《工業(yè)互聯(lián)網(wǎng)導(dǎo)論》AnIntroductiontoIndustrialInternetLecturer：ZhouHaifei知識(shí)圖譜第九章信息安全技術(shù)OutlineChapter9InformationSecurityTechnology面臨威脅第十章工業(yè)互聯(lián)網(wǎng)安全工業(yè)互聯(lián)網(wǎng)實(shí)現(xiàn)了“人-機(jī)-物”全面互聯(lián)，同時(shí)面臨傳統(tǒng)互聯(lián)網(wǎng)的外部威脅，也面臨工業(yè)生產(chǎn)、管理等內(nèi)部的安全威脅。ThreatsChapter10IndustrialInternetSecurityTheIndustrialInternethasrealizedthecomprehensiveinterconnectionof“man-machine-things”.ButitfacesbothexternalthreatsfromthetraditionalInternetandinternalsecuritythreatssuchasindustrialproductionandmanagement.各國(guó)措施第十章工業(yè)互聯(lián)網(wǎng)安全美國(guó)工業(yè)互聯(lián)網(wǎng)聯(lián)盟，2016年9月，發(fā)布《工業(yè)互聯(lián)網(wǎng)安全框架1.0版本》，明確安全框架包括防護(hù)對(duì)象、防護(hù)管理和防護(hù)措施三個(gè)層面。MeasuresinvariouscountriesChapter10IndustrialInternetSecurityInSeptember2016,theIndustrialInternetConsortiumreleasedIndustrialInternetSecurityFrameworkVersion1.0,clarifyingthatthesecurityframeworkincludesthreelevels:protectionobjects,protectionmanagement,andprotectionmeasures.各國(guó)措施第十章工業(yè)互聯(lián)網(wǎng)安全德國(guó)工業(yè)4.0則注重安全實(shí)施，提出網(wǎng)絡(luò)安全必須具體到產(chǎn)品層面，才能實(shí)現(xiàn)這種安全；日本信息安全保護(hù)實(shí)施的更加具體和細(xì)致。MeasuresinvariouscountriesChapter9IndustrialInternetSecurityGermanIndustry4.0focusedonsecurityimplementationandproposedthatnetworksecuritymustbespecifictotheproductleveltoachievesecurity;TheimplementationofinformationsecurityprotectioninJapanismorespecificanddetailed.各國(guó)措施第十章工業(yè)互聯(lián)網(wǎng)安全2018年12月，我國(guó)工業(yè)互聯(lián)網(wǎng)產(chǎn)業(yè)聯(lián)盟發(fā)布《工業(yè)互聯(lián)網(wǎng)安全框架》；2019年7月，工信部等十部門印發(fā)《加強(qiáng)工業(yè)互聯(lián)網(wǎng)安全工作的指導(dǎo)意見(jiàn)》，明確提出，到2020年年底，初步建立工業(yè)互聯(lián)網(wǎng)安全保障體系。MeasuresinvariouscountriesChapter9IndustrialInternetSecurityInDecember2018,IndustrialInternetIndustryAllianceinChinareleasedIndustrialInternetSecurityFramework;InJuly2019,theMinistryofIndustryandInformationTechnologyandotherninedepartmentsissuedGuidanceonStrengtheningIndustrialInternetSecurityWork,whichclearlystatedthatbytheendof2020,apreliminaryindustrialInternetsecurityguaranteesystemwillbeestablished.安全“鎧甲”第十章工業(yè)互聯(lián)網(wǎng)安全安全體系是工業(yè)互聯(lián)網(wǎng)的“鎧甲”。Security“Armor”Chapter10IndustrialInternetSecurityThesecuritysystemisthe“armor”oftheIndustrialInternet.設(shè)備安全10.1設(shè)備安全設(shè)備安全，指工業(yè)互聯(lián)網(wǎng)智能設(shè)備和智能產(chǎn)品的安全，包括：芯片、嵌入式操作系統(tǒng)安全、相關(guān)應(yīng)用軟件安全以及功能安全等。Equipmentsecurity10.1EquipmentsecurityEquipmentsecurityreferstothesecurityofindustrialInternetsmartdevicesandsmartproducts,whichincludes:chip,embeddedoperatingsystemsecurity,relatedapplicationsoftwaresecurityandfunctionalsecurity,etc.智能設(shè)備10.1設(shè)備安全海量智能設(shè)備是連接現(xiàn)實(shí)世界和數(shù)字世界的關(guān)鍵節(jié)點(diǎn)，承擔(dān)著感知數(shù)據(jù)精準(zhǔn)采集、協(xié)議轉(zhuǎn)換、邊緣計(jì)算、控制命令有效執(zhí)行等重要任務(wù)，其自身的安全性將對(duì)整個(gè)工業(yè)互聯(lián)網(wǎng)生態(tài)形成巨大的影響。smartdevices10.1EquipmentsecurityMassivesmartdevicesarethekeynodeconnectingtherealworldandthedigitalworld.Theyundertakeimportanttaskssuchasaccuratecollectionofperceptiondata,protocolconversion,edgecomputing,andeffectiveexecutionofcontrolcommands.TheirownsecuritywillhaveahugeimpactontheentireindustrialInternetecosystem.存在問(wèn)題10.1設(shè)備安全智能設(shè)備行業(yè)應(yīng)用正處于爆發(fā)性發(fā)展階段，智能設(shè)備制造廠商往往只注重產(chǎn)品的可用性和易用性，安全性往往考慮不周，導(dǎo)致智能設(shè)備自身存在眾多安全缺陷。Problems10.1EquipmentsecurityDuetotherapiddevelopmentofsmartdeviceindustryapplications,manufacturersoftenonlyfocusontheavailabilityoftheproduct,andoftenfailtoconsideritssecurity,leadingtomanysecurityflawsinthesmartdevices.兩大隱患10.1設(shè)備安全設(shè)備安全主要存在兩大隱患：智能設(shè)備自身安全防護(hù)手段薄弱、智能設(shè)備成為向平臺(tái)或網(wǎng)絡(luò)發(fā)起攻擊的跳板。Twomajorhiddendangers10.1EquipmentsecurityTherearetwomajorhiddendangersindevicesecurity:smartdeviceshaveweaksecurityprotectionmethods,andsmartdeviceshavebecomeaspringboardforattacksonplatformsornetworks.安全防護(hù)薄弱原因10.1設(shè)備安全reasonsforweaksecurityprotection10.1Equipmentsecurity成為“跳板”原因10.1設(shè)備安全Reasonsforbecominga“springboard”10.1Equipmentsecurity各國(guó)重視10.1設(shè)備安全美國(guó)出臺(tái)系列戰(zhàn)略文件，加強(qiáng)對(duì)物聯(lián)網(wǎng)硬件安全的資金投入；德國(guó)為代表的歐盟依托“工業(yè)4.0”，積極推進(jìn)智能設(shè)備的健康、安全發(fā)展；日本、韓國(guó)等國(guó)家也逐漸開始重視智能設(shè)備安全問(wèn)題，加大在智能設(shè)備領(lǐng)域的投入。Measuresofvariouscountries10.1EquipmentsecurityTheUnitedStatesissuedaseriesofstrategicdocumentstostrengthencapitalinvestmentinIoThardwaresecurity;Relyingon“Industry4.0”,theEuropeanUnion,representedbyGermany,activelypromotedthehealthyandsafedevelopmentofsmartdevices;CountriessuchasJapanandSouthKoreahavegraduallybeguntopayattentiontothesafetyofsmartdevicesandincreasetheirinvestmentinthefieldofsmartdevices.我國(guó)策略10.1設(shè)備安全我國(guó)亦應(yīng)增強(qiáng)自主創(chuàng)新能力，在關(guān)鍵核心部件等產(chǎn)業(yè)鏈上取得重大突破，占據(jù)主動(dòng)獲得關(guān)鍵安全；研究工業(yè)互聯(lián)網(wǎng)智能設(shè)備安全防護(hù)方案，實(shí)現(xiàn)自主可控，填補(bǔ)行業(yè)空白。MeasuresinChina10.1EquipmentsecurityChinashouldalsoenhanceitscapacityforindependentinnovation,makemajorbreakthroughsintheindustrychainsuchaskeycorecomponents,andtaketheinitiativetoobtainkeysecurity;weshouldstudythesecurityprotectionschemesofindustrialInternetsmartdevicestoachieveindependentcontrolandfillgapsintheindustry.防范舉措10.1設(shè)備安全設(shè)備安全防范舉措:1）提高信息安全意識(shí)，強(qiáng)化身份鑒別與訪問(wèn)控制;2）關(guān)閉不必要的端口或服務(wù)，及時(shí)更新與升級(jí);3）增強(qiáng)固件安全，及時(shí)修復(fù)安全漏洞;4）建立防火墻規(guī)則，防止被惡意利用;5）完善設(shè)備安全策略，提高防御能力。Precautions10.1Equipmentsecurity1)Improveinformationsecurityawareness,andstrengthenidentityauthenticationandaccesscontrol;2)Close