Deepen the promotion of network security work at a new starting point
According to "2006— China’s informatization has entered the fast lane of rapid development for ten years. The development of information and communication technology is changing with each passing day, and ten years is enough to turn the world upside down. Today’s application scenarios of information development have exceeded the imagination of any prophet. The Outline of National Informatization Development Strategy (hereinafter referred to as "the Strategic Outline") implements the strategic thought of the Supreme Leader’s General Secretary to strengthen the country through the Internet, and makes an analysis of the "2006— The National Informatization Development Strategy in 2020 has been adjusted and developed, which has made overall arrangements for the informatization work in the next decade. Among them, the "Strategic Outline" puts forward new and higher requirements for network security work on the basis of summarizing the existing achievements and facing the great demand of maintaining national security in the new period.
Compared with the deployment of network security work ten years ago, the Strategic Outline has the following series of important changes:
In terms of guidelines, the dialectical relationship between security and development has been further deepened.
In 2003, the Central Office and the State Council issued the first programmatic document "Opinions on Strengthening Information Security" (No.27 [2003] of the Central Office) in China’s network security. At that time, the document profoundly pointed out that the relationship between security and development should be correctly handled, so as to ensure development with security and seek security in development. Therefore, the informatization strategy in 2006 takes it as an important guiding principle.
The Strategic Outline further explains the dialectical relationship between security and development, which is "one body, two wings and two wheels drive", and upgrades "ensuring development through security and seeking security through development" to "ensuring development through security and promoting security through development". "Ensuring development with safety" shows that safety is the foundation of development, and "seeking safety in development" emphasizes solving safety problems in development, rather than ensuring safety with stagnant development. However, "promoting security through development" further requires that security problems should be solved by means of development and provide a material basis for maintaining network security through development. This is in line with the thought of "Qiang Bing can be defended only when the country is rich, and Qiang Bing can defend the country" in the overall national security concept of the Supreme Leader, which is very rich in connotation and sublimates the dialectical relationship between security and development to a new height.
In terms of strategic objectives, we will make solid progress towards "a network power"
The overall goal of the informatization development strategy in 2006 is to "greatly improve the level of national information security", which is not a measurable goal with stage characteristics and has little guiding significance for practical work. This is related to the weak network security foundation and too many clues in China at that time. In terms of specific objectives, the informatization development strategy in 2006 proposed to break through and master a number of key and core technologies by 2020, and realize the leap of information technology from tracking and introduction to independent innovation, and generally demanded that "the national information security guarantee system is relatively perfect and the information security guarantee capability is significantly enhanced".
The "Strategic Outline" clearly requires that in 2025, "the situation that core technologies are subject to people will be fundamentally changed and a safe and controllable information technology industry system will be formed". The core technology is the "life gate" of network security. As long as this problem is not solved, our network security system will be unstable and in danger. If ten years later, at the end of the "14th Five-Year Plan", we still can’t reverse the situation of being controlled by others, "network power" and "the Chinese nation’s great rejuvenation of the Chinese dream" are really out of the question. For such a very specific and crucial goal, we have no retreat, otherwise we will bear historical responsibility. Of course, this is a great test of perseverance, confidence and focus.
On this basis, the "Strategic Outline" points out that network security should be "advanced in technology, developed in industry, leading in application and indestructible in network security", which is another measurable and meaningful goal. "Invincible" means invincible in confrontation, which is an inevitable requirement for safeguarding national security.
Reveal and follow the inherent laws of network security more comprehensively.
The information strategy in 2006 has a basic grasp of the inherent law of network security: network security is based on risk, and it is necessary to comprehensively balance the cost and risk of security, and to prevent both over-protection and under-protection. This basic law directly determines what method to use to maintain network security, and then the deployment of information security level protection, risk assessment and other work comes from this.
But this is only part of the inherent law of network security. With the deepening understanding of the objective world, the "Strategic Outline" points out that it is necessary to "establish a correct network security concept". This includes five aspects: network security is holistic rather than fragmented; Network security is dynamic rather than static; Network security is open rather than closed; Network security is relative rather than absolute; Network security is common rather than isolated. General Secretary of the Supreme Leader made a profound exposition on the "correct concept of network security" at the symposium on network security and informatization on April 19th. The inherent law is inviolable, and any work should be consistent with it, otherwise it will get twice the result with half the effort, or even go the opposite way.
From "prevention" to "response", both defense and deterrence capabilities are simultaneously developed.
The informatization strategy in 2006 requires "active defense and comprehensive defense", which are actually the same thing, both of which focus on "defense", but the former emphasizes the ex ante nature of actions and the latter emphasizes the comprehensiveness of means. However, the "defense" and "prevention" that are "active" and "comprehensive" are defense after all. Facing the severe situation of network security struggle, we urgently need to form the network deterrent ability. Of course, this is not to develop cyber attacks, but to make opponents "think twice before taking action" through deterrence capacity building, so as to deter wars, achieve the purpose of protecting themselves more effectively, and achieve real stability and balance in cyberspace.
Therefore, the "Strategic Outline" is changed to "actively defend and take the initiative to respond" and "enhance the defensive ability and deterrent ability of network security", which is of great significance to safeguarding the sovereignty, security and development interests of national cyberspace.
The important task of maintaining "network sovereignty" was put forward for the first time.
The principle of network sovereignty is the core proposition of global cyberspace security in China. General Secretary of the Supreme Leader proposed at the Second world internet conference that we should respect cyber sovereignty, refrain from cyber hegemony, not interfere in other countries’ internal affairs, and not engage in, condone or support cyber activities that endanger other countries’ national security. China’s National Security Law stipulates that the sovereignty, security and development interests of national cyberspace should be safeguarded. The "Strategic Outline" regards "safeguarding network sovereignty" as a major task and requires "firmly defending China’s network sovereignty". Sovereignty is inviolable and the issue of sovereignty is non-negotiable. In order to safeguard network sovereignty, we should take all means, including politics, diplomacy, economy and justice, without excluding military means.
"Cybersovereignty" is a major change in the Strategic Outline compared with the information strategy in 2006, which is an inevitable requirement to enhance China’s institutional discourse power in global cyberspace governance activities.
The focus of protection has expanded from "2+8" to critical information infrastructure.
Any country’s informatization or network security strategy must determine the protection focus, which is the "prescribed action" of the strategic document. In 2006, the key point of informatization strategy was "basic information network and important information system related to national security, economic lifeline and social stability". In practical work, it is specifically implemented as radio and television transmission network, telecommunication network, Internet, and information systems in banking, insurance, securities, civil aviation, railways, taxation, customs, electric power and other fields, commonly known as "2+8" (the three basic networks are under the charge of two ministries).
With the accelerated penetration of information and communication technology in various industries of the national economy, the scope of protection mentioned above is obviously too narrow. In addition, in view of the importance of such systems, it is necessary to establish a special safety management system. Therefore, in recent years, China has put forward the concept of "key information infrastructure", which has replaced "basic information network and important information system". The "Strategic Outline" requires "establishing and implementing a protection system for key information infrastructure". Recently, the Cyber Security Law (the second draft for review) echoed this, pointing out that "the specific scope of key information infrastructure and security protection measures shall be formulated by the State Council".
Have a deeper understanding of the relationship between openness and autonomy, and establish the ability to maintain national network security in an open environment.
When formulating the information strategy in 2006, openness and autonomy have not yet become a pair of main contradictions, and the understanding of this issue is still at a shallow level. At present, with the deepening of economic globalization, information flow leads the flow of technology, capital and talents. How to dialectically understand and handle the relationship between openness and autonomy is a new topic. On the one hand, when determining the breakthrough route of core technology, we should consider how to use global innovation resources and choose the right "shoulder"; On the other hand, our network security policy should take into account WTO commitments. General Secretary of the Supreme Leader profoundly pointed out that we should not shut ourselves out of the world, but must establish a global vision and an open mind. However, maintaining national network security in an open environment requires scientific means to ensure the safety and controllability of products and services, and to prevent product providers from illegally controlling, interfering with and interrupting user systems and illegally collecting, storing, processing and utilizing user-related information by providing products. This is the network security review system, which is deployed as an important strategic task in the Strategic Outline.
Further strengthen basic work.
The foundation is not firm, and the ground shakes. Network security work should always focus on laying a solid foundation. But in different periods, the content of basic work is different. On the one hand, the "Strategic Outline" requires continuing to do basic work with long-term characteristics, such as network security technology research and development, level protection, risk assessment, talent education, standardization and so on; On the other hand, for the special basic work that has not been completed as scheduled, it is also required to get results as soon as possible, such as network security certification and accreditation. In addition, in view of the development of network security situation, some new basic work has been put on the agenda, such as situation awareness work, which will be gradually implemented under the guidance of the Strategic Outline.
(Source: People’s Daily Author: Zuo Xiaodong)