The invention provides an industrial control system network access safety early warning system and method. The method comprises the following steps of generating an industrial control system network access white list; acquiring an industrial control system network access malicious IP group library; performing interception and white list verification on the IPs for applying the access to an industrial control system; performing malicious analysis on the access IPs which are not in the white list, carrying out security early warning on the found malicious access IPs, and performing security early warning on the found malicious access IPs; storing the undeterminable access IPs into a suspicious IP library, and performing repeated verification when the white list and the malicious IP group library are updated; and performing access information log recording on all the access IPs. The access modes of various access IPs are studied according to the access logs of the access IPs; the access mode of the suspicious IP is matched with the access mode of the malicious IP and the white list IP, and the category of the access IP is judged; the safety early warning is performed on the access IPwhich is judged to be the malicious IP, and the white list recommendation is performed on the access IP which is judged to be the white list IP; and the newly found white list IP is updated into the existing white list.