Industrial internet faces new security challenges. Top-level design and construction guarantee system

　　In recent years, with the rapid development of industrial internet, the traditional industrial control system has moved from "closed island" to "interconnection". With the improvement of efficiency, the security threat of the Internet has also penetrated into the industrial field. In the face of network attacks that can directly reach the job site, it is urgent to build an industrial Internet security system.

　　Recently, the Ministry of Industry and Information Technology, together with the Ministry of Education, the Ministry of Human Resources and Social Security, the Ministry of Ecology and Environment, the Health and Wellness Committee, the Emergency Management Department, the State-owned Assets Supervision and Administration Commission, the State Administration of Market Supervision, the National Energy Administration, and the Bureau of Science, Technology and Industry for National Defense, jointly issued the Guiding Opinions on Strengthening the Security of Industrial Internet (hereinafter referred to as the "Safety Guiding Opinions"), which clarified the main tasks of building an industrial Internet security system.

　　The "Safety Guidance Opinion" clarifies that by the end of 2020, the industrial Internet security system will be initially established. By 2025, the system and mechanism will be perfect, the technical means will be significantly improved, the security industry will take shape, and a relatively complete and reliable industrial Internet security system will be basically established.

　　The "Safety Guidance Opinion" sets a very specific overall goal for the safety of China’s industrial Internet, which will comprehensively enhance the safety guarantee capability and service level of China’s industrial Internet innovation and development, and promote the high-quality development of industrial Internet.

　　Promote the establishment of safety evaluation system from top to bottom layer by layer

　　At present, China’s industrial enterprises attach great importance to the construction of industrial Internet security and are willing to invest in security. However, the current situation is that enterprises don’t know their own security situation thoroughly and can’t get a suitable solution. In this regard, Yao Yu, director of the Engineering Research Center of the Ministry of Education, pointed out that the construction of an industrial Internet security management system needs to be promoted layer by layer from top to bottom. By building a security protection system covering the whole industrial system, a security technology system and corresponding management mechanism that meets industrial needs, identifies and resists security threats from inside and outside, and resolves various security risks, is a safe and credible guarantee for the reliable operation of the industrial Internet and the realization of industrial intelligence.

　　At present, the construction of 5G network is in full swing, and the deployment of IPv6 is fully promoted. In the process of integration with the industrial real economy, in addition to the cooperation between related enterprises, cross-industry integration is also needed. In addition to ensuring its own safety, it is also necessary to evaluate each interface to ensure the overall operation safety. Yao Yu pointed out that it is necessary to explore a suitable security evaluation system to carry out industrial Internet security assessment and certification. In view of the current lack of safety inspection and evaluation standards for industrial Internet, it is necessary to conduct in-depth research on the safety status, safety requirements and attack and defense technologies of industrial Internet, comprehensively analyze the potential safety hazards of industrial Internet, determine the direction and focus of safety inspection and inspection and evaluation of industrial Internet, sort out and refine the contents of safety inspection and inspection and evaluation, and formulate quantifiable and operable technical requirements and test and evaluation methods related standards for industrial Internet safety inspection and evaluation.

　　Strengthen technical innovation and realize the self-growth of safety protection force

　　Vigorously developing industrial Internet is an important national policy in China. In recent years, the Ministry of Industry and Information Technology has issued a series of relevant policies and specific actions to promote the development of industrial Internet industry. Network, platform and security are the three major systems of industrial Internet. Among them, the network is the foundation, the platform is the core, and security is the guarantee. In the view of Zuo Yingnan, vice president of Qi Anxin, to build a good industrial Internet security system, it is necessary to increase investment in research and development, strengthen technological innovation, improve security capabilities, and fully integrate security capabilities with industrial Internet business scenarios, so that the industrial Internet has adaptive, independent and self-growing "endogenous security" capabilities.

　　The "Security Guidance" specifically lists "strengthening the data security protection capability of industrial Internet" as one of the main tasks, which fully illustrates the important position of data security in industrial Internet security. In fact, with the development of industrial Internet applications, all the security protection measures we have taken are aimed at protecting the core assets of industrial Internet enterprises — — Industrial big data.

　　Facing the urgent problem of "endogenous security", Zuo Yingnan believes that to achieve "endogenous security", security features must be seamlessly embedded in the software technology architecture of industrial big data, and a big data security architecture with adaptive security features is needed. Security self-adaptation has sufficient system self-diagnosis function, which can timely detect and alarm when encountering security risks and system anomalies, and has automatic policy adjustment and security repair functions, which makes the industrial big data system fully "elastic" and can shut down some services to ensure the execution of key businesses. The security protection system of industrial big data should be an operation system. Through continuous security operation, the security strategy is continuously improved and the security protection capability is improved, so as to realize the self-growth of security protection capability.

　　Multi-dimensional collaborative construction of security tool sets in different industries from the outside to the inside and from the table to the inside

　　In the information age marked by the Internet, "internet plus Industry" has become the best choice for China’s industrial revolution at this stage. Due to the limitation of its own technical level, many core technologies and spare parts in China depend on foreign countries. However, the communication protocol, design loopholes and other issues are not mastered, which makes it easy for information in industrial production to be illegally collected abroad. At the same time, China’s own R&D capability needs to be improved urgently, and the difficulty of personnel training is also increasing. The safety protection level of different industries should also be treated differently.

　　Sun Limin, a researcher at the Institute of Information Engineering, Chinese Academy of Sciences, believes that phased implementation is the key. The security of core components such as PLC, industrial control configuration software and CNC machine tools should be gradually deepened, and the functional security of industrial control system should be combined with information security to realize the built-in security of industrial Internet. At the same time, the attack on important infrastructure needs multi-dimensional coordination. We should strengthen the perception and analysis ability of industrial security situation within enterprises, industries, the whole country and even the whole world, and combine active monitoring with passive trapping to find out the network attack activities and the characteristics of unknown attack samples.

　　The Safety Guidance requires that key industries and fields should attach great importance to the key layout, such as power generation industry, power grid system, military manufacturing enterprises, rail transit, Three Gorges water conservancy, etc., which are the top priorities of industrial Internet security protection. How to deal with this?

　　Sun Limin believes that for several important industrial Internet industries, specific industrial Internet attack and defense drill ranges and simulation test platforms should be built respectively. At the same time, we will strengthen the cultivation of high-end talents in industrial internet and network security, and establish a number of key laboratories for industrial internet security. Finally, build a special safety resource library and safety tool set for the industry, and pay attention to the safety and leakage prevention of the safety resource library while training and popularizing its application in the industry.

　　The implementation of the "Safety Guidance Opinion" indicates that the construction of China’s industrial Internet security system has steadily advanced towards a new historical stage of legalization, institutionalization and specialization, which will definitely stimulate the rapid development of the industrial Internet security industry and greatly enhance the security protection level of China’s industrial Internet. (Zhao Chunxiao)