On August 28, 2019, the Ministry of Industry and Information Technology of China and other nine regulatory authorities jointly published the Guiding Opinions on Promoting the Work on Industrial Internet Security (hereafter, the Guiding Opinions).
The Guiding Opinions support a document published by the State Council on November 2017 on developing the industrial internet and “internet plus advanced manufacturing” (hereafter the Guiding Opinions of the State Council). In the Guiding Opinions of the State Council, the industrial internet security is one of the most important tasks for the development of the industrial internet and “internet plus advanced manufacturing”. This time, more detailed requirements and tasks to carry out the protection of industrial internet security have been set by 10 related regulatory authorities.
There are three parts in the Guiding Opinions. The first part includes the general requirements, which includes a brief introduction of the requirements under the Guiding Opinions of the State Council, and the basic principles and goals for carrying out the protection of industrial internet security. The second part includes seven key points for the tasks to carry out the protection of industrial internet. The last part details how to ensure the smooth process of industrial internet security protection work.
- In the protection system of industrial internet security, enterprises and governments both have roles to play.
Enterprises who deal with industrial internet should set up departments or positions for its protection. The risk evaluation systems for key equipment, systems and platforms need to be set up within enterprises before and after the connection to the internet. Enterprises should establish security incident reporting systems, audit systems and accountability mechanisms.
The government is responsible for supervision and management of industrial internet security. MIIT is in charge of organizing and drafting the relevant policies and standards for industrial internet security, and conducts industry guidance and management on industrial internet security in the fields of equipment manufacturing, electronic information and communications, etc. Local industry and information technology departments shall guide the security work of enterprises that use industrial internet, and promote the development of the security industry and the role of the industrial internet in the supervision of safe production. Other local regulatory authorities will carry out the guidance and supervision work of industrial internet security protection.
- Industrial internet security management systems should be built. This should include the classification management mechanism, and the industrial internet security standards systems.
- All industrial enterprises shall consolidate the security of equipment and operating systems, enhance the safety of network facilities, and strengthen the protection of platform security and the security management of industrial application.
- From the perspective of industrial internet data security, enterprises should strengthen their ability to protect enterprise data security and establish a data security management system for the whole industrial chain of the industrial internet.
- China will develop new technical ways for protecting national industrial internet security, including building a three-level (from the state to the provinces and to the enterprises) industrial internet security technology support platform, a security database and a security test environment.
- Conduct industrial internet security assessment certification and strengthen the capacity of industrial internet security public services.
- Promote the innovation of industrial internet security and the development of industries.
By the end of 2020, finish the initial establishment of China’s industrial internet security system and by 2025, set up a more complete and reliable industrial internet security system.