With the transformation and upgrading of the manufacturing industry, the Internet of everything has become an irreversible trend in the industrial information system. In the process of gradual integration of industrial information systems and the Internet, security issues have gradually become prominent.
At the 2018 network security Week held in Chengdu, experts and insiders said that due to the relatively low security level of industrial information systems and many vulnerabilities, these vulnerabilities are easy to be exploited by hackers. Security vulnerabilities have become the main security problems faced by the industrial Internet.
According to the statistics of China's national information security vulnerability sharing platform (cnvd), 4798 new information security vulnerabilities were added in 2017, including 351 new vulnerabilities in industrial control systems. Compared with the same period in 2016, the number of new users almost doubled, and the vulnerability of industrial control systems showed a rapid growth trend. In the future, security incidents in the field of industrial Internet of things will continue to show a high incidence rate.
According to the monitoring data of Butian platform, 28.05% of the industrial control systems of 82 industrial enterprises of China Industrial Internet Alliance, such as ICs and SCADA, have vulnerabilities, and 23.2% have high-risk vulnerabilities. It is worth noting that these vulnerabilities are only a small part of all system vulnerabilities. Due to the lack of basic security, a large number of industrial equipment are exposed on the public network and become the targets of hackers and even global criminals.
Qi Xiangdong, chairman of 360 enterprise security group, said in an interview with economic reference that the information security under the industrial Internet has exposed the internal problems of industrial enterprises. First, the basis of industrial equipment assets is not clear. Many industrial protocols, devices and systems do not consider security in complex network environment at the beginning of design. Long system life cycle and less upgrade and maintenance are also a huge security hazard. Secondly, many industrial control devices lack safety design. Third, the device networking mechanism lacks security. In addition, the security management of it and ot systems is independent of each other, and it is difficult to operate. Some internal production management data of intelligent manufacturing plants are facing security threats such as loss, leakage and tampering.
Through the statistics of 1182 industrial Internet systems and 16 industrial Internet protocols, fofa system found that 195243 industrial Internet systems were exposed in the whole network. Among them, Somfy products are the most, accounting for 62%; Followed by beckipc of Germany, accounting for 23%; Honeywell's energyict and tridium_ Niagaraax accounted for 3%; The rest were lower than 2%. These devices are mainly used in smart grid, energy management, building automatic control system, industrial control and other fields.
Wu Ming, the safety director of Beijing Huashun Xin'an Technology Co., Ltd., said that these devices do not have safety protection measures, and most of them have loopholes. Once these vulnerabilities are mastered and exploited by hackers, they can directly obtain device permissions, steal information, and even cause system paralysis through remote access. Once the important national infrastructure is infringed, it will not only affect people's livelihood, but also pose a great threat to national security.
For example, the NSA network weapons database leaked by film brokers in 2017 contains many industrial Internet system vulnerabilities, which can achieve accurate attacks on equipment. In this way, frequent and large-scale vulnerability attacks can also be realized. The heaven ransomware virus sweeping the world spreads by taking advantage of the NSA vulnerability released by the film agent - the eternal blue vulnerability. Universities are recruited through loopholes, PetroChina, bank ATMs, university systems and other governments and enterprises.
Wu Ming said that with regard to the current network security situation, we can actively or passively explore, capture, store, analyze and sort out fingerprint information (rules) of different types of cyberspace assets through global network open service assets, conduct statistical analysis on assets that meet the rules, and quickly search global cyberspace assets.
Many experts attending the meeting said that it is necessary to establish a supervision and punishment system for the whole process of vulnerability management, formulate detailed rules for the whole process of management, such as discovering, reviewing, disclosing, notifying, repairing and investigating network security vulnerabilities, force the timely repair of vulnerabilities, and clearly specify the time of vulnerability repair and illegal punishment measures. In addition, it is necessary to establish a supervision and inspection mechanism and force to find out in time the behaviors of failing to repair the loopholes in time, and to hold relevant units and responsible persons accountable.
At the same time, some experts called for studying and formulating the security structure of the new generation of information technology in the industrial field, breaking through a number of key core technologies of industrial information security as soon as possible, focusing on developing a number of high-end products, and forming a product system with market competitiveness. China's existing industrial information security industry (including products, technology, services, etc.) accounts for less than 2% of the total IT industry, which is far lower than the nearly 10% of developed countries in Europe and the United States. Only by strengthening the industries related to autonomous and controllable industrial control systems can we have a say in safety issues.