On January 21, the Ministry of Industry and Information Technology issued the "Measures for the Management of Communications Network Security Protection" (Order No. 11 of the Ministry of Industry and Information Technology). Li Guobin, deputy director of the Department of Policies and Regulations of the Ministry of Industry and Information Technology, took an exclusive interview with reporters on issues related to the background and the main contents of the Measures.
Reporter: The Ministry of Industry and Information Technology recently issued the “Measures for the Management of Communication Network Security Protection.†What is the significance of the introduction of the regulation?
Li Guobin: With the development of China's telecommunications industry and informatization, political, economic, cultural, and social life are increasingly dependent on communications networks, and communications networks have become the country's key infrastructure. Once the communication network is interrupted, corrupted or congested, or the data information transmitted, stored, or processed therein is lost, leaked or illegally tampered, it will have a serious impact on social and economic life. Formulating the "Measures" and improving the legal system for the security of communications networks will help improve the security protection capabilities and level of communications networks. In addition, with the rapid development of information and communication technologies, communication networks have accelerated their evolution towards digitalization, broadband, and intelligence. Security threats faced by communication networks are increasingly diversified, and non-traditional security issues such as cyber attacks and information theft have become prominent. Compared with traditional security issues, non-traditional security issues are more concealed, and have higher disposal and technical requirements. Combining the characteristics of the development of information and communication technologies, the "Measures" will be formulated to establish a system for grading, filing, and assessing security risks in communications networks, which will help address non-traditional security threats.
Reporter: Can you briefly introduce the process of formulating the "Measures"?
Li Guobin: In June 2009, the Bureau of Communication and Security of the Ministry of Industry and Information Technology completed the “Measure (Draft for Ratification)†and sent it to the Department of Politics and Law for review. After reviewing and improving the “Measures (Draft for Ratification)â€, the Ministry of Law and Politics solicited the opinions of the relevant departments of the Ministry and the provincial Communications Bureau. To ensure the scientific nature of the "Measures", we have also solicited opinions from the public through the website of the external network. From the perspective of opinion feedback, all parties have no principled and different opinions on the various systems to be established in the Measures. Some of the communications administrations put forward some suggestions and opinions on the operability of the Measures and the rationality of the system, for example, whether the local administrative bureau organizes experts to review the network elements and the value-added telecommunications operators are applicable. To this end, in November 2009, the Ministry of Political Science and Law organized a symposium attended by some of the communications administrations to conduct further research on the operability of the Measures and the rationality of the system, and fully researched and absorbed them. Various opinions. On December 29, 2009, the eighth ministerial meeting of the ministry reviewed and approved the Measures (Draft). On January 21, 2010, the Ministry announced the "Measures."
Reporter: The "Measures" is of great significance in strengthening the management of communications network security, improving the security protection capabilities of communications networks, and ensuring the safe and smooth communication networks. Can you tell us what the system has mainly established?
Li Guobin : The "Measures" centered around the management of communication network security protection, and mainly established the following system:
The first is the establishment of a hierarchical protection system for communication network units, which stipulates that the communication network operating unit should divide the unit into a unit that has been officially put into operation, and may destroy the national security, economic operation, and society according to the destruction of communication network units. Factors such as order, public interest, etc., are divided into five levels from low to high. In order to ensure the scientificity of the classification, the "Measures" stipulate that: The communication network operation unit shall organize experts to review the classification of communication network units. At the same time, the "Measures" also stipulates that the communication network operating unit should record the division and rating of the communication network unit with the telecommunications management organization. In order to ensure the operability of the filing work, the "Measures" further clarified the contents of the filing and the verification procedures.
The second is the establishment of a conformity assessment system, which stipulates that communication network operation entities should implement security measures that are appropriate to the level of the communication network unit and conduct conformity assessments. The “Measures†stipulates that: Level 3 and above communication network units should conduct a conformity evaluation once a year, and a secondary communication network unit should conduct conformity evaluation every two years.
The third is the establishment of a security risk assessment system, which stipulates that communication network operation units should organize security risk assessments for communication network units and eliminate major network security risks in a timely manner. The "Measures" stipulates that communication network units at or above level 3 and above should conduct a security risk assessment once a year, and a secondary communication network unit should conduct a security risk assessment every two years.
The fourth is the establishment of a communication network security protection inspection system, which stipulates that the telecommunication management agency should check the communication network security unit's operation of the communication network security protection. The Measures clarified the inspection methods and stipulated that the inspections by the telecommunications management organization must not affect the normal operation of the communications network, and must not charge any fees, and must not require the unit undergoing the inspection to purchase the security software or equipment of the designated brand or designated unit or Other products; The staff of the telecommunication management agency and the professional institutions entrusted by it have the obligation to keep confidential the state secrets, trade secrets, technical secrets and personal privacy that they learned during inspections.
Reporter: The Ministry of Industry and Information Technology recently issued the “Measures for the Management of Communication Network Security Protection.†What is the significance of the introduction of the regulation?
Li Guobin: With the development of China's telecommunications industry and informatization, political, economic, cultural, and social life are increasingly dependent on communications networks, and communications networks have become the country's key infrastructure. Once the communication network is interrupted, corrupted or congested, or the data information transmitted, stored, or processed therein is lost, leaked or illegally tampered, it will have a serious impact on social and economic life. Formulating the "Measures" and improving the legal system for the security of communications networks will help improve the security protection capabilities and level of communications networks. In addition, with the rapid development of information and communication technologies, communication networks have accelerated their evolution towards digitalization, broadband, and intelligence. Security threats faced by communication networks are increasingly diversified, and non-traditional security issues such as cyber attacks and information theft have become prominent. Compared with traditional security issues, non-traditional security issues are more concealed, and have higher disposal and technical requirements. Combining the characteristics of the development of information and communication technologies, the "Measures" will be formulated to establish a system for grading, filing, and assessing security risks in communications networks, which will help address non-traditional security threats.
Reporter: Can you briefly introduce the process of formulating the "Measures"?
Li Guobin: In June 2009, the Bureau of Communication and Security of the Ministry of Industry and Information Technology completed the “Measure (Draft for Ratification)†and sent it to the Department of Politics and Law for review. After reviewing and improving the “Measures (Draft for Ratification)â€, the Ministry of Law and Politics solicited the opinions of the relevant departments of the Ministry and the provincial Communications Bureau. To ensure the scientific nature of the "Measures", we have also solicited opinions from the public through the website of the external network. From the perspective of opinion feedback, all parties have no principled and different opinions on the various systems to be established in the Measures. Some of the communications administrations put forward some suggestions and opinions on the operability of the Measures and the rationality of the system, for example, whether the local administrative bureau organizes experts to review the network elements and the value-added telecommunications operators are applicable. To this end, in November 2009, the Ministry of Political Science and Law organized a symposium attended by some of the communications administrations to conduct further research on the operability of the Measures and the rationality of the system, and fully researched and absorbed them. Various opinions. On December 29, 2009, the eighth ministerial meeting of the ministry reviewed and approved the Measures (Draft). On January 21, 2010, the Ministry announced the "Measures."
Reporter: The "Measures" is of great significance in strengthening the management of communications network security, improving the security protection capabilities of communications networks, and ensuring the safe and smooth communication networks. Can you tell us what the system has mainly established?
Li Guobin : The "Measures" centered around the management of communication network security protection, and mainly established the following system:
The first is the establishment of a hierarchical protection system for communication network units, which stipulates that the communication network operating unit should divide the unit into a unit that has been officially put into operation, and may destroy the national security, economic operation, and society according to the destruction of communication network units. Factors such as order, public interest, etc., are divided into five levels from low to high. In order to ensure the scientificity of the classification, the "Measures" stipulate that: The communication network operation unit shall organize experts to review the classification of communication network units. At the same time, the "Measures" also stipulates that the communication network operating unit should record the division and rating of the communication network unit with the telecommunications management organization. In order to ensure the operability of the filing work, the "Measures" further clarified the contents of the filing and the verification procedures.
The second is the establishment of a conformity assessment system, which stipulates that communication network operation entities should implement security measures that are appropriate to the level of the communication network unit and conduct conformity assessments. The “Measures†stipulates that: Level 3 and above communication network units should conduct a conformity evaluation once a year, and a secondary communication network unit should conduct conformity evaluation every two years.
The third is the establishment of a security risk assessment system, which stipulates that communication network operation units should organize security risk assessments for communication network units and eliminate major network security risks in a timely manner. The "Measures" stipulates that communication network units at or above level 3 and above should conduct a security risk assessment once a year, and a secondary communication network unit should conduct a security risk assessment every two years.
The fourth is the establishment of a communication network security protection inspection system, which stipulates that the telecommunication management agency should check the communication network security unit's operation of the communication network security protection. The Measures clarified the inspection methods and stipulated that the inspections by the telecommunications management organization must not affect the normal operation of the communications network, and must not charge any fees, and must not require the unit undergoing the inspection to purchase the security software or equipment of the designated brand or designated unit or Other products; The staff of the telecommunication management agency and the professional institutions entrusted by it have the obligation to keep confidential the state secrets, trade secrets, technical secrets and personal privacy that they learned during inspections.
Hongzhun Lighting Factory , http://www.gdflashlights.com