Exploration and practice of industrial control system information security incident emergency exercise

Industrial control system information security incident emergency exercise is a security management and technical activities, which is comprehensive, interdisciplinary and multi-link. Based on the global exercises and the existing exercise organization experience, this paper summarizes three characteristics, three forms and five procedures of industrial security emergency exercise. Besides, this paper proposes a detailed implementation idea and optimization method of PTDTE emergency exercise in five stages of preparation, test, design, training and exercise, and gives a specific explanation in combination with two examples of emergency exercise. By carrying out the procedural and systematic emergency exercise, the enterprises can test the emergency plan, improve the decision-making ability and safety skills, focus on investigation and traceability, coordinate the emergency disposal timely and effectively, and ensure the cyber security of industrial control system.