Abstract: AbstractWith the rapid development of automation and informatization in coal industry, the development speed of network security in coal industry is far behind the speed of informatization. Through the indepth analysis of the business structure and main control systems of the coal industry, the paper identifies 14 impacts of the current industrial control system of the coal industry, such as lack of overall information security planning, lack of border protection, abuse of mobile peripherals, lack of vulnerability patch updating, imperfect security strategy configuration, lack of or unreasonable security management system, etc. Aiming at the safety problems of industrial control and according to the design ideas of “network dedication, security zoning, white list baseline, defense in depth, comprehensive audit”, the paper proposed the design and solution of the security architecture applicable to coal mine industrial control system from the aspects of border protection, terminal security, configuration security, operation and maintenance security, flow audit, safety management, etc.

Key words: coal industry, industrial control system, industrial control network, industrial control security, cyber security

摘要： 在煤炭行业自动化、信息化建设快速发展的背景下，煤炭行业的网络安全发展速度却远远落后于信息化建设速度.通过对煤炭行业业务架构和主要工控系统的深入分析，识别出当前煤炭行业工控系统存在缺乏整体信息安全规划、缺少边界防护、移动外设滥用、缺少漏洞补丁更新、安全策略配置不完善、安全管理制度缺少或不合理等14个影响工控安全的问题，针对这些安全问题，按照“网络专用、安全分区、‘白名单’基线、纵深防御、综合审计”的设计思路，提出从边界防护、终端安全、配置安全、运维安全、流量审计、安全管理等方面构建适用于煤矿工业控制系统的安全架构的设计和解决方案.

关键词: 煤炭行业, 工业控制系统, 工业控制网络, 工控安全, 网络安全