Industry information security, the next forefront?

Facing the increasingly severe information security issue of industrial control systems, the Chinese government has established a “Central Network Security and Informatization Leading Group” led by President Xi Jinping to raise network security to the national strategic level. The industrial information security market expects accelerated growth in the future, according to Control Engineering China.

04/23/2015


Courtesy: Control Engineering ChinaWith the gradual improvement of enterprises' understanding of information security for industrial control systems and a continuous increase in technical investment in the security field, the industrial information security market in China will see accelerated growth in the future. Standards, regulations, and government actions are encouraging greater attention to cyber security.

Recently, a new regulation requiring commercial banks to purchase "safe and controllable" IT equipment raised concerns from many foreign IT enterprises. Foreign media has reported that this "IT Limited Purchasing Order," which was jointly drafted by the Ministry of Industry and Information Technology and the China Banking Regulatory Commission (CBRC), would be implemented in April at the earliest. The new regulation would require IT equipment suppliers of banks to conduct research and development (R&D) work in China and provide CBRC with source codes. Although this message was not officially verified, it seemed to signal that information security would be raised to an increasingly important level in industries related to the national economy and people's livelihoods.

Observable trend

This trend can be observed from the government procurement lists in the past two years. It is indicated in the recently issued Circular on Printing and Issuing 2015 Government Procurement Work Highlights, which indicates that the quantity of foreign technological products in the central government procurement list of the has been reduced by one-third compared with the previous two years. Among more than 2,000 commodities whose quantities have increased most are local brands. Famous technological companies excluded from this list include Cisco, Apple, McAfee (part of Intel), and Citrix. A chain of events triggered by "Prism Gate" has pushed the Chinese government to accelerate the layout in the information security field. Whether the adjustment of policy can become a real opportunity for local enterprises depends on product quality.

Advanced Internet capabilities

In this era of "Internet +," which involves cloud computing, the Internet of Things (IoT), Big Data, and Smart Factory, the increasingly huge data and information flow bring us convenience but also risk of security breaches. Everything is likely to become a target for hackers, such as theft of personal bank accounts and intrusion into nuclear power plant information and systems of steel works.

According to the monitoring report from the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a total of 245 security events were reported in fiscal year 2014, and the energy industry (32%) and manufacturing industry (27%) were severely afflicted areas. About 55% of attacks involved an advanced persistent threat (APT). Different from other types of attacks, APT features high latency, good organization, and persistence, and is a tremendous threat to information security of industrial control systems. APT has appeared in major malicious network attacks in recent year, for example, the notorious Stuxnet, Havex, and BlackEnergy.

Cyber security attack on German steel

In 2014, a steel and iron enterprise in Germany suffered an APT attack. The virus intruded the industrial control system of the steel works, resulting in the suspension of operation of the entire production line and major damage to the steel works' physical facilities, including the steel furnace.

With the quick development of Internet technology and the continuous deepening of integration between industrialization and manufacturing information technology, industrial control systems increasingly have adopted generic software and hardware systems and communication protocols. The application of industrial Ethernet and wireless network enables each hierarchy of an enterprise to realize information sharing and real-time communication, and improve efficiency.

Lack of understanding about risk

Nevertheless, "The open system undoubtedly exposes the issue of information security. The biggest hidden danger of industrial control at present is that many industries and enterprises still fail to realize that industrial control security is very vulnerable," said Li Xinshe, deputy director of the No. 1 Electronics Department of Ministry of Industry and Information Technology, at the China Industrial Informatization and Information Security Development VIP Forum held in August 2014. 

Facing the increasingly critical information security issue of industrial control systems, the Chinese government made many moves in 2014. In February 2014, China established a "Central Network Security and Informatization Leading Group" led by President Xi Jinping to raise network security to the national strategic level. In November, the Ministry of Industry and Information Technology released 18 communication industry network and information security standards. Soon after, in December, the Standardization Administration of the People's Republic of China Technical Committee (SAC/TC124) formally released Industrial Control System Security, which is the first national formal standard in the automation field. This standard comprises two parts, GB/T 30976.1-2014-Industrial Control System Security-Part 1: assessment specification and GB/T 30976.1-2014-Industrial Control System Security-Part 2: acceptance specification. Although this is only a recommended standard at present, the release of this standard has filled the gap that China had for basis of systems and product assessment and acceptance in the industrial control field, as well as laid a firm foundation for the independent industrial control system information security industry and standards system in China.

Investments

Aileen Jin, editor-in-chief, Control Engineering China, explains that the new environmental protection law in China may translate into large investments in controls, automation, and instrumentation. Courtesy: Control Engineering ChinaThe goal proposed by China in its "12th Five-Year" Development Planning of Information Security Industry is that the scale of the information security industry in 2015 will exceed $10.81 billion, as of April 20, and maintain an annual growth rate of 30% or greater. Although China's industrial control security market is just developing and its share of the entire information security market is not very big, it is important that enterprises focusing on industrial control security, such as NSFOCUS, ForceControl-Huacon, and Moses, have emerged along with local leading enterprises such as SUPCON and Hollysys. 

- Aileen Jin, editor-in-chief, Control Engineering China. Edited by Joy Chang, digital project manager, Control Engineering, jchang@cfemedia.com

ONLINE extra

This was translated and edited for Control Engineering from Control Engineering China.

www.cechina.cn 

See other international coverage.

www.controleng.com/international



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Sensor-to-cloud interoperability; PID and digital control efficiency; Alarm management system design; Automotive industry advances
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me