In 2010, China's cyber security threats were mainly manifested as security threats from the public Internet environment. "In 2010, the number of viruses dropped, and the economic losses of netizens increased significantly; the number of phishing websites surged and the threat of hanging horse websites decreased; the botnet problem remains serious; the number of falsified government websites has risen sharply."
The network supporting security measures need to be improved. At present, the threat of cyber warfare continues and governments of all countries continue to implement comprehensive cyber information security operations. In terms of supporting measures, various countries have vigorously implemented cybersecurity legislation. The United States and the United Kingdom have continued to conduct information security network assessments and have characterized Internet threats as the greatest security risks faced by these countries. At the same time, the crisis triggered by the Internet public opinion, such as demonstrations in Egypt and Algeria, and new applications such as social networking/microblogging have contributed to the crisis.
Last year, many countries participated in the Internet actual exercises. In September 2010, the United States held an "Internet Storm 3" exercise. The EU launched the 2010 network exercise. South Korea also conducted a network bunker exercise. In addition, the network security around the WikiLeaks has been constantly attacking and keeping warm, has evolved into In fact, in the network wars, WikiLeaks is also wearing "helmets and helmets" to defend against legitimate attacks and maintain the normal operation of the site.
China’s work on communications networks and information security is also being carried out in an orderly manner, and the protection capabilities have gradually improved. In the "Notice on Strengthening and Improving the Management of the Internet", it put forward new ideas and measures for further strengthening and improving Internet management, and made adjustments to the Internet management system and work pattern. At the same time, China has also promulgated the "Measures for the Management of Communication Network Security Protection" and "Administrative Measures for Information Security Responsibility of Basic Telecommunication Enterprises", and has initiated the preparation of the "12th Five-Year Plan" for Communication Networks and Information Security.
In the special management of communication networks in China, special actions were carried out to obscene pornographic information on mobile phones; various basic telecommunications companies established information security specialized agencies; added WAP gateway illegal and harmful information discovery and filtering systems; and built mobile phone website content dialing tests. System; promulgated the "Mobile Internet log retention specification (Trial)"; to strengthen the management of mobile search services; increased the illegal and harmful information acceptance. At the same time, with the launch of China's triple play pilot project, the State Council has established a triple play security assessment team to carry out all-round security assessment of the triple play pilot.
It is worth noting that in the competition of China's Internet companies, user rights are often ignored. At present, most of the Internet software lacks a stable channel of profit. In order to achieve profitability, software often has a large number of plug-ins and junk software inserted into it. Software vendors force installations when they are updated to seek benefits. These phenomena have been banned for many times, and there are some large-scale applications. Security risks, once security problems occur on large-scale application software, will lead to serious consequences, but at present there is still not enough attention. The user safety knowledge of large-scale application software is generally insufficient.
China's network information security laws and regulations also need to be improved, and basic enterprises' ability to prevent and deal with non-traditional network security is significantly strengthened, but the security protection of value-added telecommunications companies and domain name service organizations is still relatively weak. At the same time, our country urgently needs to strengthen the security protection of user data and other legitimate rights and interests of users, and needs to be guaranteed from multiple parties. The protection of personal information of users must be promoted to the agenda of industry supervision.
Ma Zhigang stated that China should work hard to increase the localization of system software, network equipment, and important application software as soon as possible, and at the same time, the supervision department further targeted application providers in the construction of safety technology measures, safety management tools, and safety incident reporting mechanisms. Requests are made and emergency plans are established and professional emergency organizations are established to improve emergency response and coordination capabilities in the event of emergencies in the Internet field. It can be considered to realize the interconnection and intercommunication between different instant messaging software and achieve mutual backup.
New security risks of new technologies and new services With the popularization of mobile Internet and smart phones, there are hidden dangers in the mobile Internet information security. The slack review of software application stores leads to a large number of malicious code distribution, and a large number of content prohibited by laws and regulations of our country are introduced, resulting in serious security. as a result of. At the same time, BlackBerry's unique encryption technology has caused concern in various countries. Many countries in the Middle East have requested surveillance of BlackBerry communication services.
Dr. Ma Zhigang said, "The smart terminal may become the new virus and the risk of smart terminals continues to increase."
According to the "Wall Street Journal" report, some Android applications continue to collect user location information, and 56% of smart phone applications leak privacy to third parties. The problem of smart phones has greatly increased, and the black mobile phone virus industry chain has been formed and is continuously developing.
This requires "there must be supervision from multiple links, intermediate links to strengthen management, the implementation of loopholes in the operating system, communicate with manufacturers to understand the dynamics of the operating system, network service providers must be promptly removed from the illegal," Ma Zhigang said.
In addition, cloud computing and the Internet of Things have become the focus of security concerns. There are several major problems in cloud computing. Cloud computing service providers may gain unauthorized access to user data in ways unknown to users. SSL encryption only solves data transmission security and fails to solve data storage and processing security. Even if isolation technology is adopted, how to serve users? Accessing data to provide security certification has become an important security issue.
There are also problems with the Internet of Things. Sensing intelligent nodes will be the best target for network intrusion, and heterogeneous heterogeneous data needs to be reconfigured by information security protection technology. In addition, the items that are embedded in the RFID chip are also subject to unauthorized perception, and the perception information is intercepted by the unauthorized transmission in the wireless network transmission.
2011 Security Trends New business application security will become the focus of attention. The importance of operational security and security protection for application networks and IT infrastructure will be highlighted. Research on information security issues such as IPv6, triple play, cloud computing, and internet of things will be more in-depth. Ma Zhigang He said that it should strengthen the follow-up research on the security risk of network information brought about by new technologies and new services, establish a new technology and new business network information security assessment mechanism, and open up the network information security assessment mechanism for telecommunication services. At the same time, for some hidden dangers, there are still many regulatory blind spots in the existing domestic application network and Internet IT infrastructure. The industry calls for new regulatory models and more effective supervision methods.
As the deployment of IPv6 networks enters a substantively advanced stage, operational security issues are further highlighted. It is imperative to establish a secure and reliable trust relationship between different levels of the DNS system. At present, the real-name rate of domain name registration information in China is only 23%. China has become the world’s second largest country with fake domain names and websites. China needs to complete the upgrading of related safety equipment systems in a timely manner, establish relevant supporting safety verification and management mechanisms, and continuously upgrade and optimize. The “Baidu Blacked out†incident in 2010 highlighted that domain name security has become a security shortcoming in the basic network. It needs to gain access to real-name systems, conduct regular reviews, and inspect disciplinary measures to strengthen the supervision capabilities of the entire process.
At the same time, the development of cloud computing and the Internet of Things is facing serious security challenges. Cloud computing faces the legal risks of storing data security, hacking attacks, and protecting privacy. User data and application hosting are exposed to risks of leakage and unauthorized use in cloud computing. The cloud computing platform that hosts large-scale services and users is easy to become a hacker attack target, and the loss of a large-scale cloud computing platform is incalculable for users. The large-scale resource capabilities of cloud services, if exploited by hackers or viruses, may cause greater network damage than botnets. The Internet of Things faces major security risks such as secure transmission, malicious intrusion, and privacy breach. In short, the development of cloud computing and the Internet of Things cannot be blocked, ensuring the health and safety of the industry, perfecting laws and regulations, formulating relevant standards, exploring new supervision modes, and supervising technical means are imperative.
Finally, cyberspace is increasingly becoming an important battleground for sovereignty disputes. Traditional and non-traditional security issues are intertwined, and cybersecurity threats related to national interests are becoming more diverse and complex.
Experts Say Intelligent Terminals or Areas Hit by Viruses
"In 2010, China's network security situation was generally stable. No major security incidents occurred in the communications network infrastructure throughout the country or in the provincial administrative regions. There was no major network security problem in the basic telecom operators, domestic domain name registration management and service organizations. Dr. Ma Zhigang, an expert from the Institute of Telecommunications of the Ministry of Industry and Information Technology, said at the industry conference.