Liu Duo, Dean of China Information and Communication Research Institute.
In today’s world, network information technology is changing with each passing day, and it is fully integrated into political, economic, cultural, social, ecological, national defense and other fields. The network security situation is complex and severe, and the security risks and threats are increasingly prominent. Recently, the National Network Information Office issued the National Cyberspace Security Strategy, which aroused widespread concern from all walks of life. The Strategy implements the "Four Principles" of the Supreme Leader General Secretary on promoting the reform of the global Internet governance system and the "Five Propositions" on building a community of cyberspace destiny, and clarifies China’s major position on the development and security of cyberspace, which is the overall guide and fundamental follow-up of China’s cyberspace security work under the new situation. The Strategy points out that the protection of critical information infrastructure is a basic requirement and an important task for maintaining the national cyberspace security, and it is necessary to pay equal attention to technology and management, and to protect and deter at the same time, and effectively strengthen the security protection of critical information infrastructure.
First, strengthening the protection of key information infrastructure is of great significance.
National key information infrastructure refers to information facilities related to national security, national economy, people’s livelihood and public interests, including basic information networks such as public communication, radio and television transmission, important information systems in energy, finance, transportation, education, scientific research, water conservancy, industry, medical and health care, social security, public utilities and other fields, as well as important Internet application systems. Key information infrastructure is the artery of economic and social operation, and strengthening security protection is the top priority of network security work.
The information network is developing in the direction of high speed, mobility, security and ubiquity, and its position and role in economic and social development are increasingly prominent. In recent years, China’s network infrastructure capacity has been significantly improved, and the popularization of a new generation of high-speed networks has been accelerated. The transmission rate of optical fiber networks has reached 400Gb per second, and that of 4G wireless networks has reached more than 100Mb per second, covering all cities and major towns. Research on 5G and ultra-wideband technologies has been further advanced; Cloud data centers and big data industries are booming; The Internet of Things is widely used, and more and more devices and terminals are connected to the information network. The network information technology is deeply integrated with power grid, highway network and railway network, and the intelligent comprehensive information infrastructure with internet of everything, ubiquitous perception and integration of air and space is accelerated, which greatly improves the networking, digitalization and intelligence level of economic activities and effectively promotes economic and social development.
With the deep integration of network information technology and economic society, the threat of network security is spreading from online to offline, and the security risk of economic and social development is increasing. China’s key information infrastructure is facing greater risks and weak network security prevention and control capabilities, making it difficult to effectively deal with national and organized high-intensity cyber attacks. Once attacked, it may lead to major network security incidents, even traffic disruption, financial turmoil, power paralysis, and seriously threaten economic and social security and even national security. This is not only a problem faced by China, but also a common problem faced by countries with relatively high level of informationization in the world.
Strengthening the protection of key information infrastructure has become a common choice for all countries to ensure economic and social security. At present, more than 60 countries have issued cyberspace strategies, and regard key information infrastructure as an important object of network security. Recently, the United States has successively issued "Cyberspace Strategy" and "National Action Plan for Cybersecurity", emphasizing the importance of security protection of key information infrastructure and advocating the strategic concept of both offensive and defensive. The European Union issued the "Network and Information Security Directive", requiring key information infrastructure operators such as energy and transportation to take necessary security measures.
Two, China’s key information infrastructure security work steadily.
The CPC Central Committee and the State Council attached great importance to the safety protection of key information infrastructure. Under the unified leadership of the Central Network Information Leading Group, all relevant departments accelerated the construction of legal system, strengthened safety supervision and management, and improved safety technical standards. The safety protection of key information infrastructure in China has achieved initial results.
(1) Laws and regulations have been gradually improved. One isThe promulgation of "National Security Law" takes the lead in putting forward clear requirements for the autonomous control of key information infrastructure, and provides legal guarantee for the management, protection and inspection of key information infrastructure.The second isThe promulgation of the Network Security Law has raised the security protection of key information infrastructure to the national strategic level. The Cyber Security Law further clarifies the category of national key information infrastructure, stipulates the division of responsibilities and accountability methods for the security protection of key information infrastructure, and makes institutional arrangements for key information infrastructure construction requirements, operator obligations, security review, data storage, risk detection and evaluation, etc.The third isInitiate the revision of "Administrative Measures for Communication Network Security Protection" to further improve the overall level of China’s communication network security and enhance the ability to prevent and protect network security incidents in view of new situations and new problems.
(2) The management system has been continuously improved. One isWe carried out nationwide network security inspection of key information infrastructure, continuously strengthened risk assessment and security prevention of key information infrastructure, and especially strengthened the investigation of security risks of important information systems in lifeline industries such as finance, electricity and transportation, and achieved remarkable results.The second isImprove the network security review system of various industries, conduct network security review of important information technology products and their providers entering the Chinese market, ensure product safety and controllability, and guard against security threats such as illegal control and backdoor loopholes.The third isVigorously carry out pilot demonstrations of network security in the telecommunications and Internet industries, play a typical leading role, guide basic telecommunications enterprises, Internet enterprises and security enterprises to increase investment in network security, and enhance their ability to respond to network security threats.
(3) Technical capabilities have been effectively improved. One isFormulate industry security standards. The telecommunications and Internet industries have formulated and completed more than 60 communication network security protection standards, including "Fixed Communication Network Security Protection Requirements". Finance, energy and other industries have also issued information system security level protection standards, effectively improving the security protection ability and level of industry information systems.The second isImprove the security protection technology level of key information infrastructures such as vulnerability mining, intrusion detection and virus prevention, and focus on breaking through new security technologies such as network mapping and attack traceability, and further enhance the anti-interception, anti-attack and recovery capabilities of key information infrastructures.The third isIn view of new technologies and services such as mobile Internet, big data, cloud computing and industrial Internet, we have formulated special security protection strategies and issued a series of standards to improve the level of protection technology.
At the same time, China’s key information infrastructure security protection still faces challenges that cannot be underestimated, mainly in the following aspects: the core technology is subject to people, and the potential security risks are huge; The protection system of key information infrastructure is still not perfect, and the ability system of government-enterprise linkage, monitoring, early warning, response and recovery needs to be improved; The research and development of defense technology related to information infrastructure is in the primary stage; Network security talents can not better meet the development needs.
Third, further enhance the security protection capability of key information infrastructure.
Protecting critical information infrastructure is one of the nine strategic tasks established in the National Cyberspace Security Strategy. It is necessary to focus on the overall goal of building a network power, take the overall national security concept as a guide, enhance risk awareness and crisis awareness, coordinate the relationship between security and development, openness and autonomy, highlight the dynamic and comprehensive protection concept, and strive to improve the security protection level of key information infrastructure.
(1) Strengthen the foundation and promote safety through industrial development.Development is the greatest security, and we should effectively enhance the supply capacity of network facilities and services and the innovation and development capacity of technology industries.One isAccelerate the evolution and upgrading of infrastructure, implement the strategy of "Broadband China" in depth, accelerate the construction of all-optical networks and a new generation of mobile communication networks, and build a high-speed ubiquitous cyberspace that integrates heaven and earth.The second isStrengthen independent innovation of core technologies. We will promptly break through key core technologies such as core devices, high-end chips and operating systems, and advance the development and industrialization of new technologies such as 5G, industrial Internet, high-performance computing and artificial intelligence.The third isImprove the self-control level of key software and hardware products. Strengthen the guidance of policy funds, give full play to the role of market mechanism, promote the demonstration and application of domestic software and hardware products, cultivate a number of leading enterprises with industrial integration capabilities, and expand their own brands.
(2) Take multiple measures to ensure safety with the protection system.Safety is the premise of development, and a long-term protection mechanism is formed by comprehensively using legal system, administrative supervision and other means.One isIn combination with the promulgation of the Cyber Security Law, we will revise existing laws and regulations, speed up the introduction of supporting systems such as key infrastructure protection, data security management and network security review in various industries, and improve the infrastructure security standard system.The second isFurther promote the protection of key information infrastructure, clarify the principles, objectives and institutional measures for the protection of key information infrastructure, improve the network security protection system with hierarchical protection and dynamic adjustment, and formulate supporting systems for the registration, filing and updating of key information infrastructure assets.The third isPromote network security review, strengthen the safety management of industrial supply chain, and conduct security review of important information technology products and services used by party and government organs and national lifeline industries to eliminate security risks.
(three) both offensive and defensive, with technical means to support security.In view of the new problems and risks caused by new technologies and services on the Internet, we should strengthen the research and application of network security technology.One isStrengthen the monitoring and disposal of cyber threats, improve the overall dynamic perception, early warning and protection, and emergency response capabilities, strengthen joint attack and joint defense and threat information sharing, and promote the construction of cross-industry and inter-departmental infrastructure security threat information sharing platforms.The second isUse advanced technologies such as big data and cloud computing to strengthen correlation analysis and improve emergency response capabilities.The third isImprove the ability of key protection technologies such as intrusion detection, anti-virus and vulnerability mining, and pay special attention to the research and development of killer and asymmetric technologies.
(4) Serving the overall situation and strengthening safety with talent teams.Talent is the first resource. The competition in cyberspace is, in the final analysis, talent competition.One isOptimize the network security talent echelon, formulate the network and information security talent training plan, form a talent training mechanism combining higher education with social training, and build a talent echelon with sufficient personnel, excellent quality, professional support and reasonable structure.The second isEstablish a flexible talent incentive mechanism, promote the reform of the property rights system, income distribution system and transformation mechanism of scientific and technological achievements, break the unreasonable constraints on talents, and build a globally competitive talent system.The third isPromote international talent exchange and cooperation, strengthen the intelligence of high-tech talents, and attract more overseas leading talents and talents in short supply. Support high-end talents in the field of network information security to carry out academic exchanges such as cutting-edge technologies and standards overseas.
关于作者