MIIT Issues Information Security Action Plan for Industry Control Systems

On January 3rd, the Ministry of Industry and Information Technology (MIIT) issued the Industrial Control Systems Information Security Action Plan (2018-2020) calling for enhanced Industrial Control Systems (ICS) security protection capabilities among state-owned enterprises (SOEs), and outlining tasks for Industry and Information Technology Departments of all levels and SOEs to improve ICS security.
 
The action plan is among a series of policies relating to ICS: 

• The Cybersecurity Law (CSL) (Nov. 7, 2016);
• The Guiding Opinions of the State Council on Deepening the Integration of Manufacturing and the Internet (May 20, 2016);
• The Guiding Opinions of the State Council on Deepening the Internet Plus Advanced Manufacturing Model to Develop Industrial Internet (Nov. 19, 2017);
• The Administrative Measures for Industrial Control System Information Security Protection Capability Assessment Work, MIIT (Aug.11, 2017); and
• The Industrial Control System Information Security Guide, MIIT (Oct. 19, 2016).

 
The Action Plan positions ICS security as a critical and integral part to China's ambition to become a strong manufacturing power and a cyber power. The Action Plan also positions ICS as critical information infrastructure (CII) (also confirmed in a MIIT official readout of the action plan). ICS has been increasingly under the spotlight in recent cybersecurity policies. A recent report reviewing CSL implementation (see USITO policy alert sent on Jan. 4, 2018) calls out China's heavy reliance on foreign ICS and urges acceleration of domestic substitution.