regulation Power Generation Co., Ltd. and Guangdong Power Grid Co., Ltd. team won the third place.

In the evaluation organization group, the team of Chengdu Anmeiqin Information Technology Co., Ltd. won the championship of this offense and defense competition, the team of Shandong Xinchao Information Technology Co., Ltd. won the runner-up, and the team of Jinan Times Confirm Information Security Co., Ltd. and the team of Hebei Sekputai Computer Consulting Services Co., Ltd. won the third place.

[[250511]]

Champion of the evaluation organization group: Chengdu Ameiqin Information Technology Co., Ltd.

At the award ceremony and closing ceremony of the "Zhuoshi Network Security Cup National Fourth Industrial Control System Information Security Attack and Defense Competition" held after the competition, participating teams and guests gave high praise to the successful holding of this competition. The winning team representatives gave their acceptance speeches, sincerely thanking the competition organizing committee for its rigorous and orderly work and for hosting this high-end attack and defense competition, thanking their units for their trust in the competition, and thanking their teammates for their sincere cooperation. Through the competition, their technical capabilities have been greatly improved. The participating teams that failed to advance to the finals also gained a lot. They all thanked the "Industrial Control System Information Security Attack and Defense Competition" for providing everyone with a rare learning and communication platform.

Many hands make light work. The success of this competition is inseparable from the strong help and support of the competent departments, partners and technical support units. Professor Wang Yingbin, Executive Director of the Competition Organizing Committee and Executive Deputy Director of the Information Security Engineering Laboratory of North China Electric Power University, presented commemorative trophies to the title sponsors and technical support units of the competition.

[[250512]]

Professor Wang Yingbin, Executive Director of the Competition Organizing Committee, presents a commemorative trophy to the technical support unit

Bi Maning, director of the competition arbitration committee and deputy director of the Ministry of Public Security's Information Security Level Protection Assessment Center, said in his summary that every competition has a different experience. This year's competition has three links: security assessment, security reinforcement and penetration testing. The establishment of these three links represents that the "National Industrial Control System Information Security Attack and Defense Competition" has reached a new level and entered a higher level. In the past two years, network security and network attack and defense competitions have continued to heat up, especially this year. When various competitions are hot, we use these three links to test the actual combat capabilities of the participating teams, which is very timely and necessary.

[[250513]]

Bi Maning, Director of the Competition Arbitration Committee and Deputy Director of the Information Security Level Protection Assessment Center of the Ministry of Public Security

Deputy Director Bi Maning summarized this competition in six words: "Congratulations", congratulations to all participating teams for having the opportunity to participate regardless of whether they won or not, and not to be arrogant in victory or discouraged in defeat; "Thanks", thanks to the competition organizing committee and the hard-working staff in front of and behind the scenes, especially the technical support team; "Advice", the security assessment, security reinforcement, and penetration testing of this competition are all means to test the offensive and defensive confrontation capabilities of each participating team. However, as industrial control systems are listed as critical information infrastructure, they will face severe attacks in the future. "The higher the road, the higher the devil", while enhancing our confrontation capabilities, we strive to hone our ability to defend the country's critical information infrastructure.

Secretary Li Gengyin, Director of the Competition Organizing Committee

Professor Li Gengyin, Director of the Competition Organizing Committee, Secretary of the School of Electrical and Electronic Engineering of North China Electric Power University, and Director of the Information Security Engineering Laboratory of North China Electric Power University, pointed out in his concluding speech that the competition in network security is ultimately a competition for talent. North China Electric Power University is the highest institution of learning in the energy and power industry and a national "Double First-Class" university. The school has achieved outstanding results in the field of energy and power industry and has also trained a large number of outstanding network security talents for the energy and power industry.

This competition is another high-level and high-quality academic exchange activity after the university anniversary, which fully reflects the open cooperation, mutual assistance and win-win education pattern of North China Electric Power University, and is conducive to the school's further strengthening of extensive connections with power companies and all sectors of society. At the same time, as a high-end platform focusing on information security competitions in the field of industrial control in China, the competition will carry out all-round and multi-angle industrial control system security exchanges and cooperation with everyone with a more open and cooperative mind.