Does the "Golden Eye" in "007" really exist? How is it a space weapons control center?

1. Let’s start from watching the 007 series of movies

Dadong: Xiaobai, how have you been recently?

Xiaobai: Hey, Brother Dong, I have finished catching up on the 007 series of movies during this period~

Dadong: These are very classic movies, there must be 24 of them.

Xiaobai: Yes, it took me a long time! The movie that impressed me the most was "Golden Eye". I was completely attracted by the character of James Bond!

James Bond, the hero of the 007 film series

Dadong: The movie “Golden Eyes” also left a deep impression on me. I wonder what Xiaobai gained from watching the movie?

Xiaobai: Brother Dong, to be honest, when I watched this movie I was attracted by the looks of the male and female protagonists, but I didn’t think too deeply about it.

Dadong: Hahaha, then you really watched it in vain. Don’t you have any doubts about some of the plots?

Xiaobai: Brother Dong, now that you put it that way, I really don’t understand how the “Golden Eye” destroys the space weapons control center. Can you explain the principle to me?

Dadong: Of course, I was just about to talk to you about the reason behind this!

2. Industrial Control System Security

Xiaobai: Brother Dong, please stop keeping me in suspense and tell me what’s going on!

Dadong: The "Golden Eye" in the movie is actually an offensive satellite developed by the Soviet Union to emit powerful electromagnetic waves to destroy electronic systems. It can directly destroy electronic systems.

Xiaobai: Oh, I understand. It turns out that the weapon control center is indirectly destroyed by affecting the electronic system.

Dadong: Yeah, Xiaobai, do you know what kind of security issue this kind of destruction of electronic systems belongs to?

Xiaobai: Brother Dong, I really don’t know…

Dadong: The security issues of electronic systems are actually part of the security issues of industrial control systems, and are also related to network security!

Xiaobai: After all this detour, we are back to the topic we are most familiar with.

Dadong: Yes, network security is everywhere, but you, Xiaobai, can’t simply think that industrial control information security and network information security are the same thing.

Xiaobai: Oh? Isn't it a subordinate relationship? What's the difference?

Dadong: Industrial control systems are any equipment, instruments, and related software and networks used to operate or automate industrial processes. They are usually used in manufacturing, but they are also very important for critical infrastructure such as energy, communications, and transportation. They are inextricably linked to cybersecurity, but they are not exactly the same.

Xiaobai: It sounds very high-end and classy!

Dadong: Yes, an incident related to industrial control system security also happened in Venezuela on March 7 this year. Xiaobai, did you know about it?

Xiaobai: I really don’t know…

Dadong: That night, most parts of Venezuela fell into darkness. Although power outages are already common in this country, this was one of the most serious power outages Venezuela has experienced so far.

Xiaobai: A nationwide power outage? I've never seen that before.

Dadong: Yes, and just after Venezuela tried its best to restore about 70% of the country's electricity, on March 9, Venezuela fell into darkness again, and the water supply was also cut off, and the whole country was paralyzed!

Xiaobai: It sounds scary.

Satellite image comparison of Venezuela before (left) and after (right) the blackout.

Dadong: Yes, Xiaobai, think about it, "Golden Eyes" was filmed in 1995. At that time, the problem of industrial control security was already clearly shown in the film co-produced by Britain and the United States. Now it is 2019, and Venezuela is still worried about the problem of industrial control security. This is very telling!

Xiaobai: This is the strength of the cyber security of European and American powers.

Dadong: This boy is teachable.

3. Thoughts triggered by "Industrial Control System Security"

Xiaobai: Brother Dong, I am still a little scared after hearing what you said about Venezuela. It is extremely important for us to ensure the security of the industrial control system!

Dadong: Indeed, Xiaobai, you are right. With the trend of IoT and the practical application of industrial control security, security practitioners must remain sensitive! If a network attack occurs and succeeds, the consequences will be disastrous.

Xiaobai: For example, cyber criminals hack into computer systems and cut off a city’s power or water supply?

Dadong: Yes, and not only cybercrime gangs target ICS, but nation-state hackers also often use ICS as an entry point to attack critical infrastructure in hostile countries.

Xiaobai: Does ICS mean industrial control system?

Dadong: Well, Xiaobai, can you figure out how we can ensure the security of industrial control systems?

Xiaobai: (pretending not to hear).

Dadong: In October 2016, my country's Ministry of Industry and Information Technology issued the "Guidelines for Information Security Protection of Industrial Control Systems" to guide industrial enterprises in carrying out industrial control security protection work.

Xiaobai: What specific contents are there?

Dadong: The guidelines point out that we must uphold the principal responsibilities of enterprises and the regulatory and service responsibilities of the government, focus on security priorities such as system protection and safety management, and put forward 11 protection requirements. For the specific content, Xiaobai can learn about it by himself after class, just treat it as homework!

Xiaobai: Yes, sir.

Dadong: In fact, to put it simply, we can divide industrial control security protection into three steps: 1) Protect the network; 2) Protect the terminal; 3) Protect the controller. Protecting the network mainly means that industrial companies should ensure that their networks are well designed and have comprehensive protection boundaries. Protecting the terminal means that the operational technology (OT) team must prevent employees from connecting their own devices to the company network. Protecting the controller means implementing security protection measures for vulnerable controllers by strengthening detection capabilities and visibility of ICS modifications and threats.

Xiaobai: I understand, brother Dong~