Industry information security, the next forefront?

Facing the increasingly severe information security issue of industrial control systems, the Chinese government has established a “Central Network Security and Informatization Leading Group” led by President Xi Jinping to raise network security to the national strategic level. The industrial information security market expects accelerated growth in the future, according to Control Engineering China.

04/23/2015


Courtesy: Control Engineering ChinaWith the gradual improvement of enterprises' understanding of information security for industrial control systems and a continuous increase in technical investment in the security field, the industrial information security market in China will see accelerated growth in the future. Standards, regulations, and government actions are encouraging greater attention to cyber security.

Recently, a new regulation requiring commercial banks to purchase "safe and controllable" IT equipment raised concerns from many foreign IT enterprises. Foreign media has reported that this "IT Limited Purchasing Order," which was jointly drafted by the Ministry of Industry and Information Technology and the China Banking Regulatory Commission (CBRC), would be implemented in April at the earliest. The new regulation would require IT equipment suppliers of banks to conduct research and development (R&D) work in China and provide CBRC with source codes. Although this message was not officially verified, it seemed to signal that information security would be raised to an increasingly important level in industries related to the national economy and people's livelihoods.

Observable trend

This trend can be observed from the government procurement lists in the past two years. It is indicated in the recently issued Circular on Printing and Issuing 2015 Government Procurement Work Highlights, which indicates that the quantity of foreign technological products in the central government procurement list of the has been reduced by one-third compared with the previous two years. Among more than 2,000 commodities whose quantities have increased most are local brands. Famous technological companies excluded from this list include Cisco, Apple, McAfee (part of Intel), and Citrix. A chain of events triggered by "Prism Gate" has pushed the Chinese government to accelerate the layout in the information security field. Whether the adjustment of policy can become a real opportunity for local enterprises depends on product quality.

Advanced Internet capabilities

In this era of "Internet +," which involves cloud computing, the Internet of Things (IoT), Big Data, and Smart Factory, the increasingly huge data and information flow bring us convenience but also risk of security breaches. Everything is likely to become a target for hackers, such as theft of personal bank accounts and intrusion into nuclear power plant information and systems of steel works.

According to the monitoring report from the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a total of 245 security events were reported in fiscal year 2014, and the energy industry (32%) and manufacturing industry (27%) were severely afflicted areas. About 55% of attacks involved an advanced persistent threat (APT). Different from other types of attacks, APT features high latency, good organization, and persistence, and is a tremendous threat to information security of industrial control systems. APT has appeared in major malicious network attacks in recent year, for example, the notorious Stuxnet, Havex, and BlackEnergy.

Cyber security attack on German steel

In 2014, a steel and iron enterprise in Germany suffered an APT attack. The virus intruded the industrial control system of the steel works, resulting in the suspension of operation of the entire production line and major damage to the steel works' physical facilities, including the steel furnace.

With the quick development of Internet technology and the continuous deepening of integration between industrialization and manufacturing information technology, industrial control systems increasingly have adopted generic software and hardware systems and communication protocols. The application of industrial Ethernet and wireless network enables each hierarchy of an enterprise to realize information sharing and real-time communication, and improve efficiency.

Lack of understanding about risk

Nevertheless, "The open system undoubtedly exposes the issue of information security. The biggest hidden danger of industrial control at present is that many industries and enterprises still fail to realize that industrial control security is very vulnerable," said Li Xinshe, deputy director of the No. 1 Electronics Department of Ministry of Industry and Information Technology, at the China Industrial Informatization and Information Security Development VIP Forum held in August 2014. 

Facing the increasingly critical information security issue of industrial control systems, the Chinese government made many moves in 2014. In February 2014, China established a "Central Network Security and Informatization Leading Group" led by President Xi Jinping to raise network security to the national strategic level. In November, the Ministry of Industry and Information Technology released 18 communication industry network and information security standards. Soon after, in December, the Standardization Administration of the People's Republic of China Technical Committee (SAC/TC124) formally released Industrial Control System Security, which is the first national formal standard in the automation field. This standard comprises two parts, GB/T 30976.1-2014-Industrial Control System Security-Part 1: assessment specification and GB/T 30976.1-2014-Industrial Control System Security-Part 2: acceptance specification. Although this is only a recommended standard at present, the release of this standard has filled the gap that China had for basis of systems and product assessment and acceptance in the industrial control field, as well as laid a firm foundation for the independent industrial control system information security industry and standards system in China.

Investments

Aileen Jin, editor-in-chief, Control Engineering China, explains that the new environmental protection law in China may translate into large investments in controls, automation, and instrumentation. Courtesy: Control Engineering ChinaThe goal proposed by China in its "12th Five-Year" Development Planning of Information Security Industry is that the scale of the information security industry in 2015 will exceed $10.81 billion, as of April 20, and maintain an annual growth rate of 30% or greater. Although China's industrial control security market is just developing and its share of the entire information security market is not very big, it is important that enterprises focusing on industrial control security, such as NSFOCUS, ForceControl-Huacon, and Moses, have emerged along with local leading enterprises such as SUPCON and Hollysys. 

- Aileen Jin, editor-in-chief, Control Engineering China. Edited by Joy Chang, digital project manager, Control Engineering, jchang@cfemedia.com

ONLINE extra

This was translated and edited for Control Engineering from Control Engineering China.

www.cechina.cn 

See other international coverage.

www.controleng.com/international



Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
May 2018
Salary and Career Survey, IT and OT convergence, robotic standards and safety, secure circuit protection
April 2018
Cybersecurity best practices, artificial intelligence, robotic additive manufacturing, embedded systems, IIoT integration, energy efficiency
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
May 2018
Salary and Career Survey, IT and OT convergence, robotic standards and safety, secure circuit protection
April 2018
Cybersecurity best practices, artificial intelligence, robotic additive manufacturing, embedded systems, IIoT integration, energy efficiency
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
May 2018
Salary and Career Survey, IT and OT convergence, robotic standards and safety, secure circuit protection
April 2018
Cybersecurity best practices, artificial intelligence, robotic additive manufacturing, embedded systems, IIoT integration, energy efficiency
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me