In order to implement the network security law of the people's Republic of China and the guiding opinions of the State Council on deepening the integrated development of manufacturing industry and Internet (GF [2016] No. 28), guide the emergency management of information security incidents of industrial control system, and ensure the information security of industrial control system, the Ministry of industry and information technology issued the information security of industrial control system on May 31 Guidelines for emergency management. The full text of the guide is as follows:

Guide for emergency management of information security incidents in industrial control system

Chapter I General principles

Article 1 In order to strengthen the management of information security (hereinafter referred to as industrial control security) emergency work of industrial control system, establish and improve the mechanism of industrial control security emergency work, improve the ability of organization, coordination and emergency response to industrial control security events, prevent and reduce the losses and hazards caused by industrial control security events, ensure the normal operation of industrial production, maintain the national economic security and the safety of people's lives and properties, These guidelines are formulated in accordance with the emergency response law of the people's Republic of China, the network security law of the people's Republic of China and the guidance of the State Council on deepening the integrated development of manufacturing industry and the Internet.

Article 2 these guidelines are applicable to the emergency management of industrial control safety carried out by the competent departments of industry and information technology and industrial enterprises.

Article 3 industrial control safety events refer to those events that cause or may cause serious harm to the data of industrial control system and industrial control system and affect normal industrial production due to human, software and hardware defects or faults, natural disasters and other reasons.

Article 4 adhere to the guidance of the government, the main body of the enterprise, the principle of prevention, the combination of peacetime and wartime, the principle of rapid response and scientific disposal, give full play to all forces, and work together to prevent and dispose of industrial control safety incidents.

Chapter II organizational structure and responsibilities

Article 5 the Ministry of industry and information technology shall guide the local competent departments of industry and information technology, emergency technical institutions and industrial enterprises to do a good job in the emergency management of industrial control safety.

Article 6 the local competent departments of industry and information technology shall be responsible for guiding the emergency management of industrial control safety in their own areas.

Article 7 the industrial control safety emergency technical organization shall be responsible for the specific work of industrial control safety risk monitoring, situation study and judgment, threat early warning, event handling, etc.

Article 8 an industrial enterprise shall be responsible for the main body of industrial control safety, establish and improve the responsibility system of industrial control safety, be responsible for the emergency management of industrial control safety of its own unit, and implement the guarantee of people and property.

Chapter III working mechanism

Article 9 the Ministry of industry and information technology shall guide the local competent departments of industry and information technology, emergency technical institutions, industrial enterprises, etc. to establish the mechanism of industrial control safety liaison, appoint the contact person of industrial control safety emergency work, and report to the Ministry of industry and information technology for filing, and report to the Ministry of industry and information technology when the contact person and contact method change. The Ministry of industry and information technology shall organize a liaison meeting according to the work needs.

Article 10 the local competent industrial and information technology departments shall guide the local emergency technical institutions and industrial enterprises to establish the emergency duty mechanism for industrial control safety, implement the work system of leadership and special personnel on duty, and do a good job in the daily monitoring and reporting of industrial control safety risks, threats and event information. Under the emergency response state, "7 × 24" hours on duty shall be implemented to strengthen information monitoring, collection and research, and make information tracking report.

Chapter IV monitoring notification

Article 11 the Ministry of industry and information technology shall guide the technical institutions such as the national industrial information security development research center, organize and carry out the work of national industrial control security risk monitoring and early warning notification, and improve the ability of information collection, situation analysis, risk assessment and information sharing.

Local competent industrial and information departments shall organize and carry out safety risk monitoring of industrial control in the region. Industrial enterprises shall organize and carry out the monitoring of industrial control safety risks of their own units.

Article 12 The local competent industrial and information departments and industrial enterprises shall regularly report the important monitoring information to the national industrial information security development research center, which shall be responsible for summarizing, sorting out and studying the results, and report the results to the Ministry of industry and information technology; for the safety risk and event information that may exceed the response capacity of the region, report it in time, and if necessary, industry Coordinate with the Ministry of information technology to provide support.

Article 13 the Ministry of industry and information technology shall, in a timely manner, issue information circulars to relevant industries, regions and industrial enterprises on major loopholes and risks that may affect China's industrial control system.

Chapter V emergency management in sensitive period

Article 14 in sensitive periods such as important national activities and conferences, the Ministry of industry and information technology shall guide local competent departments of industry and information technology, emergency technical institutions and industrial enterprises in the prevention and emergency management of industrial control safety incidents.

Article 15 the local competent departments of industry and information technology and industrial enterprises shall strengthen the safety monitoring and risk assessment of industrial control, timely report the risk and event information that may cause significant impact, and implement a 24-hour zero report system if necessary. Key units and important parts shall be on duty 24 hours to keep smooth communication. Relevant industrial enterprises shall strengthen the patrol inspection of industrial control system, and in principle, they shall not adjust or upgrade the industrial control system in sensitive period.

Chapter VI emergency response

Article 16 for the possible or already occurred industrial control safety events, the industrial enterprise shall immediately carry out emergency disposal, adopt scientific and effective methods to rescue in time, strive to minimize the loss and restore the normal operation of the damaged industrial control system as soon as possible. When the emergency response power of the industrial enterprise is insufficient, it can request the superior competent department to coordinate the emergency technical organization to provide support.

Article 17 the relevant local competent departments of industry and information technology and industrial enterprises shall report to the Ministry of industry and information technology in a timely manner the development and change of the situation and the progress of the event handling. The report information generally includes the following elements: name of industrial control system involved in the incident and operation management unit, time, place, cause, source, type, nature, hazard, impact scope, development trend, disposal measures, etc.

Article 18 the Ministry of industry and information technology shall guide and urge the enterprises involved to carry out emergency response work, send working groups to the scene to command and coordinate emergency response work when necessary, and coordinate emergency technical institutions to provide technical support.

Article 19 after the completion of emergency response and system restoration, relevant industrial enterprises shall eliminate the adverse effects caused by the incident as soon as possible, do a good job in incident analysis and summary, and the summary report shall be submitted to the Ministry of industry and information technology in written form within 30 days.

Article 20 for the nature, cause, scope and loss of industrial control safety events, the competent departments of industry and information technology and relevant personnel shall do a good job in publicity and guidance of public opinions.

Chapter VII safeguard measures

Article 21 the Ministry of industry and information technology, local competent departments of industry and information technology and industrial enterprises shall formulate emergency plans for industrial control safety incidents at the same level and organize emergency drills regularly.

Article 22 the Ministry of industry and information technology shall establish a national industrial control safety emergency expert group to provide technical consultation and decision support for industrial control safety emergency management. The local industry and information technology departments shall establish the emergency expert group for industrial control safety in their own areas, and give full play to the role of experts in emergency management.

Article 23 strengthen the reserve of emergency equipment and tools for industrial control safety events, timely adjust and upgrade the software and hardware tools, build and improve the emergency technical service platform for industrial control safety events, and constantly enhance the emergency technical support capacity.

Article 24 all relevant departments shall actively use the existing policies and capital channels to apply for new budgets, support the construction of industrial control safety emergency technical institutions, expert team, infrastructure platform, technology research and development, emergency drill, material guarantee, etc., and provide necessary financial support for the work of industrial control safety emergency management.

Article 25 these Guidelines shall come into force as of July 1, 2017.