[ISN] State responsibility for network security

http://www.qstheory.cn/kj/yjsk/201309/t20130930_275945.htm [Translated by Google – WK] By Wang Minghua China Science News 2013.09.30 National cyberspace security responsibilities can be divided into four parts: the national defense, space management, network diplomacy, comprehensive deterrence. Cyberspace security is mainly reflected in two aspects, one is the network level, two levels of information, namely, information protection and information regulation. Network level is divided into two angles of attack and defense, so the network level, including network defense and network deterrence. The first half of this year, according to sample monitoring found that China was controlled by Trojans and botnets hosts reached 693 million units, although this figure has dropped significantly over last year, but still very alarming. More than 600 million computers in the end is which machines to control it? Most control servers are located outside, 15,000 Trojans and botnets control server, the United States addresses accounted for 1/3. Our country has a large number of websites have been implanted “back door”, “dark chain” and other covert attacks. Overseas 16000 IP via implanted “back door” way of controlling our 33000 sites, a very large number. This year on August 25 morning, the country. Cn domain suffered large-scale attacks, resulting in Sina microblogging not work properly. Attacker’s intention is to attack a game PW domain, to achieve their own ends. A few days ago the hacker has been arrested in Qingdao, Shandong. This is the year occurred a typical network events. Well, the state of network security incidents in these what are my responsibilities? State, enterprises and individuals how to divide responsibilities? If the attacker is a hacker organization, and involves the national government or critical infrastructure defense only when the need for national defense; if the attacker is a national, attack objects whether government, business or personal, this time the defender must be a national power. State assumes responsibility related network security What level? If the attacker is a common hacker attacks targeted individuals, small audience, as cold as the individual who who treat colds. If the attacker is a hacker organization, the object is a personal attack, the audience more, like the flu, the state needs concerns. If the attack target is a national, even personal, like SARS, as the nation will start senior response. National cyberspace security responsibilities can be divided into four parts: The first is national defense, mainly for foreign organized on the overall operation of the Internet in China, critical infrastructure and national security threat defense; second is the spatial governance to safeguard China’s economic development as a starting point, causing large-scale damage to the interests of users and impact of the operational security of critical infrastructure to handle the event and coordination; third is the network diplomacy, the need to establish a broad network security mechanisms for cross-border cooperation in the international manifestation of our right to speak and influence; fourth is a comprehensive deterrence, enhance our monitoring their ability to build defensive tools and ability to make others afraid, you can not attack us. This is the state assumes responsibility for the four aspects. Of course, the state requires specific entities assume responsibility, China has such a principle, who is in charge who is responsible, who operate who is responsible, who is who is responsible for access. When the network security incidents occurred in which the entity, specifically in relation to who is responsible. Currently, our overall network security environment there are many problems. For example, in business, industry level, many of the security company’s products are difficult to integrate, it is difficult to form together; in the academic research community, the security of our country the number of papers published has been ranked first in the world, but the article and more, use less, the lack of guidelines and Prospects . In such circumstances, China’s urgent need to establish a comprehensive security ecosystem, hoping national cyberspace, governments, businesses, organizations and individuals in the network security and defense can be a positive interaction, thereby forming a self-running, self-improvement and self-cycle organic whole. In a virtuous cycle, so that every aspect of every business in which their most valuable form of a ring, to form a good ecological chain. (Author: National Internet Emergency Center Operations Management Division Director)