On December 22, the First Zhejiang Lab Cup Global Challenge on Endogenous Security Defense for Industrial Networks was successfully concluded. In an online battle lasting fifty-four hours, forty teams of white hat hackers from US, Germany, Russia, Japan, South Korea, and China launched 950,000 intense attacks against a mimic Industrial Internet facility developed by Zhejiang Lab. None of them succeeded, which once again verified the universality and effectiveness of endogenous security theories and methods in industrial control networks. Sponsored by the Chinese Academy of Engineering and the Zhejiang Provincial Government, the Challenge was co-organized by Zhejiang Lab, the China Academy of Information and Communications Technology, the Zhejiang Provincial Department of Economy and Information Technology, the Zhejiang Provincial Department of Science and Technology, the Zhejiang Cyberspace Administration, the Zhejiang Communications Administration, and the China Cyberspace Endogenous Safety and Security Technology and Industry Alliance. Three traditional industrial control systems (ICS) with the highest market shares were selected for this competition, so that the teams could compare them with Zhejiang Lab's mimic ICS through public testing, and therefore experience the brilliance of China's unique theories and technologies that enable the integration of functional security and network security.

As a new application ecosystem formed by the all-round and in-depth integration of industrial system and network information technologies, the Industrial Internet is an important area for China's new information infrastructure projects. Through an open and globalized industrial network platform, the Industrial Internet closely connects and integrates equipment, production lines, factories, suppliers, products, and users, thereby efficiently sharing various elemental resources, enhancing industrial chain collaboration, and promoting the transformation and development of the manufacturing industry. However, as there has been a huge variety of information systems and control devices, and the globalized industrial chain has made relevant hardware and software devices or components inevitably vulnerable to problems such as loopholes and backdoors, traditional industrial control networks and devices are basically exposed to hackers with ulterior motives. This is a security challenge that has to be addressed in the development of the Industrial Internet.

One of the highlights of the competition was the focus on a scenario that integrates mimic defense and the Industrial Internet. Zhejiang Lab built a miniature device with reference to a 1000MW supercritical coal-fired power plant, and reconstructed the key control system using mimic defense technology based on the endogenous security theory in cyberspace, which effectively enhanced the system's capacity in maintaining functional security and network security. Relevant devices and systems in this miniature facility were therefore the targets of the contestants.

It is worth noting that for the first time in the field of Industrial Internet security, the competition included a man-machine confrontation race, based on a white-box test. It invited top white hat hackers in China and abroad for the confrontation, during which, a black-box test was performed in parallel with a white-box test, and external penetration and internal injection were allowed at the same time. In the white-box test, the organizer gave up part of the control over the target system to provide contestants with the convenience of setting up backdoors or injecting attack codes such as viruses and Trojan horses, so as to test whether the mimic industrial control facility can withstand internal and external attacks simultaneously. This is a pioneering approach for a worldwide Industrial Internet security defense competition.

During the competition, three mainstream commercial ICS were successfully penetrated by several Chinese and overseas teams, indicating that current industrial networks have serious security issues. On the other hand, the mimic ICS can still identify all attacks, even during the white-box test, and achieve effective defense, showing that compared with traditional industrial control facilities, the mimic facility has unparalleled advantages in terms of system security.

The mimic Industrial Internet facility, which was used as the target for public testing during the competition, is a successful application of China's endogenous security theories and methods in the field of Industrial Internet. Its "Inaccuracy Effect" can create a "mimic defense mist" and therefore fundamentally defeat classical attack theories and methods such as digging loopholes, setting backdoors, planting viruses, and hiding Trojan horses. It can effectively suppress and control identified or uncertain risks and known or unknown security threats, and make security effective, reliable, and trustworthy in the front line of industrial production. In addition, it offers innovative technical approaches such as quantifiable design and testable measurement to create safe production networks and cloud platforms for industrial users.

After three days of non-stop confrontation, all teams saw their final results and rankings at 4:00 pm local time on December 22.

The winners of the first prize were Venom, iTest, and EversecLab. The second prize was won by seven teams including the Beacon Lab and Shenhua. The third prize went to ten teams including SOMD5 and MoreSec. iTest, Venom, and the Be Fun Cyber Security Lab won the Mimicry Peak Award.

Invitation to Zhejiang Lab's Public Testing Platform

Developed and established by Zhejiang Lab, the Industrial Internet Endogenous Security Testbed (IEST) provides the world's first attack-defense confrontation and test verification environment integrating an Industrial Internet endogenous security system and real-time simulation platform of industrial information-physical system security. It truly replicates security defense, attack-defense confrontation, and application scenarios of industrial networks.

The testbed consists of two major systems and one assessment environment. Among them, the centralized control system performs customized dynamic construction and resource management of Industrial Internet security attack and defense scenarios, as well as a security situational awareness subsystem and Industrial Internet attack and defense confrontation support platform. The information-physical simulation support system for Industrial Internet endogenous security builds real-time, highly realistic, and high-precision power system scenarios, as well as deploying "cloud-network-terminal" facilities for industrial endogenous security. It also builds an intelligent assembly line that integrates endogenous security mimetic defense devices and time-sensitive network (TSN) devices. The test, validation and evaluation environment of the endogenous security facilities of the Industrial Internet enables white-box testing for endogenous devices and tests based on the ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) attack chain.

The testbed will be open to worldwide researchers and developers as a public testing platform for Industrial Internet endogenous security technology and devices, thereby measuring the safety of Industrial Internet systems, and creating a new high-level research hub for tech innovation in Industrial Internet security.