Supplier and service provider management

In view of procurement risks, in order to strengthen supply chain security management of suppliers and service providers, enterprises using the industrial Internet, platform enterprises or logo analysis enterprises can establish and maintain a list of suppliers and service providers, and conduct initial evaluation and regular review of suppliers and service providers before purchasing products and services. The assessment includes but is not limited to the possibility of supply interruption, the enterprise’s network security construction capability, the network security incident response capability, the network security restraint capability of the Tier 1 supplier to the tier 2 supplier, etc., to ensure that the products and services provided by the supplier and service provider have the network security protection and incident handling capability. At the same time, based on the previous experience of Huawei’s supply interruption, enterprises can prioritize domestic suppliers and service providers to avoid network security losses caused by supply interruption through diversified means. Enterprises can restrict the purchased products and services in the contract or agreement, once the supply chain attacks related to network security incidents, suppliers or service providers should respond in a timely IC670GBI102D manner and handle, including timely notification of new vulnerabilities, repair vulnerabilities, software or system upgrades. For industrial Internet platform enterprises, interface security should also be considered, and two-way identity authentication and access control should be set up to avoid data tampering and theft caused by illegal access by attackers to the platform itself and access platform enterprises.

System construction and personnel management

In view of operational risks, enterprises can conduct standardized management from the two aspects of system construction and personnel management to form an effective mechanism to protect supply chain security.

In terms of system construction, enterprises form management systems that meet their own requirements according to their own industry and business characteristics, including but not limited to configuration management, asset management, procurement management, operation and maintenance management, personnel management, etc. Because the industrial Internet supply chain involves firmware, components, software and systems, enterprises can form a component-based bill of materials and composition map on the basis of combing assets, and maintain it regularly, and verify its integrity and security in time once changes occur. Enterprises can also form and maintain source code libraries and vulnerability libraries based on code, component, software, and system inventories. At the same time, companies have developed contingency plans for supply chain security based on audit, data backup and recovery, and regularly conduct drills to respond quickly after an attack. Finally, enterprises regularly identify and assess the risks of supply chain security, determine the corresponding risk level, and carry out risk disposal through approval.

IC670GBI102D

In terms of personnel management, it is first necessary to improve personnel capabilities and provide technical and management training on supply chain security and system for technical operators, software development testers and network security managers related to industrial Internet supply chain security, so that they can be equipped with supply chain element identification, risk management, security configuration IC670GBI102D and vulnerability handling capabilities. And can realize the importance of industrial Internet supply chain security for enterprises to avoid misoperation. The second is to strengthen the moral constraints of employees, determine the responsibilities of employees according to the rights of role division, formulate disciplinary measures for employees’ violations, and sign agreements and set up “AB roles” when necessary to protect enterprises from social engineering attacks. For important industrial enterprises and industrial Internet platform enterprises, supply chain security team can be configured to investigate the background of personnel, so as to ensure that employees can cope with supply chain security emergencies and have the ability to analyze security incidents and respond to emergencies.

peroration

China attaches equal importance to the development and security of the industrial Internet, and supply chain security is an important guarantee for the healthy development of the industrial Internet. Based on the asset elements and enterprise types of industrial Internet supply chain, this paper proposes three levels of risk: construction, procurement and daily management. In view of the risks at three levels, the industrial Internet supply chain security protection system is constructed. Subsequently, with the continuous development and application of new technologies such as satellite communications, blockchain, big data, and artificial intelligence, the industrial Internet supply chain security protection system should also be constantly updated under policy guidance, guideline requirements, and event-driven.