Abstract
Currently, the security protection capability of industrial control systems in our country is still at a primary stage, making them highly vulnerable to hacker attacks. Just like the recent outbreak of WannaCry, if its variants spread to industrial system hosts, the worst consequence would be the paralysis of the industrial control host system, leading to the inability of production systems to operate normally, and potentially causing explosions and other accidents. In the context of deepening integration of information technology and industrialization, our country’s fragile industrial control systems urgently need protection.
On May 12th around 8 PM, a new type of “worm-type” ransomware “WannaCry” broke out globally, affecting hundreds of countries and involving key industries such as energy, electricity, transportation, healthcare, and education.

However, according to reporters, industrial systems were surprisingly unharmed during this crisis. Industry insiders indicate that, in fact, the security protection capability of our country’s industrial control systems is still at a primary stage, making them highly vulnerable to hacker attacks.
Just like the outbreak of WannaCry, if its variants spread to industrial system hosts, the worst consequence would be the paralysis of the industrial control host system, leading to the inability of production systems to operate normally, and potentially causing explosions and other accidents.
In the context of deepening integration of information technology and industrialization, our country’s fragile industrial control systems urgently need protection.
Security Risks Must Be Warned
Early warning and prevention are crucial. On the second day of the WannaCry outbreak, the National Industrial Information Security Development Research Center urgently issued a warning notice titled “The Malicious Ransomware WannaCry Poses a Serious Threat to Our Industrial and Information Security”, mentioning that if not prevented and controlled, it will inevitably pose a great threat to information security in our industrial sector.
The notice mentioned that industrial hosts are at risk of being attacked. Industrial hosts in our country’s industrial sector (such as operation stations, engineer stations, historical servers, etc.) widely use general-purpose Windows operating systems, especially a large number of systems that have the default open port 445, such as Windows 2000 and Windows XP, which are highly likely to be exploited by WannaCry vulnerabilities for intrusion attacks, rapidly spreading to industrial enterprise intranets and even industrial control networks, leading to industrial hosts being encrypted and locked, rendering them unable to operate normally, and potentially causing the paralysis of the entire industrial enterprise intranet.
Furthermore, sensitive data related to industrial enterprises is at risk of being locked, tampered with, and destroyed. Once infected, this ransomware can encrypt dozens of types of files in the target systems and devices, involving documents, databases, videos, audio, images, drawings, compressed files, and almost all file types, which may lead to the inability to collect and read sensitive data related to industrial production, causing severe economic losses.
Currently, multiple countries in the fields of electricity, oil, telecommunications, and transportation have been severely affected. For example, the Spanish electricity company Iberdrola, the natural gas company Gas Natural, and the telecommunications giant Telefonica have all suffered attacks from ransomware. The notice stated: “Given the rapid spread and wide impact of this malicious software, key industrial sectors in our country have already been affected, and if no prevention and control measures are taken, it is only a matter of time before a widespread infection occurs.”

In fact, due to the integration of the two networks, the security threats faced by traditional information networks, such as viruses, Trojans, intrusion attacks, and denial of service, are spreading to industrial control systems. Liu Ying, an information security system architect at Beijing Haili Technology Co., Ltd., explained that the network threats to industrial control systems include network virus Trojan attacks, control permission interception, data listening and theft, data tampering, and communication robustness attacks.
Specifically, network virus Trojan attacks include malicious code, APT attack viruses, vulnerability attacks, backdoor services, and other attack types that threaten industrial control systems through known operating system vulnerabilities and backdoors, email attacks, and zero-day vulnerabilities; control permission interception can obtain operational permissions or higher-level permissions through operating system or software vulnerabilities, stealing or brute-forcing passwords through various means.
Additionally, Liu Ying also stated that most industrial control systems use plaintext transmission, lacking protective capabilities against data listening, and the risk of plaintext stored data is significant. Moreover, the communication robustness of control systems is weak, making them prone to communication link interruptions in the face of network attacks, and even facing the risk of system restarts.
Defense Shifts from Passive to Active
Currently, smart factories and digital workshops have become standard for intelligent manufacturing, integrating new generation information technology into all aspects of design, production, management, and service activities, with deep self-perception of information, intelligent optimization of self-decision-making, and precise control of self-execution becoming basic functions of intelligent manufacturing.
However, it is important to emphasize that “the main security goal of intelligent manufacturing is to ensure that system functions do not fail or go out of control,” emphasized Mei Ke, deputy director of the Mechanical Industry Instrument Comprehensive Technology Economic Research Institute.
Industrial control systems typically include sensors, converters, transmitters, controllers, actuators, and other instruments. Industrial control systems act as the brain of these industrial equipment, directing a large number of instruments and devices to work together in subsystems to complete various complex control tasks.
In recent years, industrial control system security incidents have been frequent. Last year, Kaspersky Lab revealed a “Ghoul” cyber attack targeting the industrial control sector, which disguised itself as an email from the National Bank of the UAE, using spear-phishing emails to launch targeted cyber intrusions against industrial control organizations in the Middle East and other countries.
This time, the arrival of WannaCry has once again sounded the alarm for the security and prevention of industrial control systems. How to build a secure protection system and how to properly respond to network security issues in industrial control systems have attracted the attention of industrial enterprises.
“In the past, the traditional network security model was a passive defense of sealing, blocking, checking, and killing, while now we should establish an active defense system by learning from traditional defense methods,” said Liu Ying.
Li Hongpei, a senior expert in the field of information security for industrial control systems, also stated that from the perspective of offense and defense, systems will always be breached, meaning that merely deploying traditional security protection mechanisms is insufficient.
“In the offense and defense against system defects, the offensive side has the upper hand,” Li Hongpei said, “The key to successful defense lies in how to timely detect security flaws in the system and proactively address them as early as possible. Additionally, how to quickly discover attack behaviors and respond in a timely manner to minimize the time window for free attacks on the system.”
Regarding key technologies for information security protection, Liu Ying highlighted several, such as identity verification mechanisms based on digital certificates for two-way verification of access devices; using symmetric algorithms for encryption and decryption of system communication data; as well as access control technology, intrusion detection technology, virtualization isolation technology, and trusted boot technology.
Xu Jigang, deputy director of the Engineering Research Institute of China Energy Construction Group Co., Ltd., took power plants as an example, stating that the key to information security prevention in power plants is to establish three important lines of defense: the first line is the security defense between the power plant information system and external systems; the second line is the security defense between the power plant control system and product suppliers; the third line is the security defense between the power plant control system and the power plant information system.
Xu Jigang also pointed out that the main information system of the power plant, the plant-level monitoring information system (SIS), is the data center for the operation of the power plant, located at the center of all automation systems in the power plant, and its defense focus must be to cut off all user systems that read data from real-time or historical databases from invading the SIS.
These individuals generally believe that there is an urgent need to increase investment in industrial control network security devices to prevent related enterprises from being attacked and to avoid significant losses.
The Industrial Control System Industry May Welcome a “Golden Sea”
This time, the arrival of WannaCry prompted many cybersecurity companies to quickly develop emergency response plans. In summary, the outbreak of ransomware has catalyzed the cybersecurity industry.
“More than 80% of critical infrastructure relies on industrial control systems for automated operations, and industrial control systems are widely used in various fields related to national economy and people’s livelihood. As cybersecurity in cyberspace rises to a national strategy, the industrial control network security industry contains enormous opportunities,” said Sun Yian, chairman and chief strategy officer of Beijing Kuang’en Network Technology Co., Ltd.
What is the current state of the domestic cybersecurity industry? Shen Jiya, chairman of the China Cybersecurity Industry Alliance, previously summarized a few points: First, the industry scale is small, with numerous vendors and diverse backgrounds, many products, overall low levels, and serious homogenization; Second, the industry is highly competitive, with invasive species entering, severely damaging the industrial ecosystem. However, at the same time, this is a hot industry, and the future prospects are optimistic.
In fact, our country’s industrial control systems are vast and heavily reliant on imports. The intelligent transformation has shifted production networks from open to interconnected, further exacerbating network security threats, and large-scale new industrial control systems still lack network security planning and design.
Fortunately, the state has noticed this situation, attaches great importance to it, and has begun to deploy a series of measures aimed at enhancing the network security of our industrial control systems. The establishment of the Central Cybersecurity and Informatization Leading Group marks our entry into a strategic period of comprehensive protection of cybersecurity in cyberspace. The successive promulgation of the “Cybersecurity Law of the People’s Republic of China (Draft)” and the “National Security Law of the People’s Republic of China” has also brought our cybersecurity legislation to an unprecedented height.
In the industry’s view, the industrial control system industry is in its infancy, and whoever seizes this blue ocean first may reap a “golden sea”.
End 
▣ Source: China Net
▣ Note: If you have any comments or knowledge supplements regarding this article, please feel free to leave a message at the end of the article!
▣ Reply with keywords such as “robot, motor, IPC, PLC, sensor, inverter, Industry 4.0, industrial internet, industrial computer, industrial control security” to access related articles. Reply with relevant months, such as “4”, to access major industrial control events in April.