MIIT Chief Engineer On China’s Cybersecurity Policy

Posted on Updated on

This speech by MIIT Chief Engineer Zhang Feng was published on Sohu on 29 May.

On 20 May, Zhang Feng, the Chief Engineer of the Ministry of Industry and Information Technology presented a substantive report at the 2014 Annual Chinese Conference on Computer and Network Security

The transcript of Zhang Feng’s speech is as follows:

Zhang Deng: Respected Vice-Provincial Head Liu Zhigeng, Vice-Minister Liu Xiaoying, Academician Wu Hequan, Academician Ni Guangnan, Secretary Chen Maohui, Mayor Zheng Renhao, all guests:

Good morning everyone! I am very happy to meet with all of you in Shantou, Guangdong, to participate in the 2014 Annual Chinese Conference on Computer and Network Security. The theme of this year’s conference is “Cooperating in Protection – A Secure Future”, it revolves around building a secure and reliable network environment, it promotes common efforts between government departments, sector organizations, enterprises, practical departments, science and technology institute and other sides, to shape effective pooled forces for prevention, and it has an important significance. Here, I have the honour of representing the Ministry of Industry and Information Technology to express warm congratulations concerning the convention of this annual conference. I also express sincere wishes of welcome to all present guests.

2014 marked the 20th anniversary of our country’s connection to the Internet. Through 20 years of development, our country has become a large cyber country worthy of that name. By the end of last year, the number of netizens in China exceeded 600 million, among whom 500 million netizens used mobile phones, there are 18.44 million domestic domain names, and 3.16 million websites in total. Last year, our country’s government successively published many major policies in the area of information and telecommunications. The State Council promulgated the “Some Opinions concerning Stimulating Information Consumption and Broadening Internal Demand” and the “‘Broadband China’ Strategy and Implementation Plan”, the Ministry of Industry and Information Technology issued 4G licenses to three basic telecommunications enterprises, and launched trial points for private capital to develop mobile telecommunications reselling businesses. These major measures have created a benign environment for the further development of our country’s information and telecommunications.

Even so, the development of the Internet has brought a series of challenges to the economy and society, and especially the question of cybersecurity is becoming more complex every day. On the basis of monitoring data from the State Internet Emergency Response Centre, between January and April of this year, the number of hosts infected with Trojans or zombie networks within the borders of our country reached 4.86 million, more than 20.000 websites were tampered with, backdoors were implanted into 18.000 websites, and there were nearly 5.000 phishing pages imitating domestic websites. “Prism”, the “.cn domain name attack”, “Microsoft ceasing service provision to XP systems”, “grave security leaks existing within OpenSSL” and other such incidents have successively and incessantly sounded our alarm bells. At the same time, new technologies and new businesses have rapidly developed, which brought new security risks. The broad application of cloud computing has increased information leakage risks and the difficulty of dealing with incidents; social media networks have provided new channels for hackers’ attacks and cybercrime; mobile payment security and mobile terminal security have become new challenges. Attacks against these networks and security threats harm the interests of the broad netizens, impair the healthy development of the sector, and create grave threats to economic and social development, as well as national security.

Not long ago, the Central Leading Group for Cybersecurity and Informatization was officially established. General Secretary Xi profoundly pointed out that “without cybersecurity, there is no national security”, “cybersecurity and informatization are two wings on the same body, two wheels of the same cart, we must uniformly plan them, uniformly deploy matters, uniformly move forward and uniformly implement plans.” We must profoundly comprehend the spirit of the General Secretary’s important speech, and from the height of guaranteeing national security, safeguarding the public interest and stimulating informatization development, fully understand the importance and urgency of doing cybersecurity well under new circumstances, and struggle diligently to build our country into a strong cyber country.

Under the uniform deployment of the Party Centre and the State Council, the Ministry of Industry and Information Technology has deeply moved forward the construction of cybersecurity protection systems in recent years, according to the policy of vigorous use, scientific development, management according to the law and guaranteeing security, it incessantly perfected the establishment of cybersecurity standards, norms and mechanisms, strengthened cybersecurity emergency response and management, expanded the strength to govern the public Internet environment, and organized self-discipline work in the cybersecurity sectors, it made vigorous progress. Next, I will further talk about a few points of opinion on further doing cybersecurity work well, focusing on prominent problems that we face in the area of cybersecurity at present.

I, Vigorously responding to cybersecurity threats, forcefully strengthening guarantees for key information infrastructure. At present, basic information networks as well as important information systems relevant for the national economy and the people’s livelihood face ever more complex security threats, and especially the organized attacks they face have become more complex and diverse. At the same time, the application of next-generation Internet, cloud computing, mobile Internet, the Internet of Things, big data and other such new technologies has brought new security risks. Basic telecommunications enterprises and important information systems operation departments should play a central role in guaranteeing the satisfactory implementation of all rules and measures to guarantee cybersecurity, strengthen security monitoring before the purchase of crucial equipment, strengthen security protection of networks and information systems, regularly carry out compliance surveys and risk assessments, timely discover and eliminate major security risks, and incessantly raise the ability to resist attacks against crucial information infrastructure.

II, Strengthening indigenous innovation capacity, raising the security and controllability levels of information technology and services. We must, with enterprises at the centre, raise innovation capacity, promote technological progress and industrialization, follow and grasp the main direction of new-generation information technologies, strive to make breakthroughs in core and crucial technologies such as integrated circuits and crucial electronic components, high-end routers and servers, operating systems, databases, etc., strengthen coordination and integration capacity with regard to crucial and core technologies. Incessantly enrich Internet information services, strive to foster specialized applications, stimulate technology and business model innovation, and satisfy the diversified information demands of our country’s social public. Strengthen the construction of cybersecurity technology teams and labs, forcefully raise core cybersecurity technology capacities concerning locating leaks, analysing malicious code, tracing attacks, evidence-gathering, etc., perfect cybersecurity evaluation methods, stimulate the rapid and healthy development of the cybersecurity industry.

III, Developing ways to deal with malicious code on the mobile Internet, creating a healthy mobile ecology and environment. Following the development and popularization of 3G and 4G networks, smartphones have progressively become a major tool for people to go online. At the same time, driven by economic interests, law-breakers have made the mobile Internet into a main battlefield, the categories of malicious mobile code has become numerous and its quantity has become huge, which gravely harms users’ personal interests. In order to clean up the mobile Internet environment and protect the lawful rights and interests of users, in April of this year, the Ministry of Industry and Information Technology has, together with the Ministry of Public Security and the State Administration of Industry and Commerce, launched a special campaign to deal with malicious code on the mobile Internet, according to the work thinking of governance according to the law and dealing with both root causes and symptoms, this fully gave rein to the roles of government supervision, sector self-discipline and social supervision, and strengthened security management through joint steps forward from smartphones’ using the internet to segments such as the development and dissemination of mobile applications, etc., and attacked the use of malicious code to engage in unlawful and criminal activities according to the law. I hope that basic telecommunications enterprises, Internet enterprises, terminal manufacturing enterprises and security enterprises realistically implement their security responsibilities, fully give rein to their superiorities, strengthen joint sectoral action and information sharing, let them vigorously participate in comprehensively dealing with malicious mobile Internet code, and make positive contributions to forging a healthy mobile Internet environment.

IV, Strengthening sectoral cooperation, completing cybersecurity incident coordination and joint handling mechanisms. To respond to cybersecurity threats and clean up the Internet environment, it is necessary that there is uniform understanding and close coordination between government departments, and between governments and enterprises, at the same time, it is necessary that all walks of society and the road users together raise their consciousness about prevention and strengthen protection measures. Basic telecommunications enterprises, value-added telecommunications enterprises, Internet enterprises, security businesses, etc., must realistically take up their corporate social responsibility, strengthen cooperation and coordination with State cybersecurity protection forces, establish and complete cybersecurity emergency response, handling and coordination mechanisms that are agile in their operations and flexible in their response, they must further strengthen early warning and handling, raise emergency response efficiency, and forge active prevention systems within our country in which the investigation of leaks and dangers, discovery threats of attack, and response to incidents are integrated, and many sides act together.

V, Strengthen international cooperation, strive to raise our country’s discourse power in international cyberspace governance. Internet governance requires broad exchange and cooperation between all countries worldwide, and the construction of a fair and reasonable international order for cyberspace. In recent years, the Ministry of Industry and Information Technology has, together with other departments, vigorously participated in and promoted the process of intergovernmental cyberspace security cooperation through the United nations, the International Telecommunications Union, the Asia-Pacific Economic Cooperation, the Shanghai Cooperation organizations, etc., it guided corresponding work units to strengthen cooperation in the International Standardization Organization, professional associations and other relevant organizations. In the area of cybersecurity emergency response organization and cooperation, the National Internet Emergency Response Centre has established joint mechanisms with 59 countries and 127 organizations, and strengthened cross-border cybersecurity incident technology coordination procedures. The Ministry of Industry and Information technology will further broaden international exchange and cooperation in the area of cybersecurity, at the same time, it will support emergency response organizations, sectoral associations, enterprises, etc., to develop diverse ways of international cooperation, and jointly stimulate the formation of an international consensus and behavioural norms that are beneficial for the development of the Internet.

Guests, friends, following the rapid development of the Internet, the problem of cybersecurity has become ever more prominent and ever more important. This Conference has created a platform for colleagues in cybersecurity circles to share information and exchange technology, I hope everyone is able to use this opportunity to speak out freely and exchange ideas. Finally, I wish that this annual conference is crowned with complete success.

Thank you all!

工信部张峰:要进一步落实好网络安全工作
5月28日,工业和信息化部总工程师张峰在2014中国计算机网络安全年上做主旨报告。
以下为张峰演讲实录:
张峰:尊敬的刘志庚副省长、刘小英副部长、邬贺铨院士、倪光南院士、陈茂辉书记、郑人豪市长、各位来宾:
大家上午好!很高兴与大家相聚在广东省汕头市,共同参加2014中国计算机网络安全年会。本届年会以“携手防护·安全未来”为主题,围绕构建安全可靠的网络环境,推动政府部门、行业组织、企业、应用部门、科研院校等各个方面的共同努力,形成有效的防护合力,具有重要的意义。在此,我谨代表工业和信息化部,对年会的召开表示热烈的祝贺!对各位来宾的到来表示诚挚的欢迎!
2014年是我国接入国际互联网20周年。经历20年的发展,我国已成为名副其实的网络大国。截止去年底,中国网民数量已突破6亿,其中手机网民规模达到了5亿,国内域名总数1844万个,网站总数316万个。去年,我国政府在信息通信领域相继出台了多项重大的政策。由国务院发布了《关于促进信息消费扩大内需的若干意见》、《“宽带中国”战略及实施方案》,工业和信息化部向三家基础电信企业发放了4G牌照,向民营资本开展了移动通信转售业务的试点工作。这些重大的举措为推进我国信息通信业进一步的发展创造了良好的环境。
然而,互联网的发展也给经济社会带来了一系列的挑战,尤其是网络安全问题日益复杂。根据国家互联网应急中心监测的数据,今年一到四月,我国境内感染木马僵尸网络的主机达486万台,被篡改的网站有2万余个,被植入后门的网站有1.8万个,仿冒我国境内网站的钓鱼页面有近5千个。“棱镜门”、“.CN域名遭攻击”、“微软停止对XP系统提供服务”、“OpenSSL存在严重安全漏洞”等事件,接连不断地给我们敲响了警钟。同时,新技术、新业务快速发展也带来了新的安全风险。云平台的应用普及加大信息泄露风险和事件处置的难度;社交网络成为黑客攻击和网络犯罪的新途径;移动支付安全和移动终端安全成为了新的挑战。这些网络攻击和安全的威胁,损害了广大网民的利益,妨碍了行业健康的发展,对经济社会发展和国家安全造成了严重的威胁。
前不久,中央网络安全和信息化领导小组正式成立。习总书记深刻地指出,“没有网络安全就没有国家安全”,“网络安全和信息化是一体之两翼,驱动之双轮,必须要统一谋划、统一部署、统一推进、统一实施”。我们要深刻领会总书记的重要讲话精神,从保障国家安全、维护公众利益、促进信息化发展的高度,充分认识新形势下做好网络安全工作的重要性和紧迫性,为把我国建设成为网络强国而努力奋斗。
在党中央、国务院的统一部署下,近年来工业和信息化部按照积极利用、科学发展、依法管理、确保安全的方针,深入推进网络安全防护体系的建设,不断完善建立网络安全标准规范和机制,加强网络安全应急管理,加大互联网公共环境治理的力度,组织开展了网络安全行业自律工作,取得了积极的进展。下面,围绕当前网络安全领域面临的突出问题,我就进一步做好网络安全工作谈几点意见。
一、积极应对网络安全的威胁,大力加强关键信息基础设施安全保障。当前,基础信息网络以及关系国计民生的重要信息系统等面临着越来越复杂的安全威胁,特别是面临的有组织攻击更加复杂多样。与此同时,下一代互联网、云计算、移动互联网、物联网和大数据等新技术的应用带来了新的安全风险。基础电信企业、重要信息系统运营部门应当发挥主体作用,确保网络安全保障各项制度、措施落实到位,加强关键设备采购前的安全检测,加强网络和信息系统的安全防护,定期开展符合性评测和风险评估,及时发现并消除重大安全隐患,不断提高关键信息基础设施的抗攻击能力。
二、增强自主创新能力,提高信息技术和服务安全可控水平。要以企业为主体,提升创新能力,推动技术进步和产业化,跟踪和把握新一代信息技术的重点方向,着力突破集成电路和关键电子元器件、高端路由器和服务器、操作系统和数据库等核心关键技术,加强关键核心技术的协同和集成能力。不断丰富互联网信息服务,着力培育特色应用,促进技术和业务模式创新,满足我国社会公众多样化的信息需求。加强网络安全技术队伍和实验室的建设,大力提升漏洞挖掘、恶意代码分析、攻击溯源取证等网络安全核心技术能力,完善网络安全评估方法,促进网络安全产业快速、健康地发展。
三、开展移动互联网恶意程序治理,营造健康的移动生态环境。随着3G、4G网络的发展和普及,智能手机逐渐成为人们上网的主要工具。同时,受经济利益的驱动,不法分子把移动互联网作为主阵地,移动恶意程序种类繁多、数量巨大,严重危害用户的切身利益。为净化移动互联网的环境,保护用户的合法权益,今年4月,工业和信息化部会同公安部、工商总局启动了打击治理移动互联网恶意程序的专项行动,按照依法治理、标本兼治的工作思路,充分发挥政府监管、行业自律、社会监督的作用,从智能手机进网和移动应用程序的开发、传播等环节同步加强安全管理,依法打击利用恶意程序从事违法犯罪活动。希望基础电信企业、互联网企业、终端制造企业和安全企业切实履行安全责任,充分发挥各自优势,加强行业联动和信息共享,积极参与到移动互联网恶意程序的综合治理中来,为营造健康的移动互联网环境作出积极的贡献。
四、加强业界合作,健全网络安全事件协调联动处置机制。应对网络安全的威胁、净化互联网环境,需要政府部门之间、政府和企业之间统一认识、密切配合,同时需要社会各界及广大用户共同提高防范意识、加强保护措施。基础电信企业、增值电信企业、互联网企业、安全厂商等要切实承担企业的社会责任,与国家网络安全保障力量加强协作配合,建立健全运转灵活、反应灵敏的网络安全应急处理协调机制,进一步强化预警处置、提高应急效率,打造我国集漏洞隐患排查、攻击威胁发现、事件响应处置于一体的、多方联动的主动防御体系。
五、加强国际合作,努力提高我国在网络空间国际治理中的话语权。互联网治理需要世界各个国家广泛地交流与合作,构建公正合理的网络空间国际秩序。近年来,工业和信息化部与有关部门一起积极参与和推动了联合国、国际电信联盟、亚太经合组织、上海合作组织等政府间网络空间安全合作的进程,指导相关单位加强了与国际标准化组织、行业协会等相关组织的合作。在网络安全应急响应组织合作方面,国家互联网应急中心已经与59个国家和地区的127个组织建立了联络机制,加强了跨境网络安全事件技术协调处置。工业和信息化部将进一步扩大网络安全领域的国际交流与合作,同时支持应急组织、行业协会、企业等开展形式多样的国际合作,共同促进形成有利于互联网发展的国际共识和行为准则。
各位来宾,各位朋友,随着互联网的快速发展,网络安全问题越发突出也越发重要。本次大会为网络安全业界同仁搭建了一个信息共享和技术交流的平台,希望大家能够利用这个机会,畅所欲言、交流思想。最后,预祝此次年会取得圆满成功。
谢谢大家!

 

 

One thought on “MIIT Chief Engineer On China’s Cybersecurity Policy

    […] and coordination and very much related to maintaining control over public opinion. On 20 May, Zhang Feng, the Chief Engineer of the Ministry of Industry and Information Technology, held an important […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s