New business and new security ② 丨 Digital reshaping supply "new chain", how to coordinate the network and production security

Southern Finance All Media Reporter Wu Liyang Beijing report

Editor's note:

Cyber ​​security is not only the basic guarantee of digital transformation of enterprises, but also a must -have for the stability of the digital economy.

In the past year, the "Personal Information Protection Law" has been formally implemented, and policies and regulations such as the "Regulations on the Management of Network Product Security Vulnerability", "Measures for the Review of Network Security" and "Evaluation of Data Outbound Security" have been implemented one after another, and my country's network security regulatory framework is continuously improved.

But on the other hand, the Apache Log4J2 components have serious security vulnerabilities, ransom attacks and DDOS and other network attacks, and network security challenges still exist. With the increasing combination of the daily life and network space of Volkswagen, network security has a greater impact on my country's social governance, economic development, and the safety of the people's life and property.

Southern Finance and Economics All -Media Group · 21st Century Economic Herald Compliance Science and Technology Research Dean Focusing on the background of the development of the digital economy development, combined with the actual development needs of the industry, when the 2022 Cyber ​​Security Propaganda Week was officially held in 2022, the "New In -depth reports of the series of business formats, in the context of focusing on the development of the new business format of the digital economy, the situation and changes of cybersecurity offensive and defensive, starting from the two directions of system construction and technology applications, discussing how to escort the network security in the digital age.

In the second part of the special report, from the perspective of the prominent results brought by the digitalization of the industry -the industrial Internet supply chain, explore the industrial entity and link of the connected through digital technology, and in the environment where the network security situation is becoming more and more complex. What safety issues are faced, and the supply chain system that is intertwined and constructed for software and hardware has to build a shield of safety protection to protect production safety.

In recent years, the degree of integration of new generation of information technology and manufacturing has continued to improve. With new types of Internet technology and application integration industrial production resources, open up the industrial Internet supply chain system of design, procurement, production, and sales, and become digital transformation and upgrading of manufacturing in the manufacturing industry The important starting point also greatly enhances the resource allocation capabilities and product supply capacity of industrial enterprises.

But on the other hand, with the extension of the Internet in the field of industrial production, the number of components, data, software suppliers and service providers connected through the digital network is also increasing sharply. The industry supply chain accelerates integration and reshapes the new chain.

This not only leads to the major extension of the attack on the attack of industrial enterprises when preventing cyber security attacks, but also causes the impact of the overall supply of the entire supply when there is a hidden safety hazard or being threatened by the security risk of security hidden safety hazards or being threatened by security threats in time. Chain, causing huge economic losses. my country urgently needs to build a supply chain security protection system to ensure the healthy development of the Internet industry in accordance with the actual needs and network security situation of industrial production to ensure the healthy development of the industrial Internet industry.

New chain and new security

As a major manufacturing country, my country has a leading advantage with complete industrial layout and good information foundation. With the continuous development of digital technology and accelerated landing in the industrial field, some of the leading role in digital leading enterprises and innovative enterprises have been taken first to quickly transmit into all aspects of the industrial chain. Under the development trend of adaptability, the transformation and upgrading of the full supply chain began.

Li Yufeng, a professor at Shanghai University and the head of the internet of Zijinshan Laboratory, pointed out in an interview with a reporter from Southern Finance and Economics that a new round of scientific and technological revolution and industrial reform have developed in depth. In the general trend, the supply chain of many traditional industries is accelerating with the software and hardware supply chain of the LT industry to build a digital production "new chain".

Specifically, with infrastructure such as the industrial Internet and digital platforms, the transformation and upgrading have greatly improved the production efficiency and the efficiency of the enterprise. He Dongdong, co -founder and CEO of Tree Gen Interconnect, said that the assets, production, and sales of upstream and downstream enterprises upstream and downstream enterprises can be collected and analyzed and calculated. Taking it based on the establishment of the industrial chain IIOT solution based on the Geyun platform The application of supply chain management has greatly enhanced the ability of industrial chain matching efficiency and the ability of SMEs to connect business needs.

The model of "General Platform+Industrial Ecology" is based on industry leading enterprises and industrial chain innovative enterprises, creating an industrial Internet application covering the overall supply chain, which can drive a large number of upstream and downstream companies, especially small and medium -sized enterprises to achieve digital transformation. "He Dongdong Say.

However, there are also related industries that people also pointed out that compared with the traditional information industry, the digitalization process of industrial enterprises has obvious industry specificity. The level of enterprise informatization is uneven. To varying degrees, the digital transformation stages are completed.

For some enterprises, especially small and medium -sized enterprises with relatively weak information foundation, their network security construction levels have different levels of network security. This allows the industry chain to digitize digital transformation and create a "new chain" process. Three considers collaboration.

Peng Gen, general manager of Beijing Hanhua Feitian Xin'an Technology Co., Ltd., told reporters that the current supply chain security faces two aspects of problems. One is that some industries rely on software and hardware provided by foreign suppliers. The risk of being "stuck".

In addition, the supply chain has not formed a complete security consensus and protection standards upstream and downstream. It is difficult for enterprises to verify its system security and protection degree to external partners or suppliers. It is easy to be "broken by point", which affects the entire supply chain. "Now many supply chain security work, including the safety of the industrial control system, and other safety protection, etc., is making up for the shortcomings of the past." Peng Gen said.

Network security and production safety urgently need to be planned

A major change brought by the digital upgrade of the supply chain is that the combination of software and hardware in production is getting closer, but this also makes the security issues in the network space more direct risk hazards for real production and life.

In May last year, Coronil, the largest oil transportation pipeline operator in the United States, was attacked by the Internet, which led to a large interruption of gasoline supply in the southeast of the United States. It will not resume operations after a few days. The supplier of producing plastic parts was attacked by ransomware, and Toyota Motor's 14 factories in Japan were forced to stop working for one day.

In the context of the continuous extension of the supply chain of complex industrial products, the number of complex industrial products can expose the number of equipment suppliers and service providers that can expose corporate core technology products, core components, and sensitive data. The protection side pressure rose sharply.

The above -mentioned industrial Internet industry insiders pointed out that more than 90 % of industrial equipment supported by outreach access currently uses weak network link agreements, and most of them do not have identity certification capabilities. Matching has increased the difficulty of the construction of the security system.

Li Yufeng believes that since the 21st century, the large -scale application of industrial control systems, robots, and intelligent connected cars such as computing, communication and control in the integration system has provided channels for the interaction of the physical world and the information world. Once the information physics system is connected, it will not only be affected by physical failure, random hardware failure, and system failure, but also affected by system software and hardware vulnerabilities. At the level, and one of the root causes of threats to the physical world.

He further pointed out that the supply chain of complex systems faces traditional functional security issues caused by faults triggered by natural factors and new functional security issues under network attacks. For network attackers, more opportunities, and network attacks may cause more failure problems to the system. Such a cyclic superposition may cause the harm to be highly released and eventually cause great harm in the physical space. " The dual security risks of security and network security constitute the current broader security protection requirements.

Peng Gen also pointed out that as the supply chain digitization enters deep water, the source of security issues is becoming more and more complicated. If foreign suppliers cannot complete completely, at least they must be safe and controllable. In terms of network security, system security, data security, etc., security overalls for the entire industry.

Ensure that the supply chain is safe and needs to be built in multiple parties

In the actual industrial production practice, the widespread application of Internet technology will associate production subjects in different links. Therefore, from the perspective of security risks, the hidden dangers of loopholes in individual links are likely to constitute a security threat to the entire supply chain and end users.

In May 2017, researchers at Swiss Security Corporation found a keyboard recorder built in the HP audio driver when checking the Windows activity domain, which was used to monitor the user's case records. In the readable file directory, other users and third -party applications can be accessed.

However, at the same time, the distribution of actual security responsibilities in all aspects of the supply chain is not uniform. The main body on the chain adheres to the safety consciousness and motivation of this link. The industry consensus and overall security mechanism are still promoted by the industry.

Li Yufeng pointed out that in many industries, OEMs (original equipment manufacturers) are integrated as the integrated party, and often do not master the source code and design schemes of each component of the supply chain. The parts they get are often a "black box", but the loopholes However, it is often distributed in these components and installed step by step through the system integration to the final equipment and products.

"As the person responsible for the overall safety of the device, OEM lacks a good mechanism or grabs the safety pressure synchronously to various component suppliers, and the safety reinforcement method of the supplier is difficult to effectively improve the overall safety reinforcement method. The safety level of equipment and products. After all, the principle of network security wooden barrel tells us that the overall security level is determined by the lowest level of security. "Li Yufeng said.

In recent years, the security liability requirements for the supply chain are also being implemented. In December 2020, the Ministry of Industry and Information Technology issued the "Industrial Internet Innovation and Development Action Plan (2021-2023)". Management systems, clarify corporate security responsibility requirements and standard specifications "," supervise enterprises to improve the network security management system, strengthen supply chain security management, and implement corporate responsibility. "

Peng Gen said that in the industrial supply chain, especially the industrial control field, there is still some difficulty in the current security guarantee: "Whether at the level of hardware or software, we are facing the problem of being stuck in the stuck. The system and improve the safety and guarantee capabilities of the entire industry. "He further pointed out that when some standardized standards are formulated, when the downstream manufacturers introduce software and hardware, they are required to provide a safety test certificate such as penetration tests, or to a professional third party. Security companies test it, and the safety factors are considered in the procurement process of suppliers and downstream customers.

The above -mentioned industrial Internet industry insiders said that in recent years, the security of data security that has continuously attached great importance to supervision and industry has been cut in. Some industrial Internet has begun to build a security guarantee system covering the full supply chain.

"It is necessary to use the concept of industrial Internet+production safety to form an organic integration of the currently separated network information security supervision and production functional safety supervision, which prompts the thinking of the safety thinking of industrial production to the comprehensive safety issue."

In addition, the industry is also conducting the exploration of the responsibility of supply chain security. Taking the intelligent connected automotive industry chain as an example, Shanghai Intelligent Connected Automobile Network Security Industry Cooperation Innovation Center and many industry units have tried to pass the "public test platform ", Uniformly check and manage suppliers at all levels to share the responsibility of network security, and strengthen the security of all aspects of the industrial chain.

"Supply chain security involves the subject of multiple parties, which is essentially a problem of cybersecurity responsibility and coexistence. This not only requires the co -construction of the consensus of various industries, but also the guidance of the country, the leadership of the standards, the sound of laws and regulations, and the supply chain OEM OEM OEM The initiative of the enterprise, "Li Yufeng said.

- END -