“After the fact” does not meet the new security needs

1746-IA16 In the traditional Internet era, cyber attacks mostly caused computer crashes, privacy leaks and some property losses. In the era of digital economy, cyber attacks may directly affect the real physical world, and even lead to the paralysis of energy, transportation, medical, communications and other infrastructure, and the consequences may be catastrophic.

Why have major industrial system network security incidents occurred frequently in recent years, with increasing frequency and impact?

1746-IA16 Du Lin, an engineer at the Security Research Institute of the China Academy of Information and Communications, said in an interview with a Science and Technology Daily reporter that from the perspective of the implementation of the security work layout, some enterprises have insufficient security awareness, inadequate protective measures, and insufficient technical industry support capacity, and China’s industrial manufacturing industry system is huge, and the security foundation is weak, it is urgent to “lay a baseline and build a defense line.”

1746-IA16 “From the perspective of industrial production, the networking of devices and the cloud of enterprises accelerate the transmission of security risks, and the network attack surface continues to expand from the boundary to the core.” Du Lin said that the transformation and upgrading of enterprise industrial production has made the industrial production network from closed to open, and intelligent equipment, industrial applications, production data, and system operation and maintenance have to be connected with the external network, facing huge security threats.

1746-IA16 Wu Yunkun believes that in the traditional Internet era, people take “remedial measures after the fact” on network security habits, and these methods are often “head to head, foot to foot”, are local, for a single point, rather than thorough and comprehensive, and can not meet the security needs of the new industrial Internet. At present, network security is in an important transition period, and traditional thinking and inertia have not changed in time, and can not keep up with the pace of the digital economy era.

“There are also industrial asset types and distribution conditions that are unclear, and the protection system cannot determine the security risks and attacked parts in a timely manner.” In addition, equipment disconnection, shutdown, 1746-IA16 abnormal operation and other difficult to locate problems, also aggravate the difficulty of safety protection.” Wu Yunkun said.

Truly realize “prevention and control in advance” with endogenous security

From the concept of the industrial Internet to the stage of deep cultivation, what trends will the future security precautions show? What are the potential new technologies that can be integrated into the security link?

“In the new situation and new environment, traditional protection means have failed, it is necessary to use endogenous security to ensure the security of industrial information systems, to achieve the integration of network security 1746-IA16 capabilities and industrial information environment, so as to truly establish an endogenous security security system.” Wu Yunkun believes that the core of industrial information system security protection, including the industrial Internet, is to achieve systematic security protection, and security should be moved from “scattered construction” to “global construction”.

According to relevant experts, the creation of an endogenous security framework aims to promote the planning, construction and operation of the security system in different industrial scenarios, and meet the information security needs of digital transformation and intelligent upgrading.

The so-called endogenous security, simply put, is the systematic analysis, deconstruction and understanding of the industrial system, the establishment of a comprehensive network security capability system, and the ability to “invoke” the industrial production system, integration and coverage, in order to enhance the security protection capability of the original industrial system.

1746-IA16 In addition, Wu Yunkun also suggested that protecting industrial Internet security requires a large number of security talents, especially those who understand both business and security, production and big data, artificial intelligence and other technologies.

Du Lin believes that to enhance the security protection capability of the industrial Internet, new technologies can become a key starting point: On the one hand, new technologies such as artificial intelligence, edge computing technology, 5G technology and industrial big data technology can be integrated with security technology to form distributed trusted authentication technology based on blockchain, isolation technology based on edge computing, intrusion detection technology and situation analysis technology based on artificial intelligence. On the other hand, it is necessary to vigorously promote the research of key core technologies, so that some new network security technologies, such as mimicry defense technology and quantum communication technology, can be applied to the security protection of the industrial Internet as soon as possible.

1746-IA16 For the industrial Internet to create endogenous security capabilities, Du Lin suggested that network security enterprises should be encouraged to join forces with system equipment providers and industrial head enterprises to carry out collaborative innovation, create equipment products with embedded security functions, and achieve the aggregation of industrial production systems and security systems. In addition, in the process of planning, construction and operation and maintenance of the industrial Internet system, the construction of security capabilities can be considered simultaneously, and combined with threat intelligence, through continuous detection, analysis, response, and combat advanced threats, to help the industrial Internet improve active defense capabilities.