2016 was a fruitful year for China’s industrial control system information security market, especially with significant breakthroughs in relevant laws, regulations, and standards. The Industrial Control System Information Security Industry Alliance (ICSISIA) has specially compiled and published the top ten news events in China’s industrial control system information security for 2016. Let’s take a closer look!
Top
1
The Cybersecurity Law of the People’s Republic of China is officially promulgated
On November 7, 2016, the 24th meeting of the Standing Committee of the 12th National People’s Congress passed the Cybersecurity Law of the People’s Republic of China, which was signed by President Xi Jinping and officially announced. The Cybersecurity Law further defines the scope of critical information infrastructure; it stipulates corresponding punitive measures for foreign organizations and individuals that attack or damage China’s critical information infrastructure; and it adds provisions to punish new types of cyber crimes such as online fraud. The Cybersecurity Law will take effect on June 1, 2017.
Top
2
The National Cybersecurity Strategy is released
On December 27, 2016, the National Internet Information Office released the National Cybersecurity Strategy, marking the first time China has published a strategy regarding cybersecurity. The strategy clarifies China’s major positions and propositions on the development and security of cyberspace, outlines strategic guidelines and main tasks, and serves as a guiding document for national cybersecurity work.
Top
3
The Ministry of Industry and Information Technology issues the Guidelines for Information Security Protection of Industrial Control Systems
In October 2016, the Ministry of Industry and Information Technology issued the Guidelines for Information Security Protection of Industrial Control Systems, which states that enterprises using industrial control systems should ensure security protection from 11 aspects: selection and management of security software, configuration and patch management, boundary security protection, physical and environmental security protection, identity authentication, remote access security, security monitoring and emergency drill, asset security, data security, supply chain management, and accountability. The release of the Guidelines fully implements the national requirements for the security protection of critical information infrastructure and provides important references for ensuring industrial control security in the new era and under new circumstances.
Top
4
General Secretary Xi emphasizes the need to strengthen the protection of critical information infrastructure
On April 19, 2016, General Secretary Xi Jinping made profound remarks on the protection of critical information infrastructure and cybersecurity inspection work at a symposium on cybersecurity and informatization, stating: “Critical information infrastructure in sectors such as finance, energy, electricity, communications, and transportation is the nerve center of economic and social operation, is of utmost importance for cybersecurity, and is also a potential target for major attacks.” He demanded, “We must comprehensively strengthen cybersecurity inspections, understand the situation, recognize risks, identify vulnerabilities, report results, and urge rectification.”
Top
5
National cybersecurity inspection work for critical information infrastructure is launched
In July 2016, with the approval of the Central Cybersecurity and Informatization Leading Group, the first nationwide cybersecurity inspection work for critical information infrastructure was officially launched. This is an important measure to implement General Secretary Xi Jinping’s important speech and is a foundational work for the protection of national critical information infrastructure under the new cybersecurity situation. Conducting cybersecurity inspections for critical information infrastructure starts from key businesses that affect the national economy and people’s livelihood, clarifying the information systems and industrial control systems that may impact the operation of critical businesses, accurately grasping the security status of China’s critical information infrastructure, scientifically assessing the cybersecurity risks faced, and promoting management, prevention, rectification, and construction through inspections, while providing foundational data and references for building a security guarantee system for critical information infrastructure.
Top
6
24 national standards related to information security are approved and published
On August 29, 2016, 24 national standards under the jurisdiction of the National Information Security Standardization Technical Committee were officially published, including the “Security Technical Requirements for Embedded Software of IC Cards with Central Processing Units,” “Information Technology Security Management System Requirements,” and “Information Security Control Practice Guidelines,” among others, which include guidelines for the security application of industrial control systems.
Top
7
The first military industrial control information security protection system in China begins trial operation
In February 2016, the military industrial control information security protection system developed by the 706 Institute of China Aerospace Science and Industry Corporation completed its trial operation in relevant production workshops of the institute. During the trial operation, the protection system successfully ensured effective control of information data during the operation of CNC machine tools, marking the first military industrial control system information security protection system in China that has practical application capabilities.
Top
8
The 5th Industrial Control System Information Security Summit in 2016 concludes successfully
On November 2, 2016, the 4th stop of the “5th Industrial Control System Information Security Summit 2016,” hosted by the Industrial Control System Information Security Industry Alliance (ICSISIA) and organized by the ICSISIA Secretariat and Control Network (kongzhi.net) & “Automation Expo,” was successfully held in Shanghai. This meeting was the final event of the “5th Industrial Control System Information Security Summit 2016.” The enthusiastic response and active interaction from the audience at the meeting achieved a perfect conclusion for the summit.
This event has been held continuously since 2012.
Top
9
The third issue of the “Industrial Control System Information Security” special publication is published
In November 2017, the third issue of the “Industrial Control System Information Security Special Publication” was officially published. Since the establishment of the Industrial Control System Information Security Industry Alliance in 2014, a volume of the “Special Publication” has been published annually, receiving widespread acclaim in the industry. This year’s “Special Publication” is richer in content, featuring experts from fields such as electricity, petroleum, rail transportation, tobacco, municipal, and high-speed rail, who provide in-depth explanations of the demands and applications of industrial control system information security in their respective fields, which is believed to inspire readers.
Top
10
“Deep Security Technology for Industrial Control Systems” included in the Ministry of Science and Technology’s key special project for “Cyberspace Security” in the 2016 annual project application guide
The Ministry of Science and Technology, based on the “National Medium- and Long-Term Science and Technology Development Plan Outline (2006-2020),” organized the preparation of the “Implementation Plan for Key Special Projects in Cyberspace Security” in conjunction with relevant departments, and launched the first batch of projects for the 2016 annual key special project in cyberspace security, releasing the guide. The special project focuses on five innovation chains (technical directions): research on network and system security protection technologies, theoretical and key technology research for data security protection in open and integrated environments, key technology research for trusted management in large-scale heterogeneous networks, innovative methods and key technologies for protecting virtual assets in cyberspace, and evaluation and analysis technologies in cyberspace, deploying 32 key research tasks. The implementation period of the special project is five years, from 2016 to 2020. According to the principle of phased implementation and highlighting key points, eight projects are launched in the first batch across five technical directions.Among them, “Deep Security Technology for Industrial Control Systems” is included in the 2016 annual project application guide for the key special project for “Cyberspace Security.”
The above content is organized and published by the Industrial Control System Information Security Industry Alliance (ICSISIA). Please indicate the source when forwarding.
