The hottest industrial information security escort

2022-08-08
  • Detail

Abstract: at present, the new generation of information technology and manufacturing technology represented by mobile Internet, cloud computing, big data, IOT and artificial intelligence are accelerating the integration, promoting the development of manufacturing industry in the direction and path of digitalization, networking, intelligence and service, and becoming a strong engine to promote economic transformation and upgrading and the continuous transformation of old and new development drivers

industrial automation and information system is the core component of industry, an important facility to support the national economy, and the nerve center of all industries and enterprises in industry. Ensuring industrial development must ensure industrial information security. At present, the new generation of information technology and manufacturing technology represented by mobile Internet, cloud computing, big data, IOT and artificial intelligence are accelerating the integration, promoting the development of the manufacturing industry in the direction and path of digitalization, networking, intelligence and service, and becoming a strong engine to promote economic transformation and upgrading and the continuous transformation of old and new development drivers

while accelerating the deep integration of informatization and industrialization, the new generation of information technology has also brought increasingly severe information security problems. The "earthquake" virus caused the scrapping of thousands of centrifuges in Iran, the attack on Ukrainian electricity led to the power failure of more than 1.4 million households, "wannacry" ransomware led to the forced shutdown of Renault, Nissan and other auto manufacturers, "petrwrap" ransomware affected key areas such as power, rail transit and oil in many countries, and posed a threat to industrial production and operation. A series of events fully showed that once the industrial information system was attacked, It can cause direct and substantial harm to the real world, and even threaten national security and economic and social stability

industrial information security is related to economic development, social stability and national security. Accelerating the promotion of industrial information security is an important measure to ensure that the interconnection and manufacturing industry go in the opposite direction and integrate innovation, and it is the basic support to ensure the smooth implementation of manufacturing power

unite as one and take multiple measures at the same time

industrial information security has achieved practical results

first, strengthen policy guidance and establish a basic policy system. In recent years, in order to implement the network security law of the people's Republic of China, made in China 2025, the guiding opinions of the State Council on deepening the integrated development of manufacturing industry and Internet (GF [2016] No. 28), and other documents, the Ministry of industry and information technology has issued a series of policy documents around the key areas and important links of industrial information security management, such as risk discovery, inspection and evaluation, emergency response, etc, An industrial information security policy system has been preliminarily established. Among them, the notice on strengthening the information security management of industrial control systems (gxbx [2011] No. 451) issued in 2011 is the first special policy in the field of industrial information security. This document defines the requirements for information security management of industrial control systems in key areas and proposes to establish an evaluation and inspection and vulnerability release system. The guidelines for information security protection of industrial control systems, issued in October 2016, puts forward 11 requirements for industrial control security protection, including security software selection and management, configuration and patch management, and border security protection, from both management and technology aspects, providing a basic basis for industrial control security protection. The guidelines for emergency management of information security incidents in industrial control systems issued in June 2017 put forward specific management requirements for industrial control security risk monitoring, information submission and notification, emergency disposal, emergency management in sensitive periods, and clarified the division of labor, workflow, and safeguard measures, providing a basis and method for emergency management and disposal of industrial control security incidents. In addition, the Ministry of industry and information technology also organized the National Research Center for industrial information security development and other institutions to study and prepare documents such as the administrative measures for the evaluation of the information security protection capability of industrial control systems and the guiding opinions on promoting the development of industrial information security industry, so as to continuously improve the industrial information security policy system

second, establish a national team to provide professional support. The industrial control security technology team is the basis of the industrial control security service guarantee work. According to the requirements of the guiding opinions of the State Council on deepening the integrated development of manufacturing industry and interconnection, the Ministry of industry and information technology has restructured and built the "national industrial information security development research center" with the support of the first Institute of electronics, a subordinate unit of the Ministry, to make it a national research and promotion institution supporting information security in China's industrial field, It is mainly responsible for carrying out strategic research, technology research and development, monitoring and early warning, inspection and evaluation, emergency disposal and industrial promotion in industrial information security and related fields, improving information security capabilities in industrial fields and maintaining information security in industrial fields. The construction of the national industrial information security development research center takes "small core, large periphery" as the principle, makes full use of the existing industrial control security technology capabilities, and actively guides the extensive participation of universities, scientific research institutions, social organizations, enterprises and other forces from all walks of life, so as to lay a solid foundation for building an industrial control security talent team

third, establish industrial alliances to promote the integration of cross-border resources. On June 8, 2017, under the guidance of the Ministry of industry and information technology, the national industrial information security development research center led the establishment of the national industrial information security industry development alliance, which widely attracts industrial enterprises, colleges and universities, scientific research institutes, industrial control system production enterprises and security service providers, and is committed to building a scientific industrial information security industry promotion system. The first batch of member units of the alliance are more than 100, covering leading enterprises in the industrial field, the "leaders" in the field of industrial control systems and information security, as well as research institutes and colleges and universities with strong scientific research strength. They have effectively integrated resources from all walks of life, and the goal is to gradually drive the formation of an "production, learning, research and application" ecosystem of industrial information security

fourth, develop technical means and build a technical support platform. Technical support platform is an important infrastructure for industrial control safety technology research and safety services. The Ministry of industry and information technology attaches great importance to the capacity-building of industrial information security technology. In 2016, the Ministry of industry and Information Technology identified three laboratories in the field of industrial information security as key laboratories of the Ministry of industry and information technology, including industrial information security perception and evaluation technology laboratory, industrial interconnection security technology test and evaluation laboratory, and industrial control system security standard and evaluation laboratory, covering industrial information security situational awareness technology Research directions such as industrial interconnection security technology and industrial control system security standard evaluation provide a good scientific research environment for the R & D and testing of industrial information security related technologies. In addition, under the guidance and support of the Ministry of industry and information technology, the national industrial information security development research center has established the national industrial control system and product safety and quality supervision and inspection center, and has built a security monitoring platform for important industrial control systems, an interconnected industrial control threat trap analysis system, and a security information sharing platform for national industrial control systems. PP, ABS As (transparent early warning, information notification, emergency response and other important industrial information security work to provide strong technical support.

actively forge ahead and forge ahead with innovation

constantly improve the ability of industrial information security support

ensuring Industrial information security is a system project of strategic significance, which requires multi-party participation, collaborative promotion, innovative development. We should firmly establish the concept of paying equal attention to network security and information development, and adhere to Based on the principle of "active defense, effective response, independent development, security and controllability", we will take actions in industrial information security technology, industry, talent training and other aspects to continuously improve the ability of industrial information security

first, vigorously promote key core technology research. "It is our biggest hidden danger that core technology is controlled by people". At present, the phenomenon that key products and core technology related to industrial information security in China depend on people is very common, and the passive situation cannot be effectively changed in the short term. The autonomy and controllability of core technology is the top priority of industrial information security, which will directly affect the lifeline of the healthy development of China's industry. In the future, we must increase investment, strengthen the research and development and application of key core technologies of industrial information security, focus on supporting the construction of technical support platforms such as simulation testing and monitoring, and constantly strengthen situational awareness, high wind degradation rate, acidic and insoluble degradation products, which limit the technical support capabilities of PGA in biomedicine, such as risk early warning, emergency disposal, detection and evaluation

second, accelerate the development of industrial information security industry. In order to ensure industrial information security, there is an urgent need for a strong industrial information security industry. Although China's industrial information security technology and application level have been gradually improved in recent years, the development of China's industrial information security industry is facing a series of problems: industrial information security products and services are not systematic, and special products and professional services are scarce; The phenomenon of emphasizing development and neglecting security still exists, and the industrial information security market has not been fully released; The accumulation of key core technologies is insufficient, and the real-time and criticality of industrial production make it difficult to promote the application of autonomous and controllable products. The next step is prone to reflection and scattering. It is urgent to speed up the development of industrial information security, make the leveling of leverage more stable for the whole industry, and vigorously improve the ability of industrial information security protection and guarantee. We should promote innovative technology products and strive to build a safe and controllable industrial information security technology product system; We should cultivate a number of backbone enterprises with outstanding core technological capabilities, strong integrated innovation capabilities and leading industrial development; We should optimize the industrial development environment, give full play to the role of industrial alliances, enhance the synergy and interaction between upstream technology research and development and downstream promotion and application, and create an industrial ecosystem of collaborative development; Facing the industrial information security industry chain, we should establish a public service system covering common technologies, standard formulation, intellectual property rights, achievement transformation, industrial investment and financing, talent services, testing and verification, market development and brand construction

third, continue to strengthen the construction of talent team. The realization of the strategic goal of manufacturing power and the guarantee of industrial information security cannot be separated from the support of talents and intelligence. A country's industrial information security strength largely depends on whether it can produce outstanding technical talents in batches. However, at present, there is still a large talent gap in the field of industrial information security in China, and it is urgent to speed up the construction of talent team. First of all, we should create a good environment for cultivating, attracting and making good use of talents, establish a talent exchange platform for enterprises, universities and scientific research institutions, and optimize the talent flow and management mechanism. Secondly, we should pay special attention to the cultivation of leading talents, vigorously introduce international high-end talents in various forms, and cultivate and train high-level, urgently needed and backbone professional and technical talents. Finally, we should attach importance to building a national high-end industrial information security think tank to provide intellectual and technical support for industrial information security strategic deployment, planning, decision-making consultation, and major problem research

Copyright © 2011 JIN SHI