工业物联网(IIoT)的快速渗透为传统制造业带来了显著的效率提升,但与此同时,工业控制系统暴露在网络空间的风险也在迅速放大。瀚思科技创新与发展协会下属CTRIT近日发布的《工业物联网安全态势报告(2023)》显示,2023年全球范围内可追溯的工业物联网安全事件较2022年增长47%,其中针对能源、制造、交通三大行业的攻击占比超过70%。
报告基于CTRIT专家网络对全球250余起代表性安全事件的样本分析,给出了一系列值得行业高度关注的发现。
第一,OT/IT融合带来的新型攻击面正在快速扩大。传统上工业控制系统(OT)与企业信息系统(IT)相对隔离,但随着智能制造与数字化转型的推进,两者之间的边界正在迅速消融。攻击者越来越多地通过IT侧的漏洞,横向移动到OT侧的工业控制网络,造成实际生产中断。报告中的多个案例表明,企业的IT安全防护即使做得很好,也无法防范这类"横向渗透"攻击。
第二,工业控制协议的固有脆弱性仍然是重要的攻击入口。许多广泛使用的工业控制协议(如Modbus、DNP3、IEC 61850等)在设计之初就没有充分考虑安全性,至今仍然普遍缺乏认证与加密机制。报告呼吁行业加快推动工业控制协议的安全升级。
第三,供应链安全成为新的重灾区。越来越多的攻击通过供应链中的第三方组件渗透到目标企业,2023年这类供应链攻击占全部样本的28%。报告建议企业建立完整的软硬件物料清单(SBOM/HBOM)管理机制,对供应链的每一个环节进行可追溯的安全审计。
报告最后提出了"零信任工业物联网"参考架构,强调"永不信任、持续验证"的安全理念应当成为下一代工业物联网安全的基础范式。这一架构包含身份认证、设备认证、行为基线、动态授权、加密通信五个核心组件,并给出了在不同行业场景下的具体部署建议。
CTRIT专家委员会建议,工业企业应当将工业物联网安全提升到与生产连续性同等的战略高度,并组建专门的OT安全团队,与传统的IT安全团队形成协同。
The rapid penetration of Industrial IoT (IIoT) has brought significant efficiency improvements to traditional manufacturing. At the same time, however, the risks of industrial control systems being exposed in cyberspace are rapidly increasing. The Industrial IoT Security Situation Report (2023), recently released by CTRIT under Hansi Association for Technology Innovation and Development, shows that traceable industrial IoT security incidents worldwide increased by 47 percent in 2023 compared with 2022, and attacks targeting the energy, manufacturing, and transportation sectors accounted for more than 70 percent.
Based on sample analysis of more than 250 representative security incidents worldwide through the CTRIT expert network, the report presents a series of findings that deserve strong industry attention.
First, new attack surfaces brought by OT/IT convergence are expanding rapidly. Traditionally, industrial control systems (OT) and enterprise information systems (IT) were relatively isolated, but as intelligent manufacturing and digital transformation advance, the boundary between them is quickly dissolving. Attackers increasingly move laterally from vulnerabilities on the IT side into industrial control networks on the OT side, causing actual production interruptions. Multiple cases in the report show that even strong enterprise IT security protection cannot prevent this type of lateral penetration attack.
Second, inherent vulnerabilities in industrial control protocols remain important attack entry points. Many widely used industrial control protocols, such as Modbus, DNP3, and IEC 61850, did not fully consider security when they were originally designed and still widely lack authentication and encryption mechanisms. The report calls on the industry to accelerate security upgrades of industrial control protocols.
Third, supply chain security has become a new high-risk area. More and more attacks penetrate target enterprises through third-party components in the supply chain, and in 2023 such supply chain attacks accounted for 28 percent of all samples. The report recommends that enterprises establish complete software and hardware bill of materials (SBOM/HBOM) management mechanisms and conduct traceable security audits for every link in the supply chain.
Finally, the report proposes a Zero-Trust Industrial IoT reference architecture, emphasizing that the security principle of never trust, always verify should become the foundational paradigm for next-generation industrial IoT security. This architecture includes five core components: identity authentication, device authentication, behavior baselines, dynamic authorization, and encrypted communications, and provides concrete deployment recommendations for different industry scenarios.
The CTRIT Expert Committee recommends that industrial enterprises elevate industrial IoT security to the same strategic level as production continuity, and form dedicated OT security teams that collaborate with traditional IT security teams.