The “Guiding Opinions on Strengthening Industrial Internet Security” (the “Guiding Opinions”) has been released on July 26, 2019
As the product of industrial AI, the industrial internet uses the internet to connect people, machines and objects. The industrial internet has developed rapidly in recent years. In the operation of the industrial internet, a large amount of data would be collected, analyzed, transmitted, and archived. Those data may involve personal privacy, corporate trade secrets, and even state secrets. In order to strengthen the data protection, the state has successively released the “Cyber Security Law”, the “Industrial Control Network Security Risk Assessment Specification”, and national standards.
In order to further strengthen the administration on the industrial internet security, MIIT and other 9 departments jointly issued the “Guiding Opinions” on July 26, 2019. From the perspective of enterprises, the following items deserve attention.
1. To implement the responsibility of enterprises’ subjects in accordance with the law
The operation of the industrial internet is hidden and invisible, such as the collection of data, the authorization by machine and so on. The “Guiding Opinions” clearly stipulates the responsibility of enterprises’ subjects, which means enterprises should establish the responsible department and person for the industrial internet security; the risk assessment systems for key equipment, systems and platforms need to be set up within enterprises before and after the connection to the internet; and enterprises should establish security incident reporting systems, audit systems and accountability mechanisms.
For the safety production accidents caused by the cyber security incidents, the punishment is absent, so the “Guiding Opinions” has stipulated that the laws and regulations related to the punishment for safety production could be applied.
2. To strengthen the security protection ability
The “Guiding Opinions” points out, the state will gradually clarify the requirements for the security protection related to data collection, storage, processing, transfer, deletion and other parts of the industrial chain; the state will guide enterprises to improve the security protection methods on anti-theft, anti-distort and back up of data related to R&D, industrial manufacture, maintenance management, platform knowledge mechanism, digital model and etc.; and the state also encourage enterprises to apply commercial passwords in the protection of industrial internet data. In addition, the state will establish the classification management system on the industrial internet data based on the industrial categories, data types, data’s value and etc.; the state will implement the security assessment and monitoring on major data which might be sent aboard; and the state will improve the trigger response mechanism on the leak of major industrial internet data.
The “Guiding Opinions” has pointed out a direction for the subsequent laws, regulations and national standards. The industrial network enterprises shall pay attention to the legislative trends.