China CERT report highlights rise in cyberthreats associated with IoT devices and networked industrial systems
A report released by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) on April 19, summarising the Internet Security situation in 2016, highlighted security risks associated with Internet-of-things (IoT) devices and networked industrial systems.
The CNCERT report says that as the country’s industries adopt and integrate digital technologies into their systems, with progress in the Make in China 20205 initiative, it will create vulnerabilities and bring new cyberthreats.
1036 loopholes were found by China National Vulnerability Database (CNVD) in China’s industrial control systems as of 2016, with 173 of them discovered during 2016, an increase of 38.4% compared to the previous year.
In addition, the report revealed 1,117 loopholes in smart gadgets such as drones, web-cameras and internet-connected smart home appliances in 2016. The IoT device network continues to grow at a rapid pace and issues such as the use of weak passwords or built-in default passwords leave the devices open to malicious attacks. The number of attacks is expected to increase going forward.
Yan Hanbing, director of CNCERT’s operation department said, “Smart devices are small, therefore there is not much protective software in them. When the security problems are found, it will be very difficult to solve them through upgrades.”
During 2016, 10822 general hardware and software vulnerabilities were detected, an increase of 33.9% over 2015. The number of dangerous loopholes was high at 4146 (38.3%), an increase of 29.8% over 2015. Zero day vulnerabilities (gaps in software unknown to the vendor and which can be exploited by hackers before the vendor becomes aware and fixes it) increased by 82.5% over 2015.
China’s first Cybersecurity Law, which takes effect in June, is expected to clarify the responsibilities of governments, enterprises and individuals in cyberspace and detail measures on how to deal with cyber emergencies.
Liu Bo, an official at the Cyberspace Administration of China, said that the law and cybersecurity regulations will help prevent online attacks and efforts are ongoing to develop a supervision mechanism on internet goods and services.
China's 13th 5-year plan states that cybersecurity will be developed in tandem with information technology, systems safeguarding national cybersecurity and network governance will be improved protection of important information systems and data resources strengthened, ain order to ensure national information security.
Read the press release here.
The full report in Chinese is available here.