The new industrialization is characterized by digitization, networking, and intelligence, driving the transformation of Industrial Control Systems (ICS) from traditional closed architectures to an open system of “cloud-edge-end” collaboration. As the “nerve center” of critical infrastructures such as energy and manufacturing, the cybersecurity of industrial control systems directly relates to the stability of the supply chain and national economic security. With the integration of technologies, traditional protection models struggle to cope with new threats. The “Guidelines for Cybersecurity Protection of Industrial Control Systems” (hereinafter referred to as the “Guidelines”), issued by the Ministry of Industry and Information Technology, proposes 33 baseline requirements focusing on security management, technical protection, security operations, and accountability, providing a clear path for industrial enterprises to build a protection system suitable for the new industrialization scenario. Based on the framework of the “Guidelines” and personal reflections, the author discusses the implementation path of the ICS cybersecurity protection system from three dimensions: the foundational layer, operational layer, and support layer.
Industrial Control System Cybersecurity
Implementation Path of the Protection System
1. Foundational Layer: Building a Dynamic Defense Technology System
The foundational layer focuses on technology, constructing a deep defense capability through architecture optimization, device hardening, and data protection, achieving a transition from “passive defense” to “active immunity,” specifically implementing the technical protection requirements of the “Guidelines.”
First, based on the zero-trust concept, reconstruct the industrial network security architecture. Use micro-segmentation technology to divide security domains by production units and business processes, setting independent access control policies within each domain to limit lateral movement; deploy an industrial traffic visualization platform to deeply analyze protocols such as Modbus and OPC UA, identifying abnormal commands; for wireless communication, use 5G slicing technology to isolate industrial control traffic from regular data, while enabling two-way authentication and encrypted transmission to prevent signal forgery and replay attacks.
Second, industrial control devices must extend from “factory security” to “lifecycle security.” During the device selection phase, prioritize PLC and DCS products that support trusted boot and firmware encryption, and disable default accounts and ports; implement unique device identity identification through hardware security modules (HSM) to ensure traceability of control command sources; for edge computing nodes, use lightweight virtualization technology to achieve computational environment isolation and deploy edge firewalls to filter abnormal traffic; establish a security audit mechanism for industrial software code, identifying vulnerabilities and backdoors through static and dynamic application security testing.
Third, build a data security system that is “classified and graded – precise protection – shared and controllable.” Classify production process parameters, equipment operation data, supply chain data, etc., according to the grading standard of “core data > important data > general data,” encrypting core data with national cryptography algorithms (SM4); during data transmission, use industrial data gateways for protocol conversion and encryption, employing federated learning technology for cross-domain data transmission with the “data does not move, model moves” approach; for data sharing scenarios, apply privacy computing technology to mine data value without disclosing original data, avoiding leakage of sensitive information.
2. Operational Layer: Establishing a Closed-Loop Management Mechanism
The operational layer focuses on processes, achieving continuous iteration of security capabilities through systematic management, normalized operations, and full-chain control, addressing the “last mile” issue of technology implementation and fully implementing the security management and operational requirements of the “Guidelines.”
First, establish a security management system suitable for industrial scenarios. At the policy level, develop security management specifications for industrial control systems based on the characteristics of enterprise business, clarifying the protection principle of “production first, safety as a bottom line”; at the organizational level, form a cross-departmental security committee composed of production, IT, and security departments, implementing a “top leader” responsibility system; at the process level, design security processes covering the entire lifecycle of “planning – construction – operation – decommissioning,” such as conducting security assessments before system launch, implementing quarterly vulnerability scans during operation, and performing data erasure and equipment destruction upon decommissioning.
Second, construct a closed-loop operational mechanism of “perception – analysis – response – improvement.” Deploy an industrial security situational awareness platform, integrating multi-source data such as network traffic, device logs, and vulnerability information, using AI algorithms to identify abnormal behaviors; establish a vulnerability management process, prioritizing remediation based on “CVSS score + asset importance,” and for critical devices that cannot be shut down, use “hot patches” or temporary protective measures; develop graded emergency response plans, clarifying the response processes at the “device level – workshop level – enterprise level,” regularly conducting tabletop exercises and practical drills to enhance emergency response efficiency.
Third, establish a full-chain supply chain security management mechanism covering “access – use – exit.” In the access phase, develop a supplier security qualification assessment checklist, requiring suppliers to provide product security test reports and vulnerability response commitments; in the use phase, conduct “unboxing inspections” of purchased industrial software and equipment to check for backdoors and preset accounts, implementing localized development for core devices; in the exit phase, sign security liability tracing agreements with suppliers, clarifying subsequent responsibilities such as vulnerability remediation and data deletion, and implementing blacklist management for suppliers with significant security risks.
3. Support Layer: Improving the Support System
The support layer focuses on ecology, constructing a long-term support mechanism through standard guidance, technological innovation, and policy incentives, providing environmental guarantees for the implementation of the protection system, closely aligning with the accountability standards and normative requirements of the “Guidelines.”
First, promote the deep integration of security standards with industrial scenarios. At the national level, improve the level protection 2.0 expansion requirements for industrial control, detailing security control points under the “cloud-edge-end” architecture; at the industry level, develop standards for specific fields, such as safety protection guidelines for petroleum production systems; at the enterprise level, translate national standards into executable security configuration baselines, clarifying core principles such as PLC security configuration and industrial network segmentation to ensure standards are implemented.
Second, break through the core technology bottlenecks of industrial security. Increase R&D investment in products such as industrial firewalls and ICS intrusion detection systems to enhance localization rates; cultivate an industrial security service ecosystem, developing integrated services of “security consulting + testing and evaluation + emergency response”; establish an industrial security talent training system, conducting practical training such as “ICS security competitions” to fill the gap in professional talent.
Third, build a collaborative mechanism of “government guidance, enterprise responsibility, and social participation.” At the government level, establish special funds for industrial security, subsidizing core technology R&D at the enterprise level, incorporate security investments into production costs, ensuring security resource allocation matches information technology investments; at the social level, establish an industry security information sharing platform, encouraging enterprises to anonymously report security incidents, forming a linkage mechanism of “one warning, all-domain protection.”
Conclusion
In the context of new industrialization, the cybersecurity protection of industrial control systems must break through the traditional “single-point technical protection” model, using dynamic defense technologies to address architectural transformation risks, employing closed-loop management mechanisms to resolve operational disconnection issues, and leveraging diverse support systems to overcome ecological shortcomings, ultimately achieving a dynamic balance between security and development.
Source: “Cybersecurity and Informationization” Magazine
Authors: Fan Xudong, Ma Rui, Urumqi Petrochemical Branch of China Petroleum
(This article does not involve confidential information)
–END–
Welcome to follow us~
