State responsibility for network security

[InfoSec News <alerts () infosecnews org>]

http://www.qstheory.cn/kj/yjsk/201309/t20130930_275945.htm

[Translated by Google   - WK]

By Wang Minghua
China Science News
2013.09.30

National cyberspace security responsibilities can be divided into four 
parts: the national defense, space management, network diplomacy, 
comprehensive deterrence.

Cyberspace security is mainly reflected in two aspects, one is the network 
level, two levels of information, namely, information protection and 
information regulation. Network level is divided into two angles of attack 
and defense, so the network level, including network defense and network 
deterrence.

The first half of this year, according to sample monitoring found that 
China was controlled by Trojans and botnets hosts reached 693 million 
units, although this figure has dropped significantly over last year, but 
still very alarming. More than 600 million computers in the end is which 
machines to control it? Most control servers are located outside, 15,000 
Trojans and botnets control server, the United States addresses accounted 
for 1/3. Our country has a large number of websites have been implanted 
"back door", "dark chain" and other covert attacks. Overseas 16000 IP via 
implanted "back door" way of controlling our 33000 sites, a very large 
number.

This year on August 25 morning, the country. Cn domain suffered 
large-scale attacks, resulting in Sina microblogging not work properly. 
Attacker's intention is to attack a game PW domain, to achieve their own 
ends. A few days ago the hacker has been arrested in Qingdao, Shandong.

This is the year occurred a typical network events. Well, the state of 
network security incidents in these what are my responsibilities? State, 
enterprises and individuals how to divide responsibilities?

If the attacker is a hacker organization, and involves the national 
government or critical infrastructure defense only when the need for 
national defense; if the attacker is a national, attack objects whether 
government, business or personal, this time the defender must be a 
national power.

State assumes responsibility related network security What level? If the 
attacker is a common hacker attacks targeted individuals, small audience, 
as cold as the individual who who treat colds. If the attacker is a hacker 
organization, the object is a personal attack, the audience more, like the 
flu, the state needs concerns. If the attack target is a national, even 
personal, like SARS, as the nation will start senior response.

National cyberspace security responsibilities can be divided into four 
parts:

The first is national defense, mainly for foreign organized on the overall 
operation of the Internet in China, critical infrastructure and national 
security threat defense; second is the spatial governance to safeguard 
China's economic development as a starting point, causing large-scale 
damage to the interests of users and impact of the operational security of 
critical infrastructure to handle the event and coordination; third is the 
network diplomacy, the need to establish a broad network security 
mechanisms for cross-border cooperation in the international manifestation 
of our right to speak and influence; fourth is a comprehensive deterrence, 
enhance our monitoring their ability to build defensive tools and ability 
to make others afraid, you can not attack us.

This is the state assumes responsibility for the four aspects. Of course, 
the state requires specific entities assume responsibility, China has such 
a principle, who is in charge who is responsible, who operate who is 
responsible, who is who is responsible for access. When the network 
security incidents occurred in which the entity, specifically in relation 
to who is responsible.

Currently, our overall network security environment there are many 
problems. For example, in business, industry level, many of the security 
company's products are difficult to integrate, it is difficult to form 
together; in the academic research community, the security of our country 
the number of papers published has been ranked first in the world, but the 
article and more, use less, the lack of guidelines and Prospects .

In such circumstances, China's urgent need to establish a comprehensive 
security ecosystem, hoping national cyberspace, governments, businesses, 
organizations and individuals in the network security and defense can be a 
positive interaction, thereby forming a self-running, self-improvement and 
self-cycle organic whole. In a virtuous cycle, so that every aspect of 
every business in which their most valuable form of a ring, to form a good 
ecological chain.

(Author: National Internet Emergency Center Operations Management Division 
Director)



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/