Blogs

Recently, the Ministry of Industry and Information Technology jointly issued the “Guiding Opinions on Strengthening Industrial internet Security” (hereinafter referred to as “Security Guiding Opinions”), which has aroused great concern and heated discussions among industry professionals. First of all, the ten departments jointly issued a heavyweight document, which reflects the country’s high degree of emphasis on industrial Internet security and its strength, and industrial Internet security has risen to the national strategic level. Secondly, the content of the document is specific and detailed, and can be used as a guiding program for the development of the industrial Internet security industry. The “Security Guidance” sets very specific overall goals for my country’s industrial Internet security, focusing on equipment, control, network, platform, and data security, implementing the main responsibility of enterprises and government supervision, improving institutional mechanisms, building technical means, and promoting industrial To develop and strengthen personnel training, seventeen clear tasks and four safeguard measures were put forward. The gradual implementation of the “Security Guidance” will definitely enhance the security assurance capability and service level of my country’s industrial Internet innovation and development, promote the high-quality development of the industrial Internet, and promote the construction of a modern economic system.

As a practitioner in the industrial Internet security industry, I have read through the “Security Guidance” several times, and have deeply understood and thought about it. From the perspective of a network security enterprise, from the dimension of product technology, I would like to talk about some of my thoughts for everyone. References and critiques.

1. The construction of industrial Internet security assurance system, security capabilities are the foundation

The Industrial Internet is the product of the deep integration of a new generation of information technology and manufacturing, and is the key support for the fourth industrial revolution. Its own technical complexity, potential security threats, and serious harm caused by security incidents are all critical to industrial Internet security. Work units and enterprises have put forward very high security capability requirements. The “Security Guidance” attaches great importance to the building of security capabilities, and requires consolidating industrial equipment and control security, improving network facility security, strengthening platform and industrial application security, strengthening enterprise data security protection capabilities, building an industrial Internet security technology guarantee platform, and building industrial Internet security. Basic resource library, build an industrial Internet security testing and verification environment, strengthen industrial Internet security public service capabilities, and promote industrial Internet security technological innovation and industrial development. These requirements are reflected in security capabilities, including but not limited to: industrial asset detection capabilities, industrial equipment vulnerability mining and detection capabilities, industrial control protocol in-depth analysis capabilities, attack discovery and blocking capabilities, advanced persistent threat (APT) discovery and traceability capabilities , network security attack and defense confrontation capabilities, source code security detection capabilities, industrial cloud platform protection capabilities, industrial big data security protection capabilities, security situational awareness platform construction capabilities, big data modeling and analysis processing capabilities, functional security and information security integration capabilities, etc. Wait. The Industrial Internet is the goal and object of security assurance. The construction of security assurance system is essentially the construction of security capabilities. Comprehensive, systematic and effective security capabilities are the basis for the construction of security assurance system. Therefore, in order to build a good industrial Internet security system, it is necessary to increase investment in research and development, strengthen technological innovation, improve security capabilities, and fully integrate security capabilities with industrial Internet business scenarios, so that the industrial Internet has the characteristics of self-adaptation, autonomy and self-growth. endogenous security” capabilities. In this regard, we, as an industrial Internet security company, are duty-bound.

2. Industrial Internet equipment and control security protection, industrial hosts are the focus

The sixth main task of the “Safety Guidance” requires the consolidation of equipment and control safety. “Supervise industrial enterprises to deploy targeted protective measures, strengthen the safe access and protection of equipment such as industrial production, mainframes, and smart terminals, strengthen security guarantees such as control network protocols, device equipment, and industrial software, and promote equipment manufacturers, automation integrators, and security Enterprises strengthen cooperation to improve the intrinsic safety of equipment and control systems.” Through the security emergency response services for a large number of industrial enterprises, we found that the greatest threat to industrial equipment and industrial control systems is currently aimed at industrial hosts (referring to the upper computer of industrial control systems, such as operator stations, engineer stations, historical databases, real-time databases, Ransomware and cyber attacks on MES servers, HMIs, etc.). Industrial mainframes tend to run common operating systems that attackers can easily obtain and study. At the same time, due to the long life cycle of industrial control systems, most of the existing industrial hosts are old operating systems such as Windows 7, Windows 2000, and Windows XP. It is difficult to upgrade the version, or even impossible to update. There are a large number of known vulnerabilities, which can easily become viruses and network attacks. Direct targets, attack entrances and critical springboards. The industrial host is the “gate” that connects the information system and industrial control equipment. Attacks on the industrial host can directly affect the operation of the industrial control system, and can even tamper with the operating instructions of the controller, so that information security events can be transformed into functions that affect safe production. Security incidents have caused irreparable losses to industrial enterprises and even the national economy and people’s livelihood. Our research found that the attack methods against the host include: obtaining industrial host management rights through network attacks, encrypting key files, and extorting; injecting viruses into the industrial host through U disk, tampering with the data reported by the controller, and covering up abnormal control data; Multiple industrial hosts escalate rights, tamper with and issue control instructions; spread computer viruses across regions by infecting dual-NIC industrial hosts; send network storm data to the controller through the controlled industrial host, resulting in abnormal operating cycles or even crashes of the controller. Therefore, the industrial host is the focus of industrial Internet equipment and control security protection, and it is also the direction where security investment should be made first and the investment yield is the largest.

3. Industrial Internet big data security protection, endogenous security is the core

The “Security Guidance” specifically lists “strengthening the data security protection capability of the industrial Internet” as one of the main tasks, which fully illustrates the important position of data security in the security of the industrial Internet. Digital twins and industrial big data are important application innovations of the Industrial Internet, and they are also the products of the deep technological integration of manufacturing and the Internet, carrying the core intellectual property rights of industrial enterprises. It is no exaggeration to say that with the development of industrial Internet applications, all the security measures we take are fundamentally aimed at protecting the core assets of industrial Internet companies – industrial big data. The security protection of industrial big data is a complex and systematic system engineering. At the same time, most industrial big data business applications are built on the basis of emerging IT technologies such as cloud platforms, big data platforms, and micro-service architectures, which make business applications and infrastructure, operation and development, and business and security highly coupled naturally. The industrial big data security protection system needs to pay special attention to its “endogenous security”. To achieve “endogenous security”, the security features must be able to be seamlessly embedded in the software technology architecture of industrial big data, and big data with adaptive security features is required. Security Architecture. Security self-adaptation has sufficient system self-diagnosis functions, which can detect and issue alarms in time when encountering security risks and system abnormalities. At the same time, it has automatic policy adjustment and security repair functions, which makes the industrial big data system have sufficient “elasticity” and can Shut down some services to ensure the execution of critical business. The security protection system of industrial big data should be an operation system. Through continuous security operations, it will continuously improve and optimize security strategies, improve security protection capabilities, and realize the self-growth of security protection capabilities.

Fourth, the construction of industrial Internet security technology guarantee platform, coordination and linkage is the key

The 11th main task of the “Security Guidance” requires the construction of a national, provincial and enterprise three-level coordinated industrial Internet security technology guarantee platform, with special emphasis on strengthening system docking, data sharing, and business collaboration between local, enterprise and national platforms. Build overall situational awareness, information sharing and emergency coordination capabilities. In recent years, our company has undertaken the special work of the construction of some important platforms of the Ministry of Industry and Information Technology, and has a deep understanding of this. In the past two years, relevant local government departments and some industrial enterprises have successively started to build industrial Internet security technology guarantee platforms, which have achieved good application results. However, some problems are also exposed in the application process. The biggest feature of this type of platform is that it can centrally monitor security risks, and then realize response and even situation prediction and traceability. From the perspective of centralized monitoring, isolated platforms without interconnection cannot achieve effective centralized monitoring and information sharing. For example, the platform of the competent government department currently lacks the interconnection with the industrial enterprise platform, and lacks the real-time perception and monitoring of the security status of the industrial control network within the industrial enterprise. Another example is that the security big data of the industry has not yet been effectively integrated to form an industry platform to monitor and perceive the overall security situation of the industry. From the perspective of emergency response, there are still three collaborative problems: the collaborative linkage between government departments and industrial enterprises, the collaborative linkage between industrial enterprises and network security enterprises, and the collaborative linkage between industrial enterprises and industrial Internet manufacturers. Only when these four key roles of industrial Internet security establish a standardized emergency response working mechanism, formulate joint response plans, and hold effective emergency response drills on a regular basis, can the emergency response work be done well in the event of a cyber attack.

5. The development of the industrial Internet security industry, talent training is the guarantee

The fourth safeguard measure of the “Safety Guidance” points out, “Strengthen publicity and education, and speed up talent training. Deeply promote the integration of production and education, school-enterprise cooperation, establish a joint training mechanism for safety talents, and cultivate compound and innovative high-skilled talents. Develop network Security drills, security competitions, etc., to train and select industrial Internet security practitioners at different levels.” When we hosted the 2017 Internet Security Conference, we proposed that “people are the measure of security”. The essence of network security is the confrontation between people. A large number of security incidents are caused by human factors, and the solution of the problem is ultimately inseparable from the participation of people. The construction of the industrial Internet security assurance system is inseparable from a large number of professional network security personnel, and the development of the industrial Internet security industry is even more inseparable from high-level and high-quality network security practitioners. Colleges and universities are the source of talent training. The introduction of policies related to the integration of production and education and school-enterprise cooperation will definitely encourage cybersecurity companies to invest more in talent cultivation, combining the general education of colleges and universities with the practical experience of cybersecurity of enterprises. Let’s work together to cultivate multi-level cybersecurity talents with stronger practical ability.

Vigorously developing the industrial Internet is an important national policy of my country. In recent years, the Ministry of Industry and Information Technology has issued a series of relevant policies and specific actions to promote the development of the industrial Internet industry. Network, platform, and security are the three major systems of the industrial Internet. In terms of network construction, IPV6 and 5G are applied in the industrial field, and we have seen technical support and construction and operation plans that can be implemented; in terms of platform construction, dozens of industrial Internet platforms with prototypes have also emerged, and efforts are being made to verify the application effect. , enhance the application value. However, objectively speaking, the security of the industrial Internet is a slow-moving link. The industrial Internet security system has been in the stage of exploration and discussion, and the industrial Internet security market has not yet seen signs of an outbreak. The timely introduction of the “Security Guidance” can be said to be a “timely rain”, giving the industrial Internet security industry a “strengthening shot”. It is believed that with the gradual implementation of relevant specific measures, it will definitely stimulate the industrial Internet security industry. The rapid development of the Internet of Things will greatly improve the security protection level of my country’s industrial Internet, and escort the rapid and stable development of the industrial Internet.