“Let’s not think that ‘a small business can’t be watched by others’. If network security is not paid enough attention, it may be planted with related viruses by international extortion groups, and some important production data and systems may be encrypted and encrypted. Extortion.” Mr. Wang Tao, product director of Qi’anxin Industrial Internet Security Division, said at the CITE2021 Industrial Internet Development and Security Summit.

Mr. Wang Tao, Product Director of Qi Anxin Industrial Internet Security Division

Qi Anxin is a network security company under China Electronics, and is currently the largest network security company in China. It has leading advantages in the fields of big data security technology, offensive and defensive confrontation technology, and terminal protection technology. On April 10th, at the CITE2021 Industrial Internet Development and Security Summit, Mr. Wang Tao, Product Director of Qi’anxin Industrial Internet Security Division, delivered a keynote speech on the topic of “Industrial Internet Security Operation Helps Industrial Enterprises Go to the Cloud Safely”. The mysterious veil of “how to escort the security of the Industrial Internet of Things”.

Frequent security incidents, the state attaches great importance to

In recent years, major industrial cybersecurity incidents have occurred frequently around the world. In December 2017, hackers used the malware TRITON to attack the Saudi natural gas Schneider SIS system, causing the factory to stop production; in August 2018, TSMC was attacked by the WannaCry variant virus, 5 major fabs were shut down, and the loss reached NT$5.2 billion; 2020 In November, hackers encrypted 1,200 servers in the factory, 100GB of data was stolen, and demanded a ransom of $34.68 million from Foxconn… Wang Tao attributed the attacks in the manufacturing field to two categories:

The first type is the traditional virus. The “Eternal Blue” ransomware virus has been successfully conquered in the IT network. It is streaking in the public network, and it flows into the manufacturing network, which has a serious impact on the production and manufacturing of the upper computer;

The second category is the case of extortion against industrial enterprises. At present, it has appeared in China, and reports of extortion of major domestic industrial enterprises have occurred from time to time, and small and medium-sized enterprises will not be spared. “Let’s not think that ‘a small business can’t be watched by others’. If network security is not paid enough attention, it may be planted with related viruses by international extortion groups, and some important production data and systems may be encrypted and encrypted. Blackmail.” Wang Tao said.

The state attaches great importance to the construction of industrial Internet security. In 2017, the executive meeting of the State Council passed the “Guiding Opinions on Deepening “Internet + Advanced Manufacturing” to develop the Industrial Internet; in 2019, ten departments jointly issued the “Guiding Opinions on Strengthening Industrial Internet Security”; in 2020, the Ministry of Industry and Information Technology issued “On Notice on Promoting the Accelerated Development of the Industrial Internet”; in 2021, the Ministry of Industry and Information Technology issued the “Industrial Internet Innovation and Development Action Plan (2021-2023)”. As an important guiding policy, this year’s action plan proposes important development directions for security. Wang Tao pointed out that there are three key directions:

First, the direction of classification and classification;

Second, innovative development, especially in the direction of intelligent manufacturing and Internet of Vehicles security, a group of new innovative enterprises should be fostered;

Third, build 20 intensive safety operation service centers and public safety service platforms for key industries with greater influence.

“This is a national policy, and it is also hoped that capable industrial Internet platform companies and industrial companies can take the lead in establishing some industrial security public service platforms.” Wang Tao said, “In the past two years, industrial Internet platforms have developed rapidly in China, and business Cloud (including various applications to the cloud) is developing rapidly. However, there are not many promotion and applications of secure cloud access. Helping industrial enterprises to provide secure cloud services is a new development direction. There is already an important issue in the three-year action plan. Layout.”

The current problems of enterprise industrial safety operation

For enterprises, why should they go to the cloud safely? Can you do it yourself? After investigating a large number of industrial enterprises, Qi Anxin found that there are three common pain points in the industrial safety operation of enterprises:

First, the enterprise emphasizes construction and neglects operation. The effective investment of enterprises in industrial safety operation is insufficient, and even some industrial enterprises purchase safety equipment just to meet some safety regulations, and the equipment is not really powered on for operation, resulting in a huge waste of resources.

Second, there is a lack of talent and technology. At present, there is a shortage of network security talents, especially those who understand both network security and industry. The cost of recruiting talents is very high, and it is difficult for enterprises to use equipment after purchasing.

Third, the cost is high and the effect is slow. Some large enterprises will seek on-site security services. According to Wang Tao, Qi Anxin has such a layout in some places, dispatching security personnel to industrial enterprises in the form of labor dispatch to help them provide security services. However, the cost of on-site personnel is too high, and on-site security services are not suitable for small and medium-sized industrial enterprises.

Building a public service platform for industrial Internet security

Based on the current pain points widely faced by industrial enterprises and relevant national policies, Qi Anxin proposed the concept of building its own public service platform for industrial Internet security. Wang Tao introduced that in the past three years, in the development of industrial Internet security, especially with the support of relevant policies of the Ministry of Industry and Information Technology, the industrial Internet situational awareness platform, security threat information sharing platform and security emergency command platform have been established. Situational Awareness Platform.

Building a public service platform for industrial Internet security

In the new three-year action plan, it is proposed to focus on the establishment of an industrial Internet security public service platform. Qi Anxin has undertaken the Ministry of Industry and Information Technology’s small and medium-sized industrial Internet security public service platform project, and has formed related products and services based on this project, which is currently in the promotion stage.

Wang Tao introduced the structure of the public service platform as an example: “For example, in a city, we will build a public service platform for industrial Internet security, which is a cloud infrastructure with secure application software and our security team. In the factory, we have various deployment methods. The easiest way is to deploy a lightweight probe, collect and analyze the data of related industrial enterprises, send the analysis results and safety information to the platform, and carry out safe operation on the platform. .”

Industrial Internet Security Public Service Platform

This approach dispels the concerns of industrial enterprises about whether the data will be leaked after the data is uploaded to the cloud. Since it is desensitized data, only some safe results are put on the cloud, so it will not cause the leakage of related enterprise data. At the same time, Qi Anxin will also place a security operation and maintenance gateway in the enterprise. In addition to exploring some traffic data for analysis, it also collects some industrial safety data and equipment logs of the industrial control system, and releases them to the relevant remote platforms. This is the platform main operating mode.

In this process, the communication between the gateway, the probe and the platform is encrypted and authenticated to ensure the security of transmission.

The overall security operation requires multi-party capabilities. On the one hand, the platform needs to have built-in security capabilities; on the other hand, it requires strong personnel capabilities and requires experts to operate. “Qianxin has a complete security service system and needs many security experts. We will also divide the security experts in the security competence center into first-line, second-line, and third-line. The front line is general security monitoring, dealing with general security incidents. For serious problems, problems and risks will be raised to second-tier experts for disposal, which will automate the entire capability.” Wang Tao said.

Qi Anxin Security Service List

In the past, each enterprise built its own industrial capacity, which was very scattered. Now that Qi Anxin builds its capabilities on the cloud platform, enterprises no longer need excessive security capabilities. Through services, the security protection level of enterprises can be improved.

Platform Core Capabilities

The core capabilities of Qi Anxin’s security platform include security monitoring, emergency response, analysis and Display, and research and evaluation.

Practical case

In terms of cooperation mode, Qi Anxin basically builds a security service platform with the local government, competent authorities, partners, or enterprises with communications authorities, and works with partners to serve local industrial enterprises. Wang Tao introduced the Foshan Industrial Internet Security Public Service Platform under construction as an example. This is an industrial Internet security public service platform jointly built by the Nanhai District Government, Qi Anxin, and a state-owned holding company in Nanhai District. of industrial enterprises provide industrial Internet security services. Qi Anxin provides technology research and development and technical services, state-owned holding companies provide hardware network environment, workplaces, and promotion service personnel, and the Nanhai District government provides financial subsidies to jointly build and operate a service platform. The services include: industrial Internet security monitoring service, system vulnerability notification service; enterprise industrial control equipment, system vulnerability patch push service; industrial enterprise industrial control network on-site security inspection service; industrial Internet security emergency response service, etc.

Foshan Industrial Internet Security Public Service Platform

Qi Anxin was successfully listed on the Science and Technology Innovation Board last year. It is also the official partner of the Winter Olympics and has maintained rapid revenue growth for many years. On May 10, 2019, China Electronics strategically invested in Qi Anxin, making Qi Anxin a member of the national team and able to provide security services for a large number of state-owned enterprises and related central enterprises.

It can be said that the security service capability is the biggest advantage of Qi Anxin. Qi Anxin has more than 100 security service teams deployed across the country. In terms of security teams and security capabilities, Qi Anxin is second to none in China. “We have extensively participated in emergency drills or national defense drills of various competent departments and are the backbone. Our emergency response capabilities cover the widest scale, standardize service processes, have the strongest emergency combat capabilities, and have the highest customer satisfaction. The market has the first share. Any security problems, our security service department can implement emergency response in a targeted manner.” Wang Tao concluded at the end.