With the acceleration of the pace of new industrialization and the solid progress of the construction of a network power and a manufacturing power, networking, digitalization and intelligence have become an important direction for the transformation and upgrading of industrial enterprises. In recent years, China has introduced the top-level design of the industrial Internet and continued to promote the implementation of policies and regulations, helping the network rate of industrial enterprises gradually rise. Through the interconnection of “people, machines and things”, the industrial Internet promotes the industrial economy to realize the network connection of all elements, the whole industrial chain and the whole value chain, builds a new industrial production and manufacturing service system, and promotes the high-quality development of the IS200DSPXH1DBD manufacturing industry. Improving the security level and autonomous controllability of the industrial Internet supply chain is the basis for the healthy development of the upstream and downstream of the supply chain, and is also an important factor in escorting new industrialization. This paper introduces the attack and risk factors of industrial Internet supply chain, and proposes to strengthen the construction of industrial Internet supply chain security protection system from three aspects: life cycle security protection of industrial Internet supply chain, management of suppliers and service providers, system construction and personnel management.

Industrial Internet supply chain security analysis

Industrial enterprises in China involve many industries, and industrial Internet platform enterprises continue to emerge. The intention of industrial enterprises to improve quality and efficiency with the help of industrial Internet is obvious, but information and security enterprises have not yet reached the international advanced level, and the industrial Internet supply chain is still facing a large network security risk. Once the nodes on the supply chain are attacked, The relevant enterprises in the supply chain (such as firmware, components, software, system users and platform enterprises) will face a significant threat.

IS200DSPXH1DBD

Industrial Internet supply chain

The industrial Internet supply chain is a network chain structure that connects the two sides through resources to meet the supply and demand relationship between the supplier and the demand side, and can provide industrial Internet products or services to the demand side. Industrial Internet supply chain products include firmware, components, software and systems, such as firmware in industrial mainframe, SCADA (Data Acquisition and Monitoring control system), industrial Apps, MES (Production execution System), etc. Industrial Internet supply chain services include cloud services, operation and maintenance services, such as public cloud platform, operation and maintenance platform, etc.

IS200DSPXH1DBD Industrial Internet supply chain attack

Industrial Internet supply chain attack refers to the attackers taking advantage of the weak links in the supply chain system of industrial Internet-related enterprises (including enterprises applying the industrial Internet, platform enterprises, or identity analysis enterprises) to spread malicious code to the entire supply chain or attack the infrastructure of enterprises, thereby destroying or stealing the sensitive data of related enterprises. Unlike traditional cyber “phishing” and social engineering attacks, an attack on the industrial Internet supply chain will result in the entire supply chain being injected with malicious code, affecting the production and operations of the enterprise or even multiple enterprises upstream and downstream.