1. Current situation of network security in China
With the development of AI, big data, 5G and other emerging technologies, enterprises are facing increasing threats. Relevant data shows that the potential global economic losses caused by cyber attacks may be as high as US $294 billion between 2015 and 2025. The upgrading of network risk has made governments, enterprises and individuals pay more attention to this risk. Countries have promulgated laws and regulations on data protection, and China has implemented the Network Security Law since June 2017. In May 2019, China issued the national standard of Graded Protection 2.0, adding requirements for personal information protection, cloud computing expansion, etc.
The Internet Network Security Situation in China in the First Half of 2019 released by the National Internet Emergency Center shows that the Internet network security situation in China in the first half of 2019 has four major characteristics: the risk of personal information and important data leakage is severe; The exposure of multiple high-risk vulnerabilities has caused serious security risks to China's network security; High frequency of DDoS attacks against important websites in China; Targeted attacks are frequently launched by phishing emails.
The National Internet Emergency Center conducts macro monitoring of China's Internet network security environment from malicious programs, potential vulnerabilities, mobile Internet security, website security, cloud platform security, industrial system security, Internet financial security, etc. The data shows that, compared with the data in the first half of 2018, the number of generic "zero day" vulnerabilities in China in the first half of 2019, the number of event type vulnerability notifications involving key information infrastructure, the number of tampered, implanted backdoors, counterfeit websites, etc. increased, and other types of monitoring data decreased or basically remained the same.
The network risks or threats faced by enterprises mainly take the following forms:
1. Website intrusion and webpage content tampering
Manifestation: hackers use website vulnerabilities to invade websites, tamper with web content, and even post reactionary slogans.
Consequences: causing serious political impact, having a negative impact on the corporate public relations image, being punished by the regulatory authority, affecting the normal business development.
2. Data leakage
Manifestation: The enterprises that accumulated a large amount of customer data in production and operation were attacked by hackers, and the data was stolen and used for illegal purposes, such as the customer data leakage event of Huazhu Hotel in 2018, and the data leakage event of Equifax in the United States in 2017.
Consequences: In the face of regulatory penalties, Equifax paid a fine of at least 575 million dollars for data leakage of 150 million users. In addition, it may face claims from third parties.
3. Cyberblackmail
Form of expression: If you are attacked by network blackmail software, you need to pay blackmail money to the other party before you can unlock the relevant software or data. In June 2017, the IT system of Maersk headquarters was attacked by blackmail software, the global system of the Group was paralyzed, and the terminal stopped operation. It was only a week before the operation resumed.
Consequences: economic losses caused by payment of extortion money; Or business interruption loss caused by production and operation interruption is currently recognized as the largest risk of network security risk. The direct loss caused by Maersk's network paralysis event exceeded 300 million dollars, and the amount of business interruption loss was not disclosed publicly.
4. Distributed denial of service attack
Manifestation: The website is attacked from multiple sites at the same time, which makes the website server full of a large number of information to reply, consumes network bandwidth or system resources, and causes the network or system to be overloaded so that it is paralyzed and stops providing normal network services.
Consequences: The website cannot provide normal services, and the service of accepting orders through the website is suspended, which also causes the consequences of business interruption. As mentioned above, the increase and uncertainty of network risks provide "soil" for the "germination" of network security insurance, which will be introduced in detail later.
2. Current situation of international network security
More frequent global cyber attacks
The 2018 Global Risk Report of the World Economic Forum included cyber attacks in the top five global risks for the first time, becoming the third largest risk factor in the world in 2018.
First, the frequent security vulnerabilities of software and hardware equipment pose a serious threat to production and life. In January, Intel Corporation disclosed two processor vulnerabilities of "ghost" "fusing", which led to malicious programs obtaining sensitive information. The Royal Institute for Strategic Studies released a report, pointing out that there are a large number of obvious security loopholes in the current nuclear weapon system, and the risk of network attacks destroying nuclear weapon control devices is enormous. In March, the British Government Communications Headquarters found that there were security loopholes in the new household smart meters, threatening the security of hundreds of Internet of Things devices, and even affecting the normal operation of the national grid. In April, hackers used Cisco's high-risk vulnerabilities to launch attacks, affecting more than 200000 Cisco devices.
Second, multi industry key information infrastructure was attacked. In January, the network systems of the three largest banks in the Netherlands were constantly subjected to distributed denial of service attacks within a week. In June, Symantec found that hacker organizations carried out network attacks against satellite communications, telecommunications, geospatial photography and imaging services and military systems in the United States and Southeast Asian countries. In September, the Port of Barcelona in Spain and the Port of Santiago in the United States were successively attacked by the network. In November, the US Department of Homeland Security said that hackers had repeatedly tried to disrupt the US electoral system.
Third, personal information and business data suffered large-scale leakage and illegal use. In April, the US media reported that "Cambridge Analytics", employed by Trump during the election, had illegally collected data from more than 50 million US users of Facebook since 2014 to predict and influence voters' election voting orientation. In September, Facebook said that more than 50 million users' personal privacy information was at risk due to hacker attacks.
In 2019, with the increasing dependence of current production and life on the network information system, the number of network attacks will continue to increase, and the scope of impact will also be wider.
Further escalation of global network confrontation
Cyberspace has become an important strategic space contested by various countries. In 2018, various countries took various measures to constantly seek to enhance their cyber defense and confrontation capabilities, and the situation of cyberspace confrontation has intensified.
First, the strategic intention of cyber confrontation in the top-level planning is obvious. The United States released two important national defense strategies this year, both showing clear strategic intentions of cyber warfare. In July, the National Defense Authorization Act of 2019 was issued, which clearly listed China, Russia and other countries as "threats" to the national security of the United States, and proposed to increase the military deployment of the front line of cyber conflict. In September, the Ministry of Defense Cyber Security Strategy was released, pointing out that China and Russia are increasing their strategic threats to the United States and its allies, and they should take preemptive measures to prevent cyber attacks.
The second is to improve the institutional setup of cyberspace operations. In May, the US Cybercommand was upgraded to an independent combat command. In August, the Ministry of Defense of Japan announced that it would set up a special force to protect the national defense communication network from attacks. In October, NATO proposed to establish a network headquarters to comprehensively and timely grasp the status of cyberspace.
Third, strengthen multi-party cooperation. On the one hand, strengthen government enterprise cooperation. In May, the Ministry of Defense of Japan decided to entrust some cyber defense tasks to private enterprises. In June, the United States organized military, government and industry professionals to jointly carry out the "Network Limit 2018" exercise. On the other hand, promote international cooperation. In April, NATO held a "Lock Shield" cyber war exercise, which attracted thousands of cyber security experts from more than 30 countries. In June, Lithuania announced that nine member countries of the European Union would set up a rapid response team to combat cyber attacks.
Fourth, we will continue to deepen the research and development of cyber weapons. In April, the Ministry of Defense of the Republic of Korea said that it would invest 2.9 billion won to develop an intelligent information-based intelligence surveillance and reconnaissance system by 2019. In July, the US Department of Defense developed a new network weapon system to launch an online attack on the "Islamic State" and protect the US from hacker attacks by hostile governments.
In 2019, with the adjustment of cyberspace policies of relevant countries and the acceleration of the construction of cyber military forces, cyberspace competition may set off a new climax.
Countries will pay more attention to data security
Data governance has become an important strategic resource and production factor of the country. Network attacks against data and data abuse are becoming increasingly serious, so it is urgent to improve the level of data security governance.
First, further improve data security protection laws and regulations. In May 2018, the EU General Data Protection Regulations (GDPR) officially came into force. EU countries, such as Ireland, Spain, Belgium, Serbia and other EU countries, developed or issued domestic data protection regulations based on GDPR research. Non EU countries, such as Argentina, Brazil, Iran, India, Thailand and other countries also adjusted their data protection regulations to be consistent with GDPR.
The second is to step up research on cross-border data flow rules. In April 2018, Brazil submitted a document to the World Trade Organization urging discussion on the rules of Internet data flow. In July, Japan and the EU reached an agreement to realize the free flow of data between the two sides. In October, the European Parliament passed the EU Regulations on the Free Flow of Non personal Data, eliminating restrictions on data localization in EU member states.
Third, vigorously promote data security law enforcement inspection. In January, the Federal Trade Commission of the United States imposed a fine of 650000 dollars on Weiyida, whose security loopholes exposed the data of millions of parents and children. In February, a Belgian court ruled that Facebook's collection and preservation of online information without the knowledge of Belgian netizens violated Belgian privacy laws. In August, the South Korean government began to conduct user data security reviews of 20 multinational companies' offices in South Korea. In October, the European data protection supervision official said that the first batch of penalties based on GDPR will be announced at the end of 2018, and sanctions will be implemented.
In 2019, data security risks will become more prominent. Countries will continue to improve their respective legal systems and actively carry out relevant law enforcement inspections.
3. Current Problems of Network Security in China
China's network threat monitoring technology still needs to be strengthened
For a long time, the core technology of network security in China has been restricted by others. Today, with the rapid development of network attack and defense technology, China's ability to deal with network security threats is inferior to that of developed countries.
First, the information technology security monitoring capability is not strong. China's monitoring and analysis of imported network information technology and products are mainly based on compliance evaluation, rarely involving core software technologies. Its large-scale and collaborative vulnerability analysis and evaluation capabilities are low, and it is difficult to find the "back door" of product security vulnerabilities. At the same time, China's technical strength in big data analysis, trusted cloud computing, security intelligent linkage and other important aspects is insufficient, It is difficult to deal with the security monitoring of emerging information technology products.
Second, the traceability of network attacks is insufficient. At present, China lacks effective analysis methods for massive network data, and the monitoring technology for new security threats such as APT is immature. Even if such threats are detected, it is difficult to find the source of attacks due to the lack of backtracking means.
Independent and controllable ecology of information technology products in China needs to be established urgently
At present, China is highly dependent on foreign information technology products, and its core basic software and hardware products such as CPU, memory, hard disk and operating system are heavily dependent on imports. For example, CPU mainly depends on Intel, AMD and other manufacturers; Memory mainly depends on Samsung, Micron and other manufacturers; Hard disk mainly depends on Toshiba, Hitachi, Seagate and other manufacturers; The operating system is monopolized by Microsoft. In 2017, European and American transnational enterprises improved the openness of core technologies, and a new round of imported innovation upsurge appeared in the domestic information technology industry. However, in 2018, as the ZTE event and the Sino US trade war continued to ferment, people from all walks of life gradually reached consensus on building an independent and controllable ecosystem of information technology products. On the one hand, it is urgent to develop core information technology products that are usable and easy to use; On the other hand, it is urgent to evaluate, support and promote self controllable network products and services, so as to build a good self controllable ecosystem.
The ecological construction of China's network trusted identity needs to be strengthened
The Network Security Law clearly states that "the country implements the strategy of network trusted identity, supports the research of secure and convenient electronic identity authentication technology, and promotes mutual recognition between different electronic identity authentication". However, at present, China's network trusted identity ecological construction still needs to be strengthened.
First, the construction of the network trusted identity system lacks top-level design, and the overall planning and layout are still unclear. China has not clearly incorporated network identity management into national security strategy, nor has it formed an overall framework and specific path to promote the construction of network trusted identity system.
Second, the identity infrastructure resources have not yet been widely interconnected, and the duplication of infrastructure construction is serious. Due to the lack of strategic design and overall planning, the network trusted identity infrastructure sharing and cooperation in China is relatively lagging behind, leading to the lack of extensive interoperability and sharing of the basic trusted identity resource database, which makes data verification more costly and less efficient.
Third, the development of authentication technology is lagging behind, which cannot meet the requirements of emerging technologies and applications. Cloud computing, big data, mobile Internet, industrial Internet and other new generation information technologies continue to emerge. There are significant differences between emerging technologies and data transmission, storage, processing and other methods in the application environment and traditional information technologies and applications. Existing identity authentication technologies, means and mechanisms are not enough to support the development of new technologies and applications. Therefore, it is urgent to carry out targeted research, formulate a national network trusted identity strategy as soon as possible, and create a trusted cyberspace.
Network security assurance system of key information infrastructure is still imperfect
Key information infrastructure is a vital asset of the country. Once it is damaged, lost function or data leakage, it will not only cause property losses, but also seriously affect the smooth operation of the economy and society. As infrastructure in finance, energy, power, communication and other fields become more and more dependent on information networks, network attacks against key information infrastructure continue to escalate, and network security risks brought by high-level attacks with national background continue to increase. However, the security protection of China's key information infrastructure is still insufficient.
First, the network security inspection and evaluation mechanism is not perfect. The current network communication security inspection focuses on vulnerability discovery, lacks incentive measures for vulnerability repair, and lacks an evaluation system for vulnerability hazard level.
Second, there is a lack of standards in the security assurance of key information infrastructure. Although the industry has accelerated the research on relevant standards, including security assurance indicator system, security inspection and assessment guidelines, information sharing norms and other aspects, there is still a lack of research on security assurance standards in the financial, power and communication sectors. Facing the increasingly severe network security challenges, China should improve the security guarantee system of key information infrastructure as soon as possible.
In this environment, network security insurance, as a new way of network security risk management, has received more and more attention from academia and industry, and has become a new highlight in the era of network economy.
This article is reproduced from the National Engineering Laboratory of Network Security Emergency Technology. If there is any infringement, please contact to delete it.
