Industrial Internet attacks frequently occur, and security construction urgently needs to move from "fragmented" to "overall"

  In the traditional Internet era, people are accustomed to taking "after-the-fact remediation" measures for network security, and these measures are often "headaches and foot pains", which cannot solve the problems thoroughly and comprehensively, nor can they meet the requirements of the new industrial Internet. Safety requirements.

  On October 23, at the "Thirteenth Five-Year" Industrial Communication Industry Development Achievement Press Conference held by the State Information Office, Wen Ku, spokesperson for the Ministry of Industry and Information Technology and Director of the Information and Communication Development Department, stated that the scale of China's industrial Internet industry has reached 30,000. The industrial ecosystem of multi-party coordination and linkage has been further expanded. The industrial Internet industry alliance has 1,700 members, and the industrial cooperation in related technologies, standards, research and development, and applications has been continuously enhanced, which supports the digital transformation of manufacturing and the high-quality development of the real economy The role is increasingly apparent.

  However, with the rapid development of the Industrial Internet, there are increasingly severe security challenges.

According to the "Analysis Report on my country’s Internet Network Security Monitoring Data for the First Half of 2020" issued by the National Internet Emergency Response Center, since the first half of this year, my country’s network security situation has been relatively severe, with the rapid growth of network malicious programs, and the substantial increase in security vulnerabilities. Industrial Internet equipment There are serious security risks.

  "Industrial Internet has become the core driving force of industrial transformation and upgrading and the development of the digital economy. It is urgent to ensure the safety of industrial Internet." The safety protection system urgently needs to be established, and it must move from "fragmented construction" to "overall construction".

  In the future, what trends will the security protection of the Industrial Internet show, and how to build endogenous security capabilities?

In this regard, a reporter from Science and Technology Daily interviewed relevant experts.

  The Industrial Internet has long been a target of cyber attacks

  According to reports, since the "Guiding Opinions on Deepening "Internet + Advanced Manufacturing" and the Development of Industrial Internet" and the "Industrial Internet Development Action Plan (2018-2020)" and other policies were released, the development of my country's industrial Internet has shown a good momentum.

  Wenku said that the current industrial Internet innovation and development project in my country is progressing smoothly. The low-latency, high-reliability, and wide-coverage high-quality external network extends to more than 300 cities across the country, connecting more than 180,000 industrial enterprises.

  The reporter learned that in the face of new situations and challenges such as the occurrence of the new crown pneumonia epidemic, the Industrial Internet has played an active and significant role and is widely used in many scenarios such as manufacturing, material distribution, engineering construction, medical treatment, and epidemic prevention and control.

The rapid development of the industry and the important role of the Industrial Internet in the economy and society have also made it an important target of cyber attacks.

  On March 19 last year, Norwegian Aluminum Group suffered a large-scale cyber attack that caused its IT system to become unusable, resulting in production interruption and temporary closure of multiple factories, which ultimately caused the company’s stock price to fall by about 2% and global aluminum prices to rise by 1.2%. .

  On December 4 last year, IBM released the X-Force Threat Intelligence Index report, which disclosed a new type of malware ZeroCleare developed by Iranian hackers for the industrial sector.

This software aims to delete data from infected devices as much as possible, and is mainly targeted at the energy and industrial sectors in the Middle East.

When the report was disclosed, 1,400 devices had been infected.

  In May of this year, Venezuela’s national power grid was attacked. With the exception of the capital, Caracas, power outages occurred in 11 state capitals across the country.

  According to the "Industrial Internet Security Situation Report for the First Half of 2020" issued by the China Academy of Information and Communications Technology, 13.56 million malicious cyber attacks were discovered in the first half of the year, involving 2,039 companies.

  A series of cyber attacks show that the Industrial Internet has long been a target of attacks in the cyber world.

  "The impact of cyber attacks in the industrial Internet field is very large." According to Wu Yunkun, in recent years, the emergency response needs of industrial enterprise cyber attacks received by Qi Anxin Security Center involve automobile production, smart manufacturing, energy and power Most of the attacks on dozens of companies in industries such as Japan, tobacco and other industries have caused blue screens on industrial hosts, and important files have been encrypted, and many of them have also caused suspension of work and production, causing heavy losses to industrial companies.

  "Post-remediation" cannot meet new security needs

  In the traditional Internet era, most cyber attacks will cause computer paralysis, privacy leakage, and some property losses.

In the digital economy era, cyber attacks may directly affect the real physical world, and even paralyze infrastructure such as energy, transportation, medical care, and communications, and the consequences may be disastrous.

  Why have major industrial system cybersecurity incidents occurred frequently in recent years, and the frequency and impact of incidents have also increased?

  Du Lin, an engineer at the Security Research Institute of China Academy of Information and Communications Technology, said in an interview with a reporter from Science and Technology Daily that from the perspective of the implementation of security work layout, some companies have problems such as insufficient security awareness, inadequate protective measures, and insufficient technical industry support capabilities. Moreover, my country's industrial manufacturing industry has a huge industrial system and a weak security foundation. It is urgent to "build a baseline and build a line of defense."

  "From the perspective of industrial production, equipment networking and enterprise cloud access accelerate the spread of security risks, and the network attack surface continues to expand from the border to the core." Du Lin said that the transformation and upgrading of enterprise industrial production has made industrial production networks from closed to open. Smart equipment, industrial applications, production data, and system operation and maintenance are all connected to the external network and face huge security threats.

  Wu Yunkun believes that in the traditional Internet era, people are accustomed to taking "after-the-fact remediation" measures to network security, and these methods are often "headaches and feet aches and feet", which are partial, single-point and not thorough. And comprehensive, it cannot meet the security requirements of the new industrial Internet.

At present, network security is at an important turning point. Traditional thinking and inertial practices have not changed in time, and cannot keep up with the pace of the digital economy.

  "There are still unclear types and distribution of industrial assets, and the protection system cannot determine the hidden dangers and the attacked parts in time. In addition, problems such as equipment disconnection, shutdown, abnormal operation and other difficult to locate, also increase the difficulty of security protection. "Wu Yunkun said.

  Realize "Prevention and Control" with Endogenous Safety

  Industrial Internet has moved from the popularization of the concept to the stage of deep cultivation. What trends will the future security precautions show?

What potential new technologies can be incorporated into the security precautions link?

  "Under the new situation and new environment, traditional protection methods have failed. Endogenous security must be used to ensure the security of industrial information systems and realize the integration of network security capabilities and the industrial information environment. Only in this way can an endogenous security system be truly established. "Wu Yunkun believes that the core of industrial information system security protection, including the Industrial Internet, is to achieve systematic security protection, and security must move from "fragmented construction" to "overall construction."

  According to relevant experts from QiAnxin, the creation of an endogenous security framework aims to promote the planning, construction and operation of security systems in different industrial scenarios, and to meet the information security needs of digital transformation and intelligent upgrading.

  The so-called endogenous security, in simple terms, is to systematically analyze, deconstruct and understand the industrial system, establish a comprehensive network security capability system, and "call" the capability into the industrial production system to integrate and cover it to enhance the original The safety protection capability of the industrial system.

  In addition, Wu Yunkun also suggested that protecting industrial Internet security requires a large number of security talents, especially complex talents who understand both business and security, as well as production and big data, artificial intelligence and other technologies.

  Du Lin believes that to enhance the security protection capabilities of the Industrial Internet, new technologies can become a key starting point: On the one hand, new technologies such as artificial intelligence, edge computing technology, 5G technology, and industrial big data technology can be integrated with security technologies to form areas such as Blockchain distributed trusted authentication technology, edge computing-based isolation technology, artificial intelligence-based intrusion detection technology and situation analysis technology, etc.; on the other hand, we must vigorously promote key core technologies to make some new network security technologies mimicry Defense technology, quantum communication technology, etc., can be applied to the security protection of the industrial Internet as soon as possible.

  For the industrial Internet to create endogenous security capabilities, Du Lin suggested that network security companies, system equipment providers, and industrial leading companies should be encouraged to join forces, carry out collaborative innovation, create equipment products with embedded security functions, and realize industrial production. Convergence of systems and security systems.

In addition, the construction of security capabilities can be simultaneously considered in the process of industrial Internet system planning, construction, and operation and maintenance, and combined with threat intelligence, through continuous detection, analysis, response, and countermeasures against advanced threats, it can help the Industrial Internet improve its active defense capabilities.