Cybersecurity Made in China

Increasingly, cybercriminals in China are focusing on industrial facilities. The Industrial Security Lab operated by Siemens in Beijing and the Siemens China Cyber Defense Center in Suzhou help customers protect themselves against hacker attacks.


by Bernd Müller

The online retail sector in China is booming. Shopping portals such as Alibaba, which is the world’s biggest online marketplace, generate vast revenues via payment systems such as Alipay. The problem is that criminals are never far away from where money is being made. Alibaba, Taobao, and other shopping services are frequently targeted by hackers who use phishing mails to try to access customer data, for example. One out of every five Internet users in China has been victimized by hackers.


Cybercrime is a growing threat to China’s economy, and the government in Beijing has now taken notice. President Xi Jinping has made IT security a top priority. The first measure that’s been taken involves placing strict regulations on the use of foreign IT products in sectors critical to China’s security, such as banking. The goal here is to close off potential points of entry for hackers and foreign intelligence services and strengthen the domestic cyber industry. As a result of these measures, China’s IT security market is expected to expand rapidly, according to U.S. market research company Technavio – from $2.11 billion in 2014 to $3.62 billion in 2019, with double-digit growth each year.

Outdated Process Control Technology

Hacker attacks against industrial facilities, such as chemical plants and power stations, aren’t the subject of much public attention in China, but they nevertheless pose a major threat. Chinese companies often link systems based on outdated technologies to office PCs or remote maintenance centers via the Internet, despite the fact that they were never designed for such a scenario. In other words, without protective measures, malware that infects an office computer can, for example, easily penetrate into machine control systems that are networked via industrial Ethernet and Internet protocol.


The results of a survey of more than one hundred industrial companies conducted by Siemens in 2014 demonstrate the extent of the threat cybercrime poses to manufacturing companies in China. More than 80 percent of the companies reported having experienced a malware infection or some other type of attack. Some companies even reported that they had had to temporarily suspend production and had lost money as a result. Such incidents aren’t just a problem related to outdated technology; they’re also the result of a lack of awareness, according to Professor Wen Tang, Principal Key Expert and Head of the Industrial Security Lab operated by Siemens Corporate Technology (CT) in Beijing. He reports that a manager of a large Chinese refinery actually told him that his company didn’t need to implement any cybersecurity measures because they are lucky for never been attacked even without any security protection.

Cybersecurity cannot offer one-hundred percent immunity against attacks. But it can make things so difficult for hackers that they might, in the best case, lose interest.

Illusion of Security

Things aren’t always better at companies that have in fact implemented initial security measures. Many of them simply purchase firewall and antivirus software and think they’re protected forever. Tang refers to this as “the illusion of security,” pointing out that “Cybersecurity is not something you attain in one fell swoop; it’s a continual process involving awareness, management, solutions and products. And the first step should be visibility on the operating industrial control system, and actually see what’s going on there everyday.” Although those who continually pay attention to Cybersecurity cannot expect one hundred percent immunity against attacks, they can make things so difficult for hackers that the latter might, in the best case, lose interest. 

Learning from Threats

As early as 2005, a CT internal lab led by Prof. Tang initiated a groundbreaking research program in industrial security. The work performed at the Industrial Security Lab changed. Whereas the focus in the past had been on research, the team now began more frequently visiting customers who used controllers from Siemens, or even from competitors. During these visits Siemens experts provided risk assessment services to identify security risks and offered solutions for closing them. Since 2014, the lab has also been assisting customers and government agencies – steps that have strengthened trust in Siemens as a local partner.

The lab itself has set up several demonstration installations, including a typical factory automation testbed infrastructure. Every once in a while, Tang will intentionally use the Lab’s Styx (Security Testing Systems for Protocol X) tool to launch a network attack in order to demonstrate to visitors how easy it is for hackers to shut down a controller if a company tries to cut corners on industrial security. The team also holds training sessions to teach customers how to improve their security posture with analytic solution (OT Security Appliance) from Siemens.

Siemens' Industrial Security Lab demonstrates to visitors how easy it is for hackers to shut down a controller if a company tries to cut corners on Cybersecurity.

The lab is currently working on several projects. For example, Styx, which was developed in the lab, feeds a test system with millions of packets loaded with random data deliberately generated by security experts. This technique, which is known as fuzz testing, is designed to check if the system will be slowed down or even caused to crash. Styx offers a benefit in that it doesn’t need to have any knowledge of the system it tests, and it can find previously unknown errors that can then be quickly eliminated to improve the security quality of Siemens products. It doesn’t matter whether the control system under test is for a bottling facility or a power plant – this type of “black-box testing” works anywhere, and Styx has already been used to conduct ten million tests in 30 different industrial protocols.


Styx is used to test automation systems before they’re delivered to customers, as well as any existing system suspected of having a security risk. OSA (OT Security Appliance), on the other hand, is designed and developed by Siemens CT China for providing on-site security monitoring in the customer factory during ongoing industrial operations. Based on Network Traffic Analysis (NTA), DPI (Deep Packet Inspection) based asset detection and anomaly detection, security log collection and correlation and cutting edge security analytics, OSA can provide comprehensive asset and security monitoring on industrial automation networks and applications.

Developed in China, Applied around the World

Styx and OSA were developed at Corporate Technology in Beijing. Why there and not some place else? “Because we’re close to our end customers, understand their problems by closely working with them, and can therefore develop the security tools and software they need,” Wen Tang explains.


Bernd Müller


To maximize security as Siemens and its customers implement increasingly sophisticated digital systems. The company has released what it calls a Cyber Security Operation Center (CSOC) service as part of its Cyber Defense Center (CDC) in Suzhou, China.


Siemens China CDC offers security monitoring services for its customers’  production facilities as well as Siemens’ infrastructures, including industrial control systems. These services, which cover a range of  cyber threats, warn owners in the event of security incidents and coordinate proactive countermeasures. Additionally, Siemens China CDC offers security assessments and consulting, incident handling and other managed security services. Thanks to its new CSOC services, Siemens is able to support companies in the manufacturing and processing industries to address daily emergencies and security threats at an early stage and prevent damage to the availability of their connected assets.


Siemens China CDC was granted ISO 27001 certification by TÜV SÜD Certification and Testing (China) Co., Ltd. Beijing Branch. Furthermore, it received National Grade Protection Level 3 certification.

As the first global company to receive the highest-level certification for industrial cybersecurity, Siemens can effectively safeguard local industries as they implement advanced digital systems.

Subscribe to our Newsletter

Stay up to date at all times: everything you need to know about electrification, automation, and digitalization.