2022 The 10th West Lake Forum ·Network Security Conference was held in Beijing and Hangzhou from July 2 to 3. Security 419, as the official cooperative media of this conference, created the first second live broadcast room in the industry, with multiple From the perspective of the conference, we conduct venue exploration, online comments and interpretation of highlights, providing an all-day interesting and informative audio-visual feast to the audience.
In the "West Lake Sword Discussion·Interviews with Big Guys" program in the second live broadcast room, we specially invited School of Public Affairs, University of Science and Technology of China , Cyberspace Zuo Xiaodong, a professor at the School of Security, was a guest in the live broadcast room to once again provide detailed analysis and explore the development context and trends of the network security industry.
To do network security, you have to lower your head to pull the cart, but also raise your head to look at the road.
In order to work together to deal with the new situation and new challenges faced by network security and further empower the high-quality development of the industry, through multi-channel solicitation, netizen voting and expert selection, etc. , this conference released the "Top Ten Future Trends of Network Security", which are: top-level network security design, active immune trusted computing, privacy computing, data security governance, new technology and new application security, and critical information infrastructure security protection. Cyber security insurance, software supply chain security, digital currency security, cyber security education, technology and industry integration.
Professor Zuo Xiaodong said that network security construction requires both lowering the head to pull the cart and raising the head to look at the road. It is extremely important to recognize the direction and grasp the trend. It concluded that the selection results reflected two "consistencies", two key tasks, and two "new".
One of the "consistencies" is to continuously strengthen the top-level design of network security. In 2021, the " Data Security Law ", " Personal Information Protection Law " and " Critical Information Infrastructure Security Protection Regulations " have been promulgated and implemented one after another, and the supporting details and specifications are being continuously improved. It is precisely in this way that after many years of construction, our country's network security work can be carried out in an orderly manner under a basically sound top-level design. Second, we must always pay attention to advanced network security technology. network security is a confrontation between offensive and defensive capabilities. Only by solving core technologies can the country's network security system build a strong barrier. Active immune trusted computing ranks second among the top ten trends, which fully demonstrates that we need innovative, effective, easy-to-use, and autonomously controllable technologies to solve problems.
The two focuses of network security work are critical information infrastructure protection and data security. With the development of technology and the progress of the times, critical information infrastructure has become a hub for providing network information services to the public or supporting the operation of important industries such as energy, communications, finance, transportation, and public utilities. Their interruption or destruction will have a negative impact on important social functions. Serious impact. At the same time, massive data carries increasingly important information and has become an important support for business development and decision-making. It is related to personal privacy, corporate confidentiality and national security, and has become the focus of independent protection, whether it is supervision or The public attaches great importance to it. Among the ten major trends, privacy computing, data security governance, and critical information infrastructure security protection all involve these two aspects of work.
has two "new" ones. One is a new industry direction. adapts to changes in the general environment. As the network security situation develops, new technologies and new solutions will inevitably emerge, and new businesses and new businesses will be formed. Business formats, such as network security insurance, are becoming the choice of more corporate users. The second one is new threat countermeasures . The rapid changes in technology and applications bring new network threats. Security work will have new focus and new countermeasures are needed. Among the ten major trends are new technologies, new application security and software supply. Chain security, digital currency security, etc. are all related to this.
explores the future digital world and makes security a part of development.
continues the topic of future trends. In the network security trend forum of this conference, a themed discussion on "Exploring 2050, Security Dialogue in the Future Digital World" was launched.Professor Zuo Xiaodong pointed out that in the future digital world, security and development should go hand in hand. ensures development with security and promotes security with development. The current security construction of and the specific business development of enterprises are still in a state of independence from each other. Security practitioners are working very hard to educate users and cultivate the market, but users are most concerned about their own business, and security is always a cost item. Role. Therefore, it is necessary to establish a basic understanding - it is not valid to imagine future problems from today's perspective. Only by looking at all this from a development perspective can we make accurate decisions about the future. judgment. Network security cannot just be satisfied with the simultaneous implementation of information design and construction, but should also achieve deeper and more comprehensive integration. makes network security truly a part of development.
Security will be an important part of the construction results of digital city
In December 2021, the Central Cybersecurity and Informatization Commission issued the "14th Five-Year Plan National Informatization Plan", proposing to "continue to improve the evaluation indicator system for the development of Digital China" , dynamically track and monitor the progress of Digital China construction, regularly evaluate the implementation status, analyze and identify potential risks, and release a Digital China Development Report.” In response, Anheng Information and CCID Research Institute officially released the “Digital City Cyber Security Evaluation Index” at this conference. White Paper (2022) "", which first proposed the concept and evaluation criteria of "digital city network security evaluation indicators", providing an important reference for the establishment of a digital city development evaluation index system from the perspective of security.
Professor Zuo Xiaodong further pointed out that technological development drives the rapid construction of digital cities, and the purpose is naturally to let everyone have a better life. To evaluate the happiness index of a city, safety must be an essential dimension. No matter how advanced the smart technology is, no matter how rich and convenient the applications are, if people need to give up their safety, it will only bring shocks and dangers at every step, which loses the original intention of the city to give people warmth. The construction of digital cities needs to consider many aspects such as top-level network security design, management mechanisms, infrastructure security, business system security, monitoring and early warning, response and emergency support, etc., and establish a digital city development evaluation index system. Security indexes must not only be present, but also The weight should be increased.
Clarify that important data is the basis for ensuring data security
Data security has become the focus of attention from all parties in recent years. At the data security governance and personal information protection forum of this conference, Professor Zuo Xiaodong published a speech titled "Progress in Important Data Security Standards" 》keynote speech, in which he explained the background and significance of standard setting. In our country's legal system, relevant obligations are imposed on operators to ensure data security. For example, the Secrecy Law puts forward legal requirements for keeping state secrets, and the Personal Information Protection Law puts forward legal requirements for protecting personal privacy data. Anyone who violates it will face consequences. criminal law severe penalties. However, as the size and category of data expand, there is a considerable amount of data that is neither state secrets nor personal information, nor even classified as intelligence. Once leaked, it will directly affect social, economic operations and citizen health. Even for national security, there is an urgent need to complete the identification standards and protection systems for this type of "important data" through legal means.
" Cyber Security Law " first introduced the concept of important data in the data outbound security assessment system. The "Data Security Law" also emphasized important data when establishing my country's data classification and grading system, and required all regions and departments to determine Specific catalog of important data in this region, this department and related industries and fields. Not only that, the Data Security Law and many other laws, regulations and policy documents have put forward a series of responsibilities and obligations for important data protection. Clearly, whether an organization collects, stores and processes important data has a significant impact on its data security compliance. Therefore, what is important data has become an important fundamental question that urgently needs to be answered.
At present, the national standard "Important Data Identification Rules" are being compiled according to procedures. The latest draft for comments has modified its definition as follows: data in specific fields, specific groups, specific regions or reaching a certain accuracy and scale, once it is leaked or tampered with , damage, which may directly endanger national security, economic operations, social stability, public health and safety. When describing important data identification factors, focus on the consequences perspective rather than the data type perspective. For example, whether it is geographical data or strategic material and energy data, they all have potential military value and may be used by other countries or organizations to launch military attacks on our country. Then, this important data identification factor needs to be described from a "military security" perspective.
