Introduction
The trusted industrial data space is a distributed critical data infrastructure built on existing information networks for data aggregation, sharing, circulation, and application. Through systematic technical arrangements it ensures confirmation, fulfillment, and maintenance of data circulation protocols, addressing security and trust issues among data providers, users, and service providers, and enabling data-driven digital transformation.
Trusted data space
Q1. What is data security situation awareness?
Data security situation awareness collects information on operational, compliance, and anomalous states across the entire data lifecycle, then fuses and analyzes those signals to assess data security risks and to predict future trends and the likely scope and severity of impacts.
Data security situation awareness is typically handled at three levels: element perception, situation understanding, and situation prediction. Element perception senses data-related elements in storage and service environments, including data attributes and usage states. Situation understanding makes a comprehensive judgment about data usage states within a defined scope. Situation prediction evaluates future evolution trends of data security based on the situation understanding.
Q2. What are the mechanisms of data security situation awareness?
The mechanism includes lightweight, full-network coverage collection of data usage states; layered and graded dynamic aggregation; regional data security situational analysis; full-network data security situational analysis; and panoramic folded visualization of the situation, among other components.
Q3. How to precisely define data security situation awareness?
No single precise definition exists; this report provides one. Data security situation awareness is an emerging security capability. Compared with long-established cyber security situational awareness, it has several distinguishing characteristics:
- Standards for data security information collection, aggregation, analysis, and evaluation have not yet been established. Different security product vendors collect, organize, manage data, and develop algorithms based on their own approaches. This leads to varied collection formats and data-cleaning methods across different data contexts, making integration of multiple vendors' data interfaces and services difficult and labor intensive.
- Data security involves many data stages and requires sensing and collecting substantially larger volumes of data. Integrating compute resources for data analysis and coordinating their scheduling presents major challenges.
- Data security situational awareness requires understanding data semantics and is tightly coupled with business processes and information systems. Achieving the necessary security analysis requires significant investment.
- Situation awareness must control fine-grained cross-domain data ingress/egress and authorized circulation at edge nodes. It must collect usage states from data storage and processing across many vendors and device classes, and interface with multiple vendors' devices, diverse processes, and multiple data protection schemes. Challenges include vendors unwilling to cooperate, the need for on-demand development of collection programs, and difficulty standardizing collection interfaces.
Because data usage scenarios are massive, multi-sourced, and have complex transfer relationships, and because data itself is diverse, varies in sensitivity, and has complex associations, implementing data security situation awareness faces high costs and complex design challenges. Promoting its adoption and development requires addressing two main issues:
Clarify the strategic position of data security
It is necessary to recognize the importance of data security for trusted data flow. From a strategic level, explicitly acknowledge the value of data security situational awareness, plan and guide data usage and security management, and achieve consensus at the management level. Advance standardization in areas such as data semantics, data collection, and data authorization to provide resource guarantees for data security situational awareness efforts.
Standardize and control the global data usage state
The complexity and diversity of data usage present significant challenges to situation awareness. Controlling the global data usage state is a key prerequisite. Define supervisory requirements for states across storage, usage, and circulation in trusted data flow, and standardize state collection interfaces.
