Industry information security, the next forefront?

Facing the increasingly severe information security issue of industrial control systems, the Chinese government has established a “Central Network Security and Informatization Leading Group” led by President Xi Jinping to raise network security to the national strategic level. The industrial information security market expects accelerated growth in the future, according to Control Engineering China.


Courtesy: Control Engineering ChinaWith the gradual improvement of enterprises' understanding of information security for industrial control systems and a continuous increase in technical investment in the security field, the industrial information security market in China will see accelerated growth in the future. Standards, regulations, and government actions are encouraging greater attention to cyber security.

Recently, a new regulation requiring commercial banks to purchase "safe and controllable" IT equipment raised concerns from many foreign IT enterprises. Foreign media has reported that this "IT Limited Purchasing Order," which was jointly drafted by the Ministry of Industry and Information Technology and the China Banking Regulatory Commission (CBRC), would be implemented in April at the earliest. The new regulation would require IT equipment suppliers of banks to conduct research and development (R&D) work in China and provide CBRC with source codes. Although this message was not officially verified, it seemed to signal that information security would be raised to an increasingly important level in industries related to the national economy and people's livelihoods.

Observable trend

This trend can be observed from the government procurement lists in the past two years. It is indicated in the recently issued Circular on Printing and Issuing 2015 Government Procurement Work Highlights, which indicates that the quantity of foreign technological products in the central government procurement list of the has been reduced by one-third compared with the previous two years. Among more than 2,000 commodities whose quantities have increased most are local brands. Famous technological companies excluded from this list include Cisco, Apple, McAfee (part of Intel), and Citrix. A chain of events triggered by "Prism Gate" has pushed the Chinese government to accelerate the layout in the information security field. Whether the adjustment of policy can become a real opportunity for local enterprises depends on product quality.

Advanced Internet capabilities

In this era of "Internet +," which involves cloud computing, the Internet of Things (IoT), Big Data, and Smart Factory, the increasingly huge data and information flow bring us convenience but also risk of security breaches. Everything is likely to become a target for hackers, such as theft of personal bank accounts and intrusion into nuclear power plant information and systems of steel works.

According to the monitoring report from the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a total of 245 security events were reported in fiscal year 2014, and the energy industry (32%) and manufacturing industry (27%) were severely afflicted areas. About 55% of attacks involved an advanced persistent threat (APT). Different from other types of attacks, APT features high latency, good organization, and persistence, and is a tremendous threat to information security of industrial control systems. APT has appeared in major malicious network attacks in recent year, for example, the notorious Stuxnet, Havex, and BlackEnergy.

Cyber security attack on German steel

In 2014, a steel and iron enterprise in Germany suffered an APT attack. The virus intruded the industrial control system of the steel works, resulting in the suspension of operation of the entire production line and major damage to the steel works' physical facilities, including the steel furnace.

With the quick development of Internet technology and the continuous deepening of integration between industrialization and manufacturing information technology, industrial control systems increasingly have adopted generic software and hardware systems and communication protocols. The application of industrial Ethernet and wireless network enables each hierarchy of an enterprise to realize information sharing and real-time communication, and improve efficiency.

Lack of understanding about risk

Nevertheless, "The open system undoubtedly exposes the issue of information security. The biggest hidden danger of industrial control at present is that many industries and enterprises still fail to realize that industrial control security is very vulnerable," said Li Xinshe, deputy director of the No. 1 Electronics Department of Ministry of Industry and Information Technology, at the China Industrial Informatization and Information Security Development VIP Forum held in August 2014. 

Facing the increasingly critical information security issue of industrial control systems, the Chinese government made many moves in 2014. In February 2014, China established a "Central Network Security and Informatization Leading Group" led by President Xi Jinping to raise network security to the national strategic level. In November, the Ministry of Industry and Information Technology released 18 communication industry network and information security standards. Soon after, in December, the Standardization Administration of the People's Republic of China Technical Committee (SAC/TC124) formally released Industrial Control System Security, which is the first national formal standard in the automation field. This standard comprises two parts, GB/T 30976.1-2014-Industrial Control System Security-Part 1: assessment specification and GB/T 30976.1-2014-Industrial Control System Security-Part 2: acceptance specification. Although this is only a recommended standard at present, the release of this standard has filled the gap that China had for basis of systems and product assessment and acceptance in the industrial control field, as well as laid a firm foundation for the independent industrial control system information security industry and standards system in China.


Aileen Jin, editor-in-chief, Control Engineering China, explains that the new environmental protection law in China may translate into large investments in controls, automation, and instrumentation. Courtesy: Control Engineering ChinaThe goal proposed by China in its "12th Five-Year" Development Planning of Information Security Industry is that the scale of the information security industry in 2015 will exceed $10.81 billion, as of April 20, and maintain an annual growth rate of 30% or greater. Although China's industrial control security market is just developing and its share of the entire information security market is not very big, it is important that enterprises focusing on industrial control security, such as NSFOCUS, ForceControl-Huacon, and Moses, have emerged along with local leading enterprises such as SUPCON and Hollysys. 

- Aileen Jin, editor-in-chief, Control Engineering China. Edited by Joy Chang, digital project manager, Control Engineering,

ONLINE extra

This was translated and edited for Control Engineering from Control Engineering China. 

See other international coverage.

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Integrated mobility; Artificial intelligence; Predictive motion control; Sensors and control system inputs; Asset Management; Cybersecurity
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me