★ Yang Xuezhi, Xiao Wei, Zhao Yangguang, China Software Testing Center

Abstract:Industrial control systems are a crucial foundation for the digital transformation of manufacturing and a significant driving force for new industrialization. In recent years, with the rapid development of computer technology, communication technology, and control technology, the traditional control field is undergoing an unprecedented transformation. Industrial control systems are transitioning from closed and independent to open and interconnected, from deep hardware-software coupling to hardware-software decoupling, with boundaries continuously expanding and facing increasingly severe security situations. This article analyzes the new situations, changes, problems, and challenges faced by industrial control security in detail and proposes relevant suggestions for advancing the cybersecurity of industrial control systems in China.

Keywords:Industrial control systems; Cybersecurity; Ransomware

In recent years, with the rapid development of open automation technology, communication technology, and security technology, the traditional control field is experiencing an unprecedented transformation. Industrial control systems are moving from closed to open, with IT and OT systems accelerating their integration, security technologies continuously upgrading, and new technologies, models, and business formats emerging. Meanwhile, cybersecurity threats to industrial control systems are frequent, with industrial enterprises frequently encountering ransomware and cyberattacks, making the cybersecurity situation severe and necessitating urgent reinforcement of security guarantees.

1. The Risks of Industrial Control System Cybersecurity are Increasing

Industrial control systems are the “nerve center” of manufacturing and the core of critical information infrastructure, widely used in key areas related to national economy and people’s livelihood. They play a pivotal role in the deep integration of new generation information technology and manufacturing. With the rapid development of “5G + Industrial Internet” and open automation technology, new models and business formats are continuously emerging, breaking the independence of industrial communication networks. The demand for interconnectivity, data sharing, and business collaboration across layers and fields is increasing, leading to a surge in risk exposure. Various threats, such as ransomware and supply chain attacks, are directly targeting industrial production sites, and traditional security measures are at risk of failure. Incidents of industrial control network attacks and data ransom attacks are increasing. For example, in 2022, Toyota’s factory in Japan suffered a cyberattack, forcing 14 factories and 28 production lines to halt operations; in 2023, Ferrari was attacked and extorted by hackers who threatened to expose user information; in 2024, ThyssenKrupp, a multinational industrial engineering and steel production group in Germany, suffered a ransomware attack that led to production stoppage.

2. New Situations, Changes, Problems, and Challenges in Industrial Control Security

As the integration of information technology and industrialization deepens, industrial control systems are evolving from standalone to interconnected, from closed to open, and from automation to intelligence. While productivity has significantly increased, the methods of cyberattacks on industrial control systems are constantly innovating, presenting new characteristics and challenges in industrial control security threats.

Firstly, the nature of attacks is becoming increasingly professional. Attacks are shifting from individuals or single hacker groups to organized and hierarchical black market activities. Due to low barriers to entry and easy access to attack tools, criminals can trade through the dark web and easily obtain and widely disseminate various types of malware, launching high-intensity cyberattacks. Currently, a complex and widespread network of industrial control attacks is gradually forming, increasing the difficulty of tracing the sources of attacks.

Secondly, the attack processes are becoming more sustained. Industrial control network attacks exhibit significant political, military, and economic intentions, with organized and premeditated attacks on critical infrastructure. The timing, industry, and methods of these attacks have a high degree of predictability. The process generally begins with information gathering, including commercial secrets, military intelligence, economic intelligence, and technological intelligence, to serve subsequent attacks. Attacks may last for days, weeks, months, or even longer.

Thirdly, ransomware has become the mainstream attack method. In addition to traditional viruses, various new types of malicious code are emerging, such as logic bombs, Trojans, and worms, which often have stronger propagation and destructive capabilities. Particularly, some mutated viruses are more violent, complex, and targeted than ever before. In this context, the United States declared a national emergency for the first time due to a cyberattack, elevating data ransom attacks to the same level as the “9/11” terrorist attacks; countries like the UK, Australia, Japan, and Canada have also regarded ransomware attacks as the biggest current cyber threat. Ransomware is becoming the most dangerous and significant security risk for industrial control systems.

Fourthly, compared to the situation of cyberattacks, the level of industrial control security protection is clearly insufficient. The characteristics of the industrial control security industry are evident, with higher requirements for reliability and real-time performance, and the preventive measures are more complex. It is necessary to ensure that the production process operates according to the design requirements under predetermined conditions while avoiding safety accidents, which places extremely high demands on industrial control security solutions. In the implementation process, there are often awkward situations where certain aspects cannot be touched or interfered with. Meanwhile, some industrial enterprises have weak security awareness, and the information security management systems and protective measures for industrial control systems are inadequate. Inspection data from a certain city shows that less than 30% of industrial control systems have installed security software, and over 20% have not repaired significant vulnerabilities.

3. Suggestions for Advancing Cybersecurity of Industrial Control Systems in China

Firstly, strengthen top-level design and improve the industrial control security system and mechanism. Implement laws and regulations such as the Cybersecurity Law, Data Security Law, Personal Information Protection Law, and Critical Information Infrastructure Security Protection Regulations, and strengthen the coordination of management and technical measures from multiple dimensions and levels, including cybersecurity, data security, cryptography security, and production safety. Establish industrial control network security management and technical teams, enhance cybersecurity awareness and education, improve the understanding and awareness of industrial control security risks among small and medium-sized enterprises and grassroots employees, and promote industrial enterprises to fulfill their cybersecurity protection obligations and implement the main responsibility for industrial control security.

Secondly, strengthen technical research and improve endogenous security levels. Organize research and tackling of network attack and defense technologies based on the characteristics of China’s manufacturing industry, enhance technical analysis and attack reproduction of typical industrial control security incidents, identify important industrial control systems in manufacturing, and promote “evaluation-driven reform and attack-driven defense” to block security vulnerabilities at the source. Actively explore technologies such as zero trust, AI, and domestic cryptography, and promote the industrial application of self-operated control software and domestically produced industrial control systems to improve the endogenous security level of China’s manufacturing enterprises.

Thirdly, strengthen emergency response and enhance the protective capabilities and resilience of industrial control security. Benchmark against the key points of policies and standards such as the “Guidelines for the Security Protection of Industrial Control Systems,” actively conduct cybersecurity risk assessments for industrial control networks in China’s manufacturing enterprises, and draw on practices from the US, UK, and EU. From the perspectives of “prevention,” “monitoring and containment during incidents,” and “post-incident recovery and remediation,” establish standardized emergency response mechanisms for industrial control attacks, regularly conduct attack-defense drills, and ensure that critical industry industrial control systems have good resilience and recovery capabilities when facing significant cyberattacks.

References omitted.

Author Profiles:

Yang Xuezhi (1986-), male, from Hengshui, Hebei, senior engineer, master’s degree, currently working at the Industrial Control System Research and Evaluation Division of the China Software Testing Center, mainly engaged in research related to industrial control systems, industrial software, and robotics.

Xiao Wei (1986-), male, from Langfang, Hebei, engineer, master’s degree, currently working at the Industrial Control System Research and Evaluation Division of the China Software Testing Center, mainly engaged in research on industrial control systems, industrial software, and cybersecurity.

Zhao Yangguang (1993-), male, from Shangqiu, Henan, engineer, master’s degree, currently working at the Industrial Control System Research and Evaluation Division of the China Software Testing Center, mainly engaged in research on software technology, software supply chain security, and industrial control security.

· end ·

Source | “Automation Review” 2025 First Issue and “Industrial Control System Information Security Special Issue (Volume 11)”

Editor | He Min

For cooperation or consultation, please contact the WeChat ID of the Industrial Safety Industry Alliance platform secretary: ICSISIA20140417

Previous Recommended Reads

Heavyweight | “Automation Review” 2025 First Issue and “Industrial Control System Information Security Special Issue (Volume 11)” Online

Must-Read for the 2025 Two Sessions | These Key Proposals on Industrial Information Security Will Rewrite Industry Rules

Ministry of Industry and Information Technology | Risk Warning on Preventing Cyberattacks Targeting DeepSeek Local Deployment

Insights | Industrial Control Security Protection for Long-Distance Oil and Gas Pipelines: Strategies, Practices, and Outlook

DeepSeek Analysis | The Current Status and Future Outlook of Zero Trust Security Architecture in the Industrial Field

White Paper | Northeast University: 2024 Industrial Control Network Security Situation White Paper (Download Attached)

Recommended Read | The Five Cybersecurity Technologies That Are About to Become Obsolete

Insights | Research on Encryption Technology for Industrial Programmable Control Systems

Recommended Read | DeepSeek Insights and Reflections from a Security Perspective

Ministry of Industry and Information Technology | China’s Information Security Sector Revenue Reached 229 Billion Yuan in 2024

Attention | Results of Security Testing for Key Network Devices (Batch 19)

Power Safety | 2024 New Power System Safety Construction Guidelines Report (Download Attached)

Ministry of Industry and Information Technology and Thirteen Other Departments | 2024 List of Typical Cases for Cybersecurity Technology Applications

Attention | The National Development and Reform Commission, National Data Bureau, and Six Other Departments Jointly Issued the “Implementation Plan for Improving Data Circulation Security Governance to Better Promote the Marketization and Valuation of Data Elements”