The Ministry of industry and information technolog

The Ministry of industry and information technology issued the "three-year action plan for information security of industrial control systems"

in order to implement the guiding opinions of the State Council on deepening the integrated development of manufacturing and interconnection and the guiding opinions of the State Council on deepening the development of industrial interconnection by "interconnection + Advanced Manufacturing", speed up the construction of China's industrial control system information security guarantee system and improve the information security protection capacity of industrial enterprises' industrial control systems, Promote the development of the information security industry in the general 3-camera or frequency conversion Electromechanical industry for some tension machines in the current market, and formulate the action plan for information security of industrial control systems (year). It is hereby printed and distributed to you. Please pay attention to the implementation in combination with the actual situation

action plan for information security of industrial control system

(year)

information security of industrial control system (hereinafter referred to as industrial control security) is an important guarantee for the implementation of the strategy of building a strong manufacturing country and a strong network country. In recent years, with the comprehensive promotion of made in China and the accelerated development of industrial digitalization, networking and intelligence, China's industrial control security is facing new challenges, such as the increasing number of security vulnerabilities, the accelerated penetration of security threats, and the complexity and diversity of attack methods. This action plan is formulated to comprehensively implement the national security strategy, improve the industrial control security protection ability of industrial enterprises, promote the development of industrial information security industry, and speed up the construction of China's industrial control security system

adhere to the implementation of enterprise subject. Establish the dominant position of industrial control safety in enterprises, strengthen awareness, take the re adjustment of the experimental curve after the industrial control safety experiment as an important part of industrial production safety, and incorporate safety requirements into all links of enterprise production, operation and management

adhere to classified guidance according to local conditions. Accurately grasp the development basis and characteristics of industrial control security in different industries and regions, and combine the diversity and complexity of industrial control security threats to implement accurate policies by categories, levels and steps

insist on paying equal attention to technology and management. Make overall plans for technical protection and safety management, make full use of advanced technology to improve the safety protection ability of industrial control, innovate the safety management mechanism of enterprises, and comprehensively implement the safety management system

(III) main objectives

by 2020, the system wide industrial control safety management system will be basically established, and the awareness of industrial control safety in the whole society will be significantly enhanced. The national monitoring network, emergency resource database, simulation testing, information sharing and information notification platform (one library and three platforms) have been built, and the situation awareness, security protection and emergency response capabilities have been significantly improved. Cultivate a number of leading backbone enterprises with great influence and strong competitiveness, create a national demonstration base for new industrialization (Industrial Information Security), and greatly improve the ability of industrial innovation and development

II. Main actions

(I) improve the level of safety management

implement the enterprise main body. The enterprise establishes the industrial control safety system according to the network safety law of the people's Republic of China, defines the legal representative of the enterprise and the person in charge of operation as the first, establishes the management organization, and improves the management system. Implement the safety requirements of the guide for information security protection of industrial control systems, continue to increase investment in industrial control safety, implement special funds for protection technology transformation and hidden danger treatment, and actively carry out protection capacity evaluation

implement supervision and management. The Ministry of industry and information technology plans to formulate industrial control safety policy standards, carry out publicity and implementation training, regularly organize national inspection and evaluation, and implement safety reviews on industrial control system products and services included in the scope of review. The local competent departments of industry and information technology accelerate the construction of local laws and regulations on industrial control safety, establish a catalogue of important industrial control systems, strengthen daily supervision and management, arrange special funds to promote the construction of local monitoring, early warning, emergency and other support capabilities, and continue to improve the local industrial control safety guarantee system

(II) improve situational awareness

build a national industrial control safety monitoring network. Support national industrial information security technology institutions to continuously improve industrial control security monitoring means such as active monitoring, passive trapping and Threat Intelligence Acquisition, expand the types of asset identification of industrial control systems, and improve identification accuracy and search efficiency. With the national industrial control safety monitoring platform as the center, a monitoring network covering important provincial nodes will be built to realize real-time perception, accurate research and judgment and scientific decision-making of the operation status and potential risks of national important industrial control systems

implement information sharing project. Encourage industry competent departments, enterprises, scientific research institutes, alliance associations and other institutions and individuals to actively participate in information sharing, establish a sharing list, clarify the sharing content, and promote the formation of a working mechanism of government guidance, enterprise subjects, social participation, and benefit sharing. Make full use of cloud computing, big data and other technical means to build a national industrial control safety information sharing platform to realize the safe, reliable and timely sharing of information

(III) improvement of safety protection ability

strengthen research on protection technology. Support the construction of industrial control safety shooting range, simulation testing and other common technology platforms, research and development of industrial control safety protection technology tool set, and strengthen key technology research such as zoning isolation, security exchange, protocol management and control. Carry out pilot demonstration of protection capacity construction, and form a replicable and scalable overall solution for safety protection. Explore the security architecture design of emerging applications such as industrial cloud and industrial big data, and carry out research and innovation on industrial interconnection security protection technology

establish and improve the standard system. Formulate standards for industrial control safety classification, safety requirements, safety implementation and safety evaluation, speed up the release and application of emergency leading standards such as industrial control safety protection ability evaluation, industrial control system equipment product safety, industrial interconnection platform safety, and encourage enterprises, scientific research institutions, industry organizations, etc. to participate in International standardization

(IV) improve the ability of emergency disposal

carry out information notification and early warning. Formulate the administrative measures for submission and notification of industrial information security information, and establish the systems of information notifier, daily information notification, emergency information notification, risk early warning, etc. Build an industrial control safety information notification and early warning platform, timely release risk early warning information, track the progress of risk prevention work, and form a rapid and efficient information notification and early warning system with linkage of all parties

build a national emergency resource pool. In accordance with the general requirements of the national network security incident emergency plan, support national industrial information security technology institutions to build an emergency resource database to realize the functions of information collection, auxiliary decision-making, plan drilling and so on. In case of sudden industrial information security incidents, support the competent departments of the industry to coordinate technical experts and professional teams to analyze, study and judge the incidents, and mobilize relevant emergency resources to carry out disposal work in a timely and effective manner

(V) improvement of industrial development ability

cultivate leading backbone enterprises. Facing the needs of industrial development in the field of industrial control and safety, we will speed up the cultivation of a number of 13 enterprises and safety service providers for industrial control system production with high technical level, large business scale and strong competitiveness. We will support leading backbone enterprises to break through core technologies, develop key products, improve service capabilities, innovate business models, cooperate with industrial enterprises to carry out demonstration of excellent products and solutions, and promote industrial applications

create a national demonstration base for new industrialized industries (Industrial Information Security). Select areas with strong industrial foundation, complete industrial chain and obvious agglomeration effect to build a national new industrialization industry demonstration base (Industrial Information Security). Around the key links of industrial control system technology research and development, application demonstration, industrial and financial cooperation, talent training and so on, explore the path of industrial development, promote the development of industrial agglomeration, and play a leading role of pilot and demonstration

III. safeguard measures

(I) strengthen organization and coordination

under the unified leadership of the leading group for the construction of a national manufacturing power, strengthen the overall planning and coordination of major decisions, major projects and major issues of the industrial control safety assurance system, and fully implement the tasks of the action plan. Local competent departments of industry and information technology should strengthen the overall management of the region, and do a good job in the implementation and organizational guarantee of the action plan

(II) increase policy support

adhere to the combination of government guidance and market operation, and fully mobilize social forces to support the construction of industrial control safety assurance system. Support qualified places to set up special projects, and increase support for the construction of industrial control safety infrastructure, the construction of key technology verification and testing platform, and industrial innovation and development. Use national policy credit funds to support the construction of industrial information security industry demonstration base

(III) accelerate talent training

encourage industrial enterprises to strengthen cooperation with colleges and universities to jointly cultivate industrial control safety professionals. Build a national industrial control safety high-end think tank, provide intellectual and technical support for industrial control safety strategic deployment, planning, decision-making consultation and major issues, and cultivate a complete and skilled industrial control safety professional team

(IV) encourage social participation

give full play to the positive role of intermediary organizations such as industry associations and industrial alliances, support technology research and development, skill competitions, standard promotion, public services, international cooperation and other work, promote technology exchange, strengthen information communication, and form a development pattern of efficient linkage between government, industry, University, research and application