As for IOT safety, 20 CSOs from major manufacturers say

Intelligent sweeping robot 、 Internet connected coffee machine 、 Cars that can be controlled remotely …… With more and more Internet of things （IoT） Devices come to consumers , The interconnection of all things is becoming a reality . While bringing convenience to consumers , IoT Security and privacy issues such as devices have also raised widespread concerns . It's not just in consumption scenarios , Industry 、 Agriculture 、 energy 、 Retail and many other fields related to the national economy and people's livelihood , The Internet of things is also an important digital tool , Accelerating to the ground . It's also important to pay attention to ,IoT Once the device is networked , Security risks will follow , The production and operation of the enterprise 、 Brand reputation will face more severe challenges .

3 month 27 Japan , Tencent security CSO The club invited the Chinese Academy of Communications 、 Southern power grid 、 Huawei 、 GAC 、 BYD 、 glory 、OPPO、VIVO More than 20 chief safety officers of leading enterprises （CSO）、 R & D directors gather in Shenzhen , Discuss together IoT The construction of the security system of the times , Looking for something that enterprises can learn from IoT Safety capability map .

Ke Haoren, director of the Institute of security, China Academy of information and communication “ tube ”、“ clothing ” From a collaborative perspective , He shared his thoughts on the digital age IoT Thinking about breaking the security situation . Ke Haoren thinks that , In the development of China's consumer Internet , The top-level design of network security lags behind the development of application . But in the process of industrial Internet development , It should be synchronized 、 Even in advance of network security planning and Design , To ensure the safe development of industrial Internet .

Specific to the construction of Internet of things security , Ke Haoren put forward six suggestions ：

One is Clear baseline . For the application of Internet of things , Different security application scenarios to put forward the basic requirements of security protection of different security levels .

Two is Find out the bottom line . The competent department should find out the list of important enterprises and the catalogue of important data protection , Application enterprises should find out the relevant protection objects and assets of their own Internet of things applications .

The third is Key breakthrough . For key industries 、 Key enterprises carry out relevant safety capability assessment and capability improvement .

Fourth, Demonstration promotion . stay C End sum B Push forward according to different requirements ,C Focus on privacy protection plan and capability demonstration ,B Focus on the demonstration of enterprise standard implementation requirements .

Five is Basic ability . There are many platform terminals in the Internet of things , Therefore, a variety of platforms should be formed 、 The basic resource library of the terminal , Including the establishment of the corresponding security vulnerability library .

Six is Mechanism to establish . Enterprises should be encouraged to establish monitoring and early warning systems 、 Information sharing 、 The whole security closed-loop working mechanism including collaborative disposal, etc , To form a management loop .

Industry veteran CSO Zhou Zhijian from the development process of information security industry , The past of security is analyzed , Now and in the future IOT Supply chain security . According to European standards IOT Risk description of safety criteria , General Zhou Zhijian IoT Supply chain security risk is summarized as physical attack 、 Intellectual property losses 、 Malicious activities and abuse 、 Legal requirements 、 Non malicious loss and information loss 5 Large area , And corresponding 9 It's a risk point .

He thinks that ,IOT Supply chain security can be achieved from participants 、 technological process 、 technology 3 A security concern ,29 Safety improvement measures , Standing on the IoT From the perspective of business logic diagram , hold IoT Business sharing IoT equipment 、IoT gateway 、IoT platform 、IoT application 、 Business operation has five modules , and IoT Possible solutions to supply chain security can be summarized as ：IoT Safety equipment + In a word, safety + Security ERP+N It's a security product .

For the security capacity building of different subjects , Zhou Zhijian suggests , For the person in charge of Party A's safety , We have done a good job in safety at this stage 1+1+N, You can take it easy IoT Supply chain security . For other security technicians , Attack penetration promotes the logic of security construction as effective as the future , We should learn more about and discover IoT Security vulnerabilities and risks in the supply chain . Security vendors can learn from IoT Equipment safety and quality rating 、IoT Equipment safety and quality automatic testing tool 、 Security in the business process ERP And data analysis platform .

Zhang Kang, a security technology expert of Tencent, shared the attack and defense practice of the Internet of things of Tencent security Cohen laboratory at the meeting . He thinks that , Fragmentation is serious 、 Lack of threat detection methods 、 Slow updates and privacy protection , It's a major risk challenge for the Internet of things .

From a technical point of view , Any scene , No matter IoT Or the Internet of things , Minimum permissions 、 System default 、 Keep up to date 、 Defense in depth , These principles of information security will never be out of date .

Zhang Kang thinks that , If the basic principles of safety are well done , The system has been in a relatively high level of security . meanwhile , Combined with some vulnerability scanning 、 Automated tools for detection are applied to the security development process , It can further improve the security capability . He introduced the embedded system security audit platform developed by Tencent security sysAuditor. As an automated testing tool ,sysAuditor The experience of penetration testing in Cohen laboratory has been accumulated , It can help enterprises realize the national goal 、 industry 、 Security baseline compliance at multiple levels of the enterprise itself , The results are as follows API Form output , Can be integrated with existing platforms .

In the group discussion session , Guests at the meeting expressed their concern about IoT Risk point 、 Association with business scenarios 、 The contradiction between security needs and resources and the future trend of Internet of things security And so on , discuss IoT The capability map of security governance and security operation .

All things connected , Safety first . At a critical stage when the Internet of things is about to accelerate penetration , There is no doubt that safety needs to be done in advance “ The foundation ”. Through Tencent security CSO The communication platform built by club Salon , Internet of things manufacturers and security manufacturers can have in-depth exchanges and care for each other , Sharing practical experience , Explore... From different perspectives IoT The feasible path of safety construction , So as to achieve “ Many travelers are far away ” The effect of .

In recent years , To solve the security pain of the Internet of things , Tencent has successively released Tencent Internet of things security technical specifications , as well as sysAuditor And other Internet of things security detection tools , Help the security of the Internet of things industry 、 The steady development of . future , Tencent security will continue to rely on CSO Clubs and other communication platforms , Keep deep interaction with industry , Build a prosperous industrial ecology of Internet of things .