2018: Industrial Safety Critical Year
In the past year, both the industrial control system and the industrial Internet have accumulated a certain degree of security. Whether it is the security of the industrial control system or the security of the industrial Internet, it should be given full attention and at the same time, it should be effectively implemented and developed in accordance with the height of the top-level design.
The information security of industrial control systems (hereinafter referred to as industrial security) is an important guarantee for the strategy of implementing a strong manufacturing country and a strong network. In recent years, with China's manufacturing industry advancing in an all-round way, and industrial digitalization, networking, and intelligence accelerating development, China's industrial security has faced new challenges such as increasing security vulnerabilities, accelerating the infiltration of security threats, and complicated and diverse attack methods.
If we can introduce new technologies such as big data and artificial intelligence into the information security work of industrial control systems, and use new technologies to solve the practical problems encountered in the development of information security in industrial control systems, we can not only promote new technologies. The actual application of technology can also greatly enhance the degree of information security in industrial control systems. To provide advice or suggestions for the establishment of relevant standards and supervision mechanisms for information security in industrial control systems. Raise the overall safety awareness in the field of industrial control and raise the information security of industrial control systems to the highest level.
Observing the work deployed by China in the field of industrial control systems in the near future, we can see that the year 2018 will be the key year for the implementation of industrial safety work.
Macro guidance is clear
In order to speed up the construction of an information security system for industrial control systems in China, enhance the information security protection capabilities of industrial enterprises' industrial control systems and promote the development of industrial information security industries, at the end of 2017, the Ministry of Industry and Information Technology formulated and issued the "Industrial Control System Information Security Action." Plan (2018-2020) (hereinafter referred to as the "plan").
Recently, the person in charge of the Informatization and Software Services Division of the Ministry of Industry and Information Technology has interpreted the content of the "plan." It is understood that the "plan" clearly implements the spirit of the Nineteenth National Congress of the Communist Party of China in a clear and comprehensive manner, adopts the socialist ideology of Chinese characteristics with a new era of Xi Jinping, adheres to the overall national security concept, and implements the main responsibility of the enterprise as the key. It closely focuses on the new period. Intensive integration of development needs, focus on improving the security situation awareness of industrial security, security protection and emergency response capabilities, and promote industrial innovation and development, the establishment of multi-cascade anti-joint working mechanism, to lay a solid foundation for the strategy of building a strong country and a strong network of countries. Ensure that information security and information construction are synchronized, synchronized, and run synchronously. Adhere to the implementation of the main corporate responsibility. Adhere to local guidelines for classification. Adhere to both technology and management.
The main goal is that the system-wide work safety management system for the entire system will be basically established in 2020, and the public safety awareness of the entire society will be significantly enhanced. The nationwide online monitoring network, emergency resource library, simulation testing, information sharing, and information reporting platform (one network, one library, and three platforms) have been established, and situational awareness, security protection, and emergency response capabilities have been significantly improved. Cultivate a group of dragon skull enterprises with strong influence and strong competitiveness, create 3 to 5 new industrial industrial demonstration bases (industrial information security), and greatly increase industrial innovation and development capabilities.
According to the interpretation of the Information Technology and Software Services Division of the Ministry of Industry and Information Technology, the formulation of the “plan” has established a timetable and road map for the safety and security of industrial control, and further clarified what departments and localities and companies do and how to do so, in order to further implement the industrial control in the next step. Safe work provides the basis and guidance.
For the “one network, one database, and three platforms”, the above-mentioned person in charge explained that “one network” refers to the national industrial security online monitoring network. It will support the National Industrial Information Security Development Research Center and lead the joint efforts of local, industry, and other technical agencies. It will build a national industrial safety and security on-line monitoring platform as the center, connect provincial sub-centers vertically and horizontally cover multi-level monitoring networks in key industrial sectors, National real-time industrial control system operating status, real-time perception of risk hidden dangers, accurate judgments and scientific decisions.
"A library" refers to the industrial security emergency resource library. In accordance with the overall requirements of the “National Network Security Incident Emergency Preparedness Plan”, support the National Industrial Information Security Development Research Center to build an emergency resource database to gather information on loopholes, risks, solutions, plans, etc., and achieve functions such as auxiliary decision-making and pre-plan drills. In the event of industrial information security emergencies, supporting industry competent departments coordinate technical experts and professional teams to analyze and judge the incidents, and mobilize relevant emergency resources to carry out timely and effective disposal.
"Three platforms" refers to industrial security simulation testing platform, information sharing platform and information reporting platform. The construction industrial safety simulation test platform is based on real industrial control scenarios such as chemical production, pipeline transportation, sewage treatment, and intelligent manufacturing. It simulates business processes, restores real sites, and satisfies diverse needs such as training, testing, verification, and testing. Make full use of cloud computing, big data and other technical means, build a national industrial safety information sharing platform, establish a sharing list, clearly share content, and promote the formation of government guidance, business entities, social participation, and benefit-sharing mechanisms. Support the construction of an industrial-control safety information notification early warning platform, timely release risk warning information, track the progress of risk prevention work, and form an early warning system for fast and efficient information communication.
“Industrial safety is an important part of industrial production safety. Industrial companies as industrial control system operators should bear the main responsibility.” The above-mentioned person in charge said that the company should establish an industrial safety responsibility system and clearly define the first responsibility of the corporate legal representative and the person in charge of the operation. The responsibility of the person. Investigate the personnel of related departments such as informatization, production management, operation and maintenance, and equipment management, and establish an enterprise industrial safety management organization. At the same time, it continued to increase the investment in industrial control security and implemented special funds for protection technology transformation and hidden danger management.
At the same time, in the safeguard measures for the “plan”, we also mentioned in particular that we should increase policy support: adhere to the combination of government guidance and market operations, and fully mobilize social forces to support the construction of the industrial safety and security system. Support the establishment of special projects in areas where conditions permit, and increase the support for the construction of industrial safety infrastructure, the construction of key technology verification test platforms, and the development of industrial innovation. Use state policy credit funds to support the construction of industrial information security industry demonstration bases.
Accelerate the training of talents: Encourage industrial enterprises to strengthen cooperation with institutions and jointly train industrial security professionals. To build a national high-tech think tank for industrial security, provide intellectual support and technical support for the deployment of industrial security strategy, planning and formulation, decision-making consultation, and major issues, and train a comprehensive and highly skilled industrial security professional team.
Encourage social participation: Give full play to the active role of intermediary organizations such as industry associations and industrial alliances, support technical research and development, skill competitions, standards promotion, public services, international cooperation, etc., promote technological exchanges, strengthen information communication, and form government, production, research and use Efficient linkage development.
Multi-dimensional upgrade security level
With the continuous penetration and spread of the Internet and a new generation of information technology, the industrial control system that occupies the status of the “controlling brain” of the industrial Internet is inevitably moving toward the “Internet+” direction. The relatively closed use environment of industrial control systems has gradually been broken, and the openness and connectivity have become stronger. This has made it possible for industrial control systems and various business systems to collaborate, and the links between industrial equipment, people, information systems, and data have become more Closer and closer, system integration, equipment intelligence, business collaboration, information sharing, decision-making requirements, and the entire process network have become the development trend of industrial control systems. According to statistics, hundreds of millions of industrial control systems have been connected to the Internet. Therefore, the improvement of industrial Internet security awareness will also become an important factor affecting industrial safety.
In the industrial Internet field, there are also many security issues. For example, the number of attack paths under the network is increasing; the security loopholes brought about by traditional IT products; the new technology is not perfect in the defense system of industrial control and so on.
In the face of these problems, on November 27, 2017, Premier Li Keqiang signed the contract. The State Council has issued the "Guiding Opinions on Deepening the Internet + Advanced Manufacturing Industry to Develop the Industrial Internet" (hereinafter referred to as the "Opinions"). The basic considerations of the "Opinions" are: Taking the spirit of the Nineteenth Party Congress as a guideline, we must fully practise the socialist ideology with Chinese characteristics in the new era of Jinping. We must take the structural reform of the supply side as the main line and the goal of fully supporting the building of a strong manufacturing nation and an internet power. Focusing on the deep integration of the Internet and the real economy, we will build a network, platform, and security system to promote the construction of a modern economic system.
Among them, the Ministry of Industry and Information Technology interprets the content of the “Opinions” that relates to the security field: “Guidance Opinion” aims at building an industrial Internet security system, focusing on improving the protection capabilities of industrial Internet security and establishing a data security protection system. In order to promote the construction of safety technology and other aspects, specific tasks have been put forward to fully strengthen the industrial Internet security protection capabilities.
Improve industrial Internet security protection capabilities. The "Guidance Opinions" is a two-pronged approach that combines both technology and management to build an industrial Internet security system that covers equipment, controls, networks, platforms, and data. At the technical level, we will increase technical support for R&D and achievement transformation and focus on breakthroughs in key technologies such as identity analysis system security, industrial Internet platform security, industrial control system security, and industrial big data security to promote attack defense and vulnerability mining for the industrial Internet. The development of security products such as intrusion detection, situational awareness, security audits, and trusted chips. At the management level, through the establishment of an industrial Internet security assessment and certification system, relying on industry alliances and other third-party agencies to carry out safety capability assessment and certification, promote the promotion and application of industrial Internet security products and services, and the security protection capabilities of industrial Internet companies have been continuously improved.
Establish a data security protection system. The industrial Internet carries a large amount of industrial data of enormous value, which can reveal industrial production conditions and operating rules. It also carries a large amount of market, customer, supply chain, and other information. It is a core element of the industrial Internet. Data security has thus become an important aspect of industrial Internet security protection. One of the tasks. On the one hand, it promotes the establishment of a data security management system for the industrial Internet's entire industry chain, clarifies the data security protection responsibilities and specific requirements of relevant entities, strengthens the security protection capabilities of all aspects of the data life cycle, and prevents the privacy or important industrial data of users from being illegally stolen or On the other hand, the establishment of industrial data hierarchical classification management system, the formation of industrial Internet data flow management mechanism, clear data retention, data leakage notification requirements; Finally, by strengthening the supervision and inspection to implement the industrial Internet company's data security protection responsibility.
Promote the construction of safety technology means. The construction of technological means is an important way to improve the ability of industrial Internet security assurance. The "Guidance Opinions" put forward the task of building safety technology means from the three levels of the enterprise, industry, and country respectively. At the enterprise level, relevant companies are required to implement the main responsibility of network security, increase safety investment, enhance their own safety protection capabilities by strengthening technical means, and carry out pilot demonstrations of industrial internet safety; at the industry level, support relevant industry alliances to actively play a leading role in integrating industry resources , Innovate security service models to enhance the overall safety and security service capabilities of the industry; At the national level, give full play to the role of national professional agencies and social forces, strengthen national industrial Internet security technology support capabilities, and focus on improving hidden danger investigation, attack detection, emergency handling, and attack Traceability.
It can be seen that these security constructions that are about to be implemented at the industrial Internet level have no shortage of content closely related to industrial control systems. In the past year, both the industrial control system and the industrial Internet have accumulated a certain degree of security. China's investment in manufacturing informatization and its expected value are obvious to all. Whether it is the safety of the industrial control system itself or the safety of the industrial Internet, it should be given full attention and at the same time, it should be effectively implemented and developed in accordance with the top-level design. In 2018, the security work in industrial control systems and related areas will be greatly promoted.
点击图标下载 App
Industrial
industrial的定义
形容词
of, relating to, or characterized by industry.
a small industrial town
同义词: manufacturing, factory, commercial, business, trade
名词
shares in industrial companies.
Even with the Nasdaq off 9%, its stock price has soared 60% this year, to 70, outperforming the rest of the Dow Jones industrials .
另请参阅
industrial, Dow Jones Industrial Average
industrial 的翻译
形容词
产业
industrial