China: Adopted Ministry of Industry and Information Technology on Issuing Guidelines for Network Security Protection of Industrial Control Systems

On 19 January 2024, the Ministry of Industry and Information Technology issued the "Industrial Control System Network Security Protection Guide," outlining comprehensive measures for enhancing network security in industrial control systems. Applicable to enterprises operating such systems, the guidelines cover safety management, technical protection, safe operation, and responsibility implementation. Safety management emphasises asset and configuration management, supply chain security, and regular education on relevant laws. Technical protection focuses on host and terminal security, architecture and boundary security, cloud security, application security, and system data security. The safe operation involves monitoring, operation centres, emergency response, safety assessment, and vulnerability management. Lastly, the guidelines stress the implementation of responsibilities by industrial enterprises, requiring them to establish safety management systems, clarify responsible individuals and departments, and ensure resource protection in tandem with the planning, construction, and usage of industrial control systems. The document encourages regular assessments, drills, and upgrades to maintain robust security measures.