Abstract: Implementing a defense-in-depth cybersecurity strategy against internal and external threats is an effective measure to ensure the security of Industrial Control Systems (ICS). By building a defense-in-depth cybersecurity plan and implementing the 8 recommendations proposed in this article, it will help reduce the cybersecurity risks of Industrial Control Systems (ICS). In the era of … Read more
★ Zhongheng Telvi Testing Technology (Beijing) Co., Ltd. Cai Lili Abstract:With the digital transformation and intelligent upgrade of industrial enterprises, as well as the use of new technologies, industrial control systems have become more open, leading to new risk factors. This article introduces the risks faced by industrial control systems in the context of new … Read more
OriginalVulnerability 1. Coding Standards and Software Vulnerabilities Software vulnerabilities are often closely related to the lack of coding standards. If input validation, dependency management, and security design principles are ignored during development, even if the functionality is normal, security risks may be hidden. Taking the Java deserialization vulnerability as an example, the essence is that … Read more
Industrial control systems generally refer to a variety of control systems, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and Programmable Logic Controllers (PLC), among others. 01 Five-Layer Architecture The classic hierarchical model of industrial control systems in the international standard IEC62264-1 divides typical industrial control systems into five levels based … Read more
Industry is the lifeblood of a nation’s economy and a reflection of its comprehensive national strength. Currently, China is at a critical juncture in its transition from “Made in China” to “Intelligent Manufacturing in China.” Industrial Control Systems (ICS), as the core of the industrial system, are widely used in fields such as power, aerospace, … Read more
★ Beijing Tianrongxin Network Security Technology Co., Ltd. Zhang Yun Abstract: The “Information Security Technology – Maturity Model for Information Security Protection Capability in Industrial Control Systems” (hereinafter referred to as the “Maturity Model”) serves as a national standard, providing a systematic maturity assessment framework for information security protection in industrial control systems, aimed at … Read more
Industrial control systems sound impressive, but in reality, they are just a combination of hardware and software aimed at making machines operate according to our intentions. Whenever networks are involved, security issues are always present. Stop clinging to the “five-layer architecture”; today we will explore how many security vulnerabilities are hidden within these seemingly robust … Read more
One day, the cybersecurity monitoring center of an oil and gas company received a series of alarm signals indicating abnormal behavior in some of its production control systems. After a thorough investigation, it was discovered that certain critical control nodes were receiving abnormal commands from the internal network, suspected to be an external attacker attempting … Read more
2016 was a fruitful year for China’s industrial control system information security market, especially with significant breakthroughs in relevant laws, regulations, and standards. The Industrial Control System Information Security Industry Alliance (ICSISIA) has specially compiled and published the top ten news events in China’s industrial control system information security for 2016. Let’s take a closer … Read more
On the afternoon of March 26, 2025, the 2025 Annual Academic Committee Meeting of the Key Laboratory for Safety and Reliability Assessment of Industrial Control Systems (hereinafter referred to as the “Key Laboratory”) was grandly held in Beijing. The meeting was jointly organized by the China Electronics Information Industry Development Research Institute and China Huadian … Read more