This speech by MIIT Chief Engineer Zhang Feng was published on Sohu on 29 May.
On 20 May, Zhang Feng, the Chief Engineer of the Ministry of Industry and Information Technology presented a substantive report at the 2014 Annual Chinese Conference on Computer and Network Security
The transcript of Zhang Feng’s speech is as follows:
Zhang Deng: Respected Vice-Provincial Head Liu Zhigeng, Vice-Minister Liu Xiaoying, Academician Wu Hequan, Academician Ni Guangnan, Secretary Chen Maohui, Mayor Zheng Renhao, all guests:
Good morning everyone! I am very happy to meet with all of you in Shantou, Guangdong, to participate in the 2014 Annual Chinese Conference on Computer and Network Security. The theme of this year’s conference is “Cooperating in Protection – A Secure Future”, it revolves around building a secure and reliable network environment, it promotes common efforts between government departments, sector organizations, enterprises, practical departments, science and technology institute and other sides, to shape effective pooled forces for prevention, and it has an important significance. Here, I have the honour of representing the Ministry of Industry and Information Technology to express warm congratulations concerning the convention of this annual conference. I also express sincere wishes of welcome to all present guests.
2014 marked the 20th anniversary of our country’s connection to the Internet. Through 20 years of development, our country has become a large cyber country worthy of that name. By the end of last year, the number of netizens in China exceeded 600 million, among whom 500 million netizens used mobile phones, there are 18.44 million domestic domain names, and 3.16 million websites in total. Last year, our country’s government successively published many major policies in the area of information and telecommunications. The State Council promulgated the “Some Opinions concerning Stimulating Information Consumption and Broadening Internal Demand” and the “‘Broadband China’ Strategy and Implementation Plan”, the Ministry of Industry and Information Technology issued 4G licenses to three basic telecommunications enterprises, and launched trial points for private capital to develop mobile telecommunications reselling businesses. These major measures have created a benign environment for the further development of our country’s information and telecommunications.
Even so, the development of the Internet has brought a series of challenges to the economy and society, and especially the question of cybersecurity is becoming more complex every day. On the basis of monitoring data from the State Internet Emergency Response Centre, between January and April of this year, the number of hosts infected with Trojans or zombie networks within the borders of our country reached 4.86 million, more than 20.000 websites were tampered with, backdoors were implanted into 18.000 websites, and there were nearly 5.000 phishing pages imitating domestic websites. “Prism”, the “.cn domain name attack”, “Microsoft ceasing service provision to XP systems”, “grave security leaks existing within OpenSSL” and other such incidents have successively and incessantly sounded our alarm bells. At the same time, new technologies and new businesses have rapidly developed, which brought new security risks. The broad application of cloud computing has increased information leakage risks and the difficulty of dealing with incidents; social media networks have provided new channels for hackers’ attacks and cybercrime; mobile payment security and mobile terminal security have become new challenges. Attacks against these networks and security threats harm the interests of the broad netizens, impair the healthy development of the sector, and create grave threats to economic and social development, as well as national security.
Not long ago, the Central Leading Group for Cybersecurity and Informatization was officially established. General Secretary Xi profoundly pointed out that “without cybersecurity, there is no national security”, “cybersecurity and informatization are two wings on the same body, two wheels of the same cart, we must uniformly plan them, uniformly deploy matters, uniformly move forward and uniformly implement plans.” We must profoundly comprehend the spirit of the General Secretary’s important speech, and from the height of guaranteeing national security, safeguarding the public interest and stimulating informatization development, fully understand the importance and urgency of doing cybersecurity well under new circumstances, and struggle diligently to build our country into a strong cyber country.
Under the uniform deployment of the Party Centre and the State Council, the Ministry of Industry and Information Technology has deeply moved forward the construction of cybersecurity protection systems in recent years, according to the policy of vigorous use, scientific development, management according to the law and guaranteeing security, it incessantly perfected the establishment of cybersecurity standards, norms and mechanisms, strengthened cybersecurity emergency response and management, expanded the strength to govern the public Internet environment, and organized self-discipline work in the cybersecurity sectors, it made vigorous progress. Next, I will further talk about a few points of opinion on further doing cybersecurity work well, focusing on prominent problems that we face in the area of cybersecurity at present.
I, Vigorously responding to cybersecurity threats, forcefully strengthening guarantees for key information infrastructure. At present, basic information networks as well as important information systems relevant for the national economy and the people’s livelihood face ever more complex security threats, and especially the organized attacks they face have become more complex and diverse. At the same time, the application of next-generation Internet, cloud computing, mobile Internet, the Internet of Things, big data and other such new technologies has brought new security risks. Basic telecommunications enterprises and important information systems operation departments should play a central role in guaranteeing the satisfactory implementation of all rules and measures to guarantee cybersecurity, strengthen security monitoring before the purchase of crucial equipment, strengthen security protection of networks and information systems, regularly carry out compliance surveys and risk assessments, timely discover and eliminate major security risks, and incessantly raise the ability to resist attacks against crucial information infrastructure.
II, Strengthening indigenous innovation capacity, raising the security and controllability levels of information technology and services. We must, with enterprises at the centre, raise innovation capacity, promote technological progress and industrialization, follow and grasp the main direction of new-generation information technologies, strive to make breakthroughs in core and crucial technologies such as integrated circuits and crucial electronic components, high-end routers and servers, operating systems, databases, etc., strengthen coordination and integration capacity with regard to crucial and core technologies. Incessantly enrich Internet information services, strive to foster specialized applications, stimulate technology and business model innovation, and satisfy the diversified information demands of our country’s social public. Strengthen the construction of cybersecurity technology teams and labs, forcefully raise core cybersecurity technology capacities concerning locating leaks, analysing malicious code, tracing attacks, evidence-gathering, etc., perfect cybersecurity evaluation methods, stimulate the rapid and healthy development of the cybersecurity industry.
III, Developing ways to deal with malicious code on the mobile Internet, creating a healthy mobile ecology and environment. Following the development and popularization of 3G and 4G networks, smartphones have progressively become a major tool for people to go online. At the same time, driven by economic interests, law-breakers have made the mobile Internet into a main battlefield, the categories of malicious mobile code has become numerous and its quantity has become huge, which gravely harms users’ personal interests. In order to clean up the mobile Internet environment and protect the lawful rights and interests of users, in April of this year, the Ministry of Industry and Information Technology has, together with the Ministry of Public Security and the State Administration of Industry and Commerce, launched a special campaign to deal with malicious code on the mobile Internet, according to the work thinking of governance according to the law and dealing with both root causes and symptoms, this fully gave rein to the roles of government supervision, sector self-discipline and social supervision, and strengthened security management through joint steps forward from smartphones’ using the internet to segments such as the development and dissemination of mobile applications, etc., and attacked the use of malicious code to engage in unlawful and criminal activities according to the law. I hope that basic telecommunications enterprises, Internet enterprises, terminal manufacturing enterprises and security enterprises realistically implement their security responsibilities, fully give rein to their superiorities, strengthen joint sectoral action and information sharing, let them vigorously participate in comprehensively dealing with malicious mobile Internet code, and make positive contributions to forging a healthy mobile Internet environment.
IV, Strengthening sectoral cooperation, completing cybersecurity incident coordination and joint handling mechanisms. To respond to cybersecurity threats and clean up the Internet environment, it is necessary that there is uniform understanding and close coordination between government departments, and between governments and enterprises, at the same time, it is necessary that all walks of society and the road users together raise their consciousness about prevention and strengthen protection measures. Basic telecommunications enterprises, value-added telecommunications enterprises, Internet enterprises, security businesses, etc., must realistically take up their corporate social responsibility, strengthen cooperation and coordination with State cybersecurity protection forces, establish and complete cybersecurity emergency response, handling and coordination mechanisms that are agile in their operations and flexible in their response, they must further strengthen early warning and handling, raise emergency response efficiency, and forge active prevention systems within our country in which the investigation of leaks and dangers, discovery threats of attack, and response to incidents are integrated, and many sides act together.
V, Strengthen international cooperation, strive to raise our country’s discourse power in international cyberspace governance. Internet governance requires broad exchange and cooperation between all countries worldwide, and the construction of a fair and reasonable international order for cyberspace. In recent years, the Ministry of Industry and Information Technology has, together with other departments, vigorously participated in and promoted the process of intergovernmental cyberspace security cooperation through the United nations, the International Telecommunications Union, the Asia-Pacific Economic Cooperation, the Shanghai Cooperation organizations, etc., it guided corresponding work units to strengthen cooperation in the International Standardization Organization, professional associations and other relevant organizations. In the area of cybersecurity emergency response organization and cooperation, the National Internet Emergency Response Centre has established joint mechanisms with 59 countries and 127 organizations, and strengthened cross-border cybersecurity incident technology coordination procedures. The Ministry of Industry and Information technology will further broaden international exchange and cooperation in the area of cybersecurity, at the same time, it will support emergency response organizations, sectoral associations, enterprises, etc., to develop diverse ways of international cooperation, and jointly stimulate the formation of an international consensus and behavioural norms that are beneficial for the development of the Internet.
Guests, friends, following the rapid development of the Internet, the problem of cybersecurity has become ever more prominent and ever more important. This Conference has created a platform for colleagues in cybersecurity circles to share information and exchange technology, I hope everyone is able to use this opportunity to speak out freely and exchange ideas. Finally, I wish that this annual conference is crowned with complete success.
Thank you all!