中國優先發展網絡戰略信息化戰 // China to give priority to the development of network strategy & information warfare

中國優先發展網絡戰略信息化戰 //

China to give priority to the development of network strategy & information warfare

Cyberspace has become the national comprehensive security of the door. Network warfare reality, the network battlefield globalization, network confrontation normalization, the network attack heart white hot, the network to build the army of the general trend, no one can block. Give priority to the development of network strategy, and actively seize the commanding heights of network strategy, for my army building is of great significance.

  The main features of network strategy

Network strategic strength refers to the ability to achieve the desired results through cyberspace. From the current development and possible future trends, mainly with the following characteristics.

Composed of multiple. In recent years, the major network events in the world have shown that the strategic power of the military network is the main force of cyberspace competition. The strategic power of the government departments and the private sector is an important part of the cyberspace competition. The “cyber warrior” An important addition.

Strong professionalism. Network strategy strength has a strong latent and difficult to predict, and the speed of light, instantaneous effect, monitoring and early warning is difficult; once the action is effective, damage effect superimposed magnification or non-linear step, with a typical “butterfly effect.” In 2010, the “shock net” virus attacked the centrifuges of the Iranian Bushehr nuclear power plant and the Natanz uranium enrichment plant, resulting in nearly a thousand centrifuge scrapped, forcing Iran’s nuclear capacity building to delay 2 to 3 years, opened the network attack soft means Destroy the national hard facilities.

Destructive. The strategic power of the network is no less than the weapons of mass destruction. Russia and Georgia in 2008, “the five-day war”, the Russian military to Georgia’s television media, government websites and transportation systems as the goal, to carry out a comprehensive “bee group” type of network paralysis attacks, leading to grid government agencies operating chaos, Logistics and communication system collapse, much-needed war materials can not be delivered in a timely manner, the potential of the war has been seriously weakened, a direct impact on the grid of social order, operational command and troop scheduling. The Russian military doctrine has identified cybercrime as a weapon of mass destruction and has retained the right to use weapons of mass destruction or nuclear weapons to counterattack.

Advanced technology and phase. Network strategy strength development speed, replacement fast, technical materialization for the equipment cycle is short. At present, the speed of the microprocessor doubles every 18 months, the backbone bandwidth doubled every six months, a variety of new electronic information equipment after another, all kinds of application software dizzying. Cyber ​​space confrontation is the field of information in the field of offensive and defensive struggle, the use of network strategy forces in the confrontation of the phase with grams, constantly renovated. The development of the firewall and the information monitoring technology makes the software of the anti-wall software upgrade continuously. The development of the firewall and the information monitoring technology has led to the development of the firewall. , Can be described as “a foot high, magic high ten feet.”

  The Developing Trend of Network Strategic

From the subordinate force to the development of key forces. In the past, the network strategic power is mainly for other forces to provide information security, in a subordinate position; with the development of network information technology, network system control of other rights, network strategic forces from subordinate status to the dominant position to accelerate into, to maintain the country The key to safety. There is no network security there is no sovereign security, “no net” to become a new law of war, the world’s major countries around the network space development rights, dominance and control of a new round of competition, especially the United States and Russia adhere to the practice In the use and continue to develop.

From the maintenance of force to the development of specialized forces. In the past, the network strategy is mainly to maintain the network information system and all kinds of network transmission system, network attack and defense attributes are not clear. At present, all areas of the network space in depth, the world’s major countries are hard to build cyberspace offensive and defensive capabilities, the main military power of the network strategy has become a network of reconnaissance, network attacks, network defense and other clear division of labor, professional regular military forces. The United States has so far built the world’s most complete and powerful network of the army, and held a series of “network storm” series of exercises. The new “cyberspace strategy” in the United States, the first public to cyberspace combat as one of the tactical options for future military conflict, clearly proposed to improve the US military in the cyberspace of deterrence and offensive capability. In order to adapt to the new strategy, the US Department of Defense proposed 2018 to build a offensive and defensive, flexible form, with full combat capability of the network forces construction goals.

From the military to the integration of military and civilian development. The development of the strategic power of the military network started relatively late compared with the civil field, and because of the confidentiality of military confrontation and the specificity of the operational objectives, it is often developed independently. With the development of network technology, the military’s own network strategic strength is difficult to meet the needs of diversified tasks, we must learn from local folk technical means, integrate local network resources, realize the integration of military and civilian development. Network space capacity building on the talent, intelligence, experience and other software environment is extremely high, coupled with the local convergence of a wealth of network resources, military and civilian forces to promote the development of cyberspace capabilities become the strong tone of the times.

From a single model to the “network integration” development. At present, the network includes both the computer IP system network and the non-computer IP system network including a large number of complex early warning detection network, satellite communication network and tactical data link. The traditional single network confrontation model is difficult to meet the challenge of cyberspace. With the development of information technology, especially the Internet of Things technology, the relationship between the network and the power of the battlefield network more and more closely, which for the “network integration” in the technical means to provide the possibility. The use of electronic warfare and network warfare means, for different systems around the open bow, broken chain broken network, to achieve complementary advantages, system damage, as the latest guidance on the construction of network space. Data show that the US military typical network of integrated attack equipment “Shu special” system has been from the “Shu-1” to the current development of “Shu-5”. According to reports, “Shute” system through the enemy radar antenna, microwave relay station, network processing nodes to invade the enemy air defense network system, real-time monitoring of enemy radar detection results, even as a system administrator to take over the enemy network, Control of the sensor.

From non-state actors to state actors. At present, the network attack has developed from a single hacker behavior for the national, political, military confrontation, the attack object has been developed from the personal website to the country, the army’s important information system, attack “unit” has grown from stand-alone to tens of thousands Hundreds of thousands of terminals, and can instantly release the amazing attack energy. Although many of the intentions of malicious acts of non-State actors are non-state, the consequences are national, whether they are espionage, political opinions, or personal discontent, or terrorist activities , Have a direct impact on social stability, disrupt the economic order, endanger the stability of state power. Once the relevant reaction is made, the subject of the act must be the state and the army, and not the non-state actors themselves.

  The Construction of Network Strategic Strength

Strengthen strategic planning. Cyberspace competition is the first strategic battle of the contest. From the national level, the network strategy of the power of the main function is to reduce the risk of cyberspace, maintaining the normal operation of the country. We must understand the extreme importance and realistic urgency of cyberspace security from the perspective of national security, raise the focus of cyberspace capacity building to the strategic level, and try to reduce the national cyberspace security while trying to solve the problem of how to make good use of cyberspace Risk, so that cyberspace security has become an important support for national prosperity and security. From the military level, the network strategy is mainly to seize the system of network power. We must expand the military vision, the cyberspace as an important area of ​​action, to seize the system as the core, change the military ideas and ideas, adjust the structure and composition of armed forces, the development of weapons and equipment and take a new tactics.

Speed ​​up the construction of the power system. Maintain cyberspace security in the final analysis depends on the strength. We must base ourselves on the characteristics and laws of cyberspace capacity building, focus on the core elements of network capability system and the overall layout of network strategy, and systematically design the system structure which conforms to the law and characteristics of cyberspace confrontation in our country, and perfect the system of leadership and command Functional tasks, straighten out the relationship between command and management. We should take the network strategic power as an important new combat force, from the organization construction, personnel training, equipment development, elements of training and other aspects, to take extraordinary measures to give priority construction, focus on protection. To normalize the national network of offensive and defensive exercises, test theory, tactics, equipment and technology effectiveness, and comprehensively enhance the comprehensive prevention of cyberspace capabilities.

Promote technological innovation. The essence of cyberspace confrontation is the competition of core technology, and it is necessary to accelerate the independent innovation of network information technology. To improve the ability of independent innovation as a strategic basis to the national innovation system as the basic support, focus on breaking the forefront of network development technology and international competitiveness of the key core technology, advanced deployment and focus on the development of information technology and information industry. To speed up the process of localization of key core technologies, strengthen the construction of safety testing and active early warning means, and gradually improve the equipment system of cyberspace in China, and comprehensively improve our network space capability. To follow the basic laws of cyberspace confrontation, in accordance with the “asymmetric checks and balances” strategy, increase the quantum technology, Internet of things and cloud computing and other new technology research and development efforts to create unique combat capability, master the initiative of cyberspace security development The

Promote the integration of military and civilian development. The integration of the military space ability of military and civilian development is not only the overall situation of national security and development strategy, the overall planning of national defense and economic and social development, but also the objective fact that cyberspace security can not be avoided. We must actively promote the deep integration of military and civilian development, to promote China’s network space capacity supporting the construction. It is necessary to formulate top-level planning in the form of policies and regulations, clarify the objectives, methods, organizational division and basic requirements of the deepening development of cyberspace in the form of policies and regulations, and make the integration of military and civilian development into law enforcement and organizational behavior; To establish a sound military coordination, demand docking, resource sharing mechanism, through a unified leadership management organization and coordination of military needs and major work, to achieve risk sharing, sharing of resources and common development of the new situation. We should pay attention to the distinction between the boundaries of military and civilian integration, clear the concept of development-oriented people and the main battle concept of the army, and actively explore the military and the people, the advantages of complementary channels.

Original Mandarin Chinese:

网络空间成为国家综合安全的命门。网络战争现实化、网络战场全球化、网络对抗常态化、网络攻心白热化、网络建军正规化的大势,无人可挡。优先发展网络战略力量,积极抢占网络战略制高点,对于我军队建设具有重要意义。

  网络战略力量的主要特点

网络战略力量,是指通过网络空间来实现预期结果的能力。从当前发展及未来可能的走势看,主要有以下特点。

组成多元。近年来发生在全球范围内的重大网络事件表明,军队网络战略力量是网络空间竞争的主力军,政府部门、私营机构网络战略力量是网络空间竞争的重要部分,民间“网络战士”是网络空间竞争的重要补充。

专业性强。网络战略力量具有极强的潜伏性和难预测性,且以光速进行、瞬时产生效果,监测预警难度大;一旦行动奏效,损害效果叠加放大或非线性阶跃,具有典型的“蝴蝶效应”。2010年,“震网”病毒攻击了伊朗布什尔核电站和纳坦兹铀浓缩厂的离心机,造成近千台离心机报废,迫使伊朗核能力建设延迟2至3年,开启了网络攻击软手段摧毁国家硬设施的先河。

破坏性大。网络战略力量破坏力不亚于大规模杀伤性武器。2008年俄国与格鲁吉亚“五日战争”中,俄军以格方的电视媒体、政府网站和交通系统等为目标,开展全面的“蜂群”式网络阻瘫攻击,导致格政府机构运作混乱,物流和通信系统崩溃,急需的战争物资无法及时投送,战争潜力受到严重削弱,直接影响了格的社会秩序、作战指挥和部队调度。俄罗斯军事学说已将网络攻击手段定性为大规模毁灭性武器,并保留了运用大规模毁灭性武器或核武器反击的权利。

技术先进且相生相克。网络战略力量发展速度快、更新换代快,技术物化为装备的周期短。当前,微处理器的速度每18个月翻一番,主干网带宽每6个月增加一倍,各种新型电子信息设备层出不穷,各种应用软件目不暇接。网络空间对抗是信息领域的攻防斗争,网络战略力量使用的手段在对抗中相生相克、不断翻新。常规通信受干扰催生了跳、扩频通信体制,跳、扩频通信的出现又催生了频率跟踪干扰、相关信号干扰等新型电子干扰手段;防火墙、信息监控技术的发展,使翻墙软件不断升级,可谓“道高一尺,魔高一丈”。

  网络战略力量的发展趋势

由从属性力量向关键性力量发展。以往网络战略力量主要是为其他力量提供信息保障,处于从属地位;随着网络信息技术的发展,制网权统揽其他制权,网络战略力量由从属地位向主导地位加速转进,成为维护国家安全的关键。没有网络安全就没有主权安全,“无网不胜”成为战争的新定律,世界各主要国家围绕网络空间的发展权、主导权和控制权展开了新一轮的角逐,特别是美俄坚持在实践中运用并不断发展。

由维护型力量向专业化力量发展。以往网络战略力量主要是维护网络化信息系统和各类网络传输系统,网络攻击和防御属性均不鲜明。当下各领域对网络空间深度依赖,世界主要国家无不竭力打造网络空间攻防能力,主要军事强国的网络战略力量业已成为集网络侦察、网络攻击、网络防御等分工明确、专业化的正规军事力量。美国迄今已建成全球编制最齐全、力量最庞大的网军,并多次举行“网络风暴”系列演习。美国新版《网络空间战略》,首次公开把网络空间作战作为今后军事冲突的战术选项之一,明确提出要提高美军在网络空间的威慑和进攻能力。为适应新战略,美国防部提出2018年建成一支攻防兼备、形式灵活,具备全面作战能力的网络部队的建设目标。

由军地自主向军民融合发展。军队网络战略力量的发展相对于民用领域起步较晚,且由于军事对抗的保密性和作战目标的特定性,往往自主发展。随着网络技术的发展,军队自身的网络战略力量难满足多样化任务的需要,必须学习借鉴地方民间技术手段,整合地方网络资源,实现军民融合发展。网络空间能力建设对人才、智力、经验等软件环境要求极高,加上地方汇聚了丰富的网络资源,军民联手推进网络空间能力发展成为时代的强音。

由单一模式向“网电一体”发展。现阶段,网络既包括计算机IP体制网络,更包含大量复杂的预警探测网、卫星通信网、战术数据链等非计算机IP体制网络,传统的单一网络对抗模式难以应对网络空间的挑战。随着信息技术特别是物联网技术的发展,战场网中网与电的关系越来越紧密,这为“网电一体”在技术手段上提供了可能。综合运用电子战与网络战手段,针对不同体制的网络左右开弓、断链破网,实现优势互补、体系破击,成为网络空间能力建设的最新指导。有资料显示,美军典型网电一体攻击装备“舒特”系统已从“舒特-1”发展到目前的“舒特-5”。据报道,“舒特”系统可通过敌方雷达天线、微波中继站、网络处理节点入侵敌方防空网络系统,能够实时监视敌方雷达的探测结果,甚至以系统管理员身份接管敌方网络,实现对传感器的控制。

由非国家行为体向国家行为体发展。目前,网络攻击已从单个的黑客行为发展为国家、政治、军事上的对抗行为,攻击对象已从个人网站发展到国家、军队的重要信息系统,攻击“单元”已从单机发展到数万乃至数十万台终端,且能在瞬时释放惊人的攻击能量。尽管非国家行为体的恶意网络行为目的许多是非国家的,但由此所造成的后果却是国家的,无论是进行间谍活动,还是发表政治主张,或是发泄个人不满情绪,或是进行恐怖活动,都直接影响社会稳定、扰乱经济秩序、危及国家政权稳固。一旦因之作出相关反应,其行为主体一定是国家和军队,而不再是非国家行为体本身。

  网络战略力量的建设指向

加强战略统筹谋划。网络空间竞争首先是战略运筹的较量。从国家层面看,网络战略力量的职能主要是降低网络空间的风险,维护国家正常运转。必须从国家安全的视角认清网络空间安全的极端重要性和现实紧迫性,将网络空间能力建设的着眼点上升到战略层面,在着力解决如何利用好网络空间的同时,努力降低国家网络空间安全风险,使网络空间安全成为国家繁荣与安全的重要支撑。从军队层面看,网络战略力量主要是夺取制网权。必须拓展军事视野,把网络空间作为制权行动的一个重要领域,以夺取制网权为核心,变革军事思想和观念,调整武装力量结构与构成,发展武器装备并采取新的战法。

加快力量体系构建。维护网络空间安全说到底要靠实力。必须立足于网络空间能力建设的特点、规律,围绕我国网络能力体系核心要素和网络战略力量建设总体布局,以系统思维设计符合我国网络空间对抗规律和特点的体系架构,健全领导指挥体制机制,明确职能任务,理顺指挥管理关系。要把网络战略力量作为重要的新型作战力量突出出来,从组织建设、人才培养、装备发展、要素演训等各方面,采取超常举措,给予重点建设、重点保障。要常态化开展国家级网络攻防演练,检验理论、战法、装备及技术的有效性,全面提升网络空间综合防范能力。

推进技术自主创新。网络空间对抗的实质是核心技术的比拼,必须加快推进网络信息技术自主创新。要把提高自主创新能力作为战略基点,以国家创新体系为基本依托,集中力量突破网络发展的前沿技术和具有国际竞争力的关键核心技术,超前部署和重点发展信息技术和信息产业。要加速关键核心技术的国产化进程,加强安全测试和主动预警手段的建设,逐步完善我国网络空间的装备体系,全面提高我国网络空间能力。要遵循网络空间对抗的基本规律,按照“非对称制衡”方略,加大对量子科技、物联网和云计算等新技术的研发力度,以独创技术塑造实战能力,掌握网络空间安全发展的主动权。

推动军民融合发展。网络空间能力的军民融合式发展,既是站在国家安全与发展的战略全局,对国防和经济社会发展统筹谋划,也是网络空间安全不能回避的客观事实。必须积极推动军民深度融合发展,全力推进我国网络空间能力配套建设。要综合军民需求制定顶层规划,以政策法规的形式明确网络空间军民融合深度发展的目标任务、方法路径、组织分工和基本要求等关系全局的重大问题,变军民融合发展为执法行为、组织行为;要建立健全军地协调、需求对接、资源共享机制,通过统一的领导管理机构组织协调军地的各类需求和重大工作,达成风险共担、资源共享、共同发展的新局面。要注重军民融合的界限区分,明确以民为主的发展理念和以军为主的作战理念,积极探索军民一体、优势互补的可行性渠道。

Source URL:

http://theory.people.com.cn/n1/2016/1226/c40531-28977153.html

Full Text of China’s National Cyberspace Security Strategy // 國家網絡空間安全戰略全文

Full Text of China’s National Cyberspace Security Strategy

國家網絡空間安全戰略全文

Beijing,People’s Republic of China

27 DEC 2017

December 27, approved by the Central Network Security and Information Technology Leading Group, the National Internet Information Office released the “national cyberspace security strategy”, the full text is as follows.

The extensive application of information technology and the rise and development of cyberspace have greatly promoted the economic and social prosperity and progress, but also brought new security risks and challenges. Cyberspace security (hereinafter referred to as cybersecurity) concerns the common interests of mankind, related to world peace and development, and national security. Safeguarding China’s network security is an important measure to coordinate and promote the comprehensive construction of a well-off society, comprehensively deepen reform, comprehensively administer the country according to law, and strictly pursue the strategic layout of the party, and realize the goal of “two hundred years” and realize the great rejuvenation of the Chinese nation An important guarantee. In order to implement the “four principles” of promoting the transformation of the global Internet governance system and the “five-point proposition” to build the cyberspace destiny community, we have clarified China’s important position on cyberspace development and security, guided China’s network security work, The state in the cyberspace of sovereignty, security, development interests, the development of this strategy.

First, opportunities and challenges

(A) a major opportunity

With the rapid development of information revolution, Internet, communication network, computer system, automation control system, digital equipment and its application, service and data, such as the network space, is a comprehensive change in people’s production and lifestyle, profound impact on human society Development process.

New channels for information dissemination. The development of network technology, breaking the time and space constraints, expanding the scope of communication, innovative means of communication, triggering a fundamental change in the pattern of communication. The network has become a new channel for people to access information and learn to communicate, and become a new carrier of human knowledge transmission.

Production and life of the new space. In today’s world, the depth of the network into people’s learning, life, work and other aspects of online education, entrepreneurship, health care, shopping, finance and other increasingly popular, more and more people through the network exchange ideas, achievements and dreams.

The new engine of economic development. The Internet is becoming the leading force of innovation-driven development. Information technology is widely used in all sectors of the national economy. It has promoted the upgrading of traditional industries, promoted new technologies, new forms, new industries and new models, promoted the adjustment of economic structure and economic development , For economic and social development has injected new impetus.

Cultural prosperity of the new carrier. The network promotes the cultural exchange and the popularization of knowledge, the release of cultural development vitality, the promotion of cultural innovation creation, the enrichment of people’s spiritual and cultural life, has become a new way to spread culture, provide a new means of public cultural services. Network culture has become an important part of cultural construction.

A new platform for social governance. The role of the network in advancing the national governance system and the modernization of the governance capability has become increasingly prominent. The application of e-government has been deepened, and the government information has been shared and publicized. The government has made scientific decision-making, democratization and rule of law, and has smoothed the channels of citizens’ participation in social governance. An important way to protect citizens’ right to know, to participate, to express and to supervise.

Exchange and cooperation of the new link. The development of information and globalization has promoted the global flow of information, capital, technology, talent and other elements, and promoted the integration of different civilizations. Network to the world into a global village, the international community more and more you have me, I have your fate in the community.

National sovereignty of the new territory. Cyber ​​space has become an important part of human activity with land, sea, sky and space. National sovereignty extension extends to cyberspace, and cyberspace sovereignty becomes an important part of national sovereignty. Respect for cyberspace sovereignty, safeguard network security, seek co-governance, achieve win-win situation, is becoming the international community consensus.

(B) severe challenges

The security situation of the network is becoming more and more serious, the national politics, economy, culture, society, national defense security and the legitimate rights and interests of citizens in cyberspace are facing severe risks and challenges.

Network penetration threatens political security. Political stability is the basic prerequisite for national development and people’s happiness. The use of the network to interfere in the internal affairs of other countries, to attack other countries political system, incite social unrest, subversion of other countries, as well as large-scale network monitoring, network theft and other activities seriously endanger the national political security and user information security.

Network attacks threaten economic security. Network and information systems have become the key infrastructure and the entire economic and social center of the nerve, suffered damage, a major security incident, will lead to energy, transportation, communications, financial and other infrastructure paralysis, resulting in catastrophic consequences, seriously endangering national economic security And public interest.

Network Harmful Information Erosion Cultural Security. Various ideological and cultural networks on the network agitation, confrontation, excellent traditional culture and mainstream values ​​facing the impact. Network rumors, decadent culture and obscenity, violence, superstition and other harmful information contrary to the socialist core values ​​erode the physical and mental health of young people, corrupt the social atmosphere, misleading the value orientation, endangering cultural security. Online moral anomie, the phenomenon of lack of integrity frequent, the degree of network civilization need to be improved.

Network terror and criminals undermine social security. Terrorism, separatism, extremism and other forces to use the network to incite, plan, organize and implement violent terrorist activities, a direct threat to people’s lives and property security, social order. Computer viruses, Trojans and other cyberspace spread spread, cyber-fraud, hacking, infringement of intellectual property rights, abuse of personal information and other illegal acts exist, some organizations want to steal user information, transaction data, location information and business secrets, serious damage to the country , Business and personal interests, affecting social harmony and stability.

The international competition in cyberspace is in the ascendant. International competition and control of cyberspace strategic resources, to seize the right to formulate rules and strategic high ground, to seek strategic competition in the increasingly fierce. Individual countries to strengthen the network deterrence strategy, intensify the cyberspace arms race, world peace by new challenges.

Cyberspace opportunities and challenges coexist, opportunities are greater than challenges. We must insist on active use, scientific development, management according to law, ensure safety, resolutely safeguard network security, make maximum use of cyberspace development potential, and benefit more than 1.3 billion Chinese people for the benefit of all mankind and firm maintenance of world peace.

Second, the goal

With the overall national security concept as the guide, implement the innovation, coordination, green, open and shared development concept, enhance the sense of risk and crisis awareness, the overall situation of domestic and international, overall development of security two major events, active defense, effective response, Promote network space peace, security, openness, cooperation and orderly, safeguard national sovereignty, security, development interests, and realize the strategic goal of building a network power.

Peace: the abuse of information technology has been effectively curbed, cyberspace arms race and other activities threatening international peace have been effectively controlled, cyberspace conflict has been effectively prevented.

Security: network security risks are effectively controlled, the national network security system is sound and perfect, the core technology and equipment are safe and controllable, and the network and information system are stable and reliable. Network security personnel to meet the needs of the whole society of network security awareness, basic protection skills and the use of network confidence greatly improved.

Open: Information technology standards, policies and markets open, transparent, product circulation and information dissemination more smoothly, the digital divide is increasingly bridging. Regardless of size, strength, rich and poor, countries around the world, especially developing countries can share development opportunities, share the fruits of development, fair participation in cyberspace governance.

Cooperation: the world in the technical exchanges, the fight against cyber terrorist and cyber crime and other areas of cooperation more closely, multilateral, democratic and transparent Internet governance system sound and perfect, win-win cooperation as the core of the network space fate community gradually formed.

Order: public interest in the cyberspace, participation, expression, supervision and other legitimate rights and interests are fully protected, cyberspace personal privacy is effectively protected, human rights are fully respected. The network environment of the domestic and international legal system, the standard norms gradually established, the network space to achieve effective management according to law, network environment integrity, civilization, health, freedom of information flow and safeguard national security, public interests to achieve organic unity.

Third, the principle

A safe, stable and prosperous cyberspace is of great significance to all countries and the world. China is willing to work with all countries to strengthen communication, expand consensus, deepen cooperation, and actively promote the global Internet governance system changes, and jointly safeguard the peace and security of cyberspace.

(A) respect for the maintenance of cyberspace sovereignty

Cyberspace sovereignty is inviolable, respect for the independent choice of development path, network management model, Internet public policy and equal participation in international network space management rights. The network affairs within the sovereign scope of each country are made by the people of each country, and each country has the right to take the necessary measures to manage the network activities of its own information system and its own territory according to its own national conditions and draw lessons from international experience, formulate laws and regulations on cyberspace, National information systems and information resources from intrusion, interference, attack and destruction, to protect the legitimate rights and interests of citizens in cyberspace; to prevent, prevent and punish harmful information harmful to national security and interests in the national network to disseminate and maintain cyberspace order. Any country does not engage in network hegemony, do not engage in double standards, do not use the network to interfere in the internal affairs of other countries, do not engage in, condone or support national activities against national security.

(B) the peaceful use of cyberspace

Peaceful use of cyberspace is in the common interest of mankind. States should abide by the principles of the Charter of the United Nations concerning the non-use or threat of use of force and prevent the use of information technology in the context of the maintenance of international security and stability, to boycott cyberspace arms races and prevent cyberspace conflicts. Adhere to mutual respect, equal treatment, seeking common ground while reserving differences, tolerance and mutual trust, respect for each other in cyberspace security interests and major concerns, to promote the construction of a harmonious network world. Against the use of national security as an excuse to use technological advantages to control other countries network and information systems, to collect and steal other countries data, but can not sacrifice the security of other countries to seek their own so-called absolute security.

(C) to manage cyberspace according to law

Comprehensively promote the legalization of cyberspace, adhere to the rule of law network, according to the law network, according to the Internet, so that the Internet in the rule of law on the healthy operation of the track. According to the law to build a good network order, the protection of cyber space information according to the law of free flow, protection of personal privacy, protection of intellectual property rights. Any organization and individual in the cyberspace to enjoy freedom, exercise the rights at the same time, to comply with the law, respect for the rights of others, their own words and deeds on the network.

(4) co-ordinate network security and development

There is no national security without national security, there is no information without modernization. Network security and information is one of the two wings, driven by the two wheels. Correctly handle the development and security of the relationship, adhere to the security development, to promote the development of security. Security is the prerequisite for development, and any development at the expense of security is difficult to sustain. Development is the foundation of security, and development is not the greatest insecurity. No information development, network security is not guaranteed, the existing security and even lost.

Fourth, strategic tasks

China’s Internet users and network size of the world’s first, to maintain China’s network security, not only their own needs, for the maintenance of global network security and world peace are of great significance. China is committed to safeguarding the national cyberspace sovereignty, security, development interests, promote the Internet for the benefit of mankind, and promote the peaceful use of cyberspace and co-governance.

(A) firmly defended cyberspace sovereignty

According to the Constitution and laws and regulations to manage China’s sovereignty within the network activities to protect China’s information facilities and information resources security, including economic, administrative, scientific and technological, legal, diplomatic, military and other measures, unswervingly maintain China’s cyberspace sovereignty. Resolutely oppose all the acts of subverting China’s state power through the Internet and undermining our national sovereignty.

(B) firmly uphold national security

To prevent, stop and punish any act of using the Internet for treason, secession, incitement to rebellion, subversion or incitement to subdue the people’s democratic dictatorship; to prevent, stop and punish the use of the Internet to steal, to disclose state secrets and other acts endangering national security; Prevent, stop and punish foreign forces to use the network to penetrate, destroy, subvert, split the activities.

(Iii) Protection of critical information infrastructures

The key information infrastructure of the country refers to the information facilities that are related to national security, national economy and people’s livelihood, which have been damaged, destroyed or lost, which may seriously endanger the national security and public interests, including but not limited to the provision of public communication, radio and television transmission Information network, energy, finance, transportation, education, scientific research, water conservancy, industrial manufacturing, health care, social security, public utilities and other areas of important information systems, important Internet applications. Take all necessary measures to protect critical information infrastructures and their important data from attack damage. Adhere to the combination of technology and management, protection and deterrence simultaneously, focus on identification, protection, detection, early warning, response, disposal and other aspects, the establishment of the implementation of key information infrastructure protection system, from management, technology, personnel, Comprehensive measures to effectively strengthen the key information infrastructure security protection.

Key information infrastructure protection is the common responsibility of the government, enterprises and society as a whole. The supervisors, the operating units and organizations shall take the necessary measures to ensure the safety of the key information infrastructure in accordance with the requirements of laws, regulations and system standards. Strengthen critical information infrastructure risk assessment. Strengthen the party and government organs and key areas of the site security protection, grassroots party and government organs to build an intensive mode of operation and management. The establishment of government, industry and business network security information orderly sharing mechanism, give full play to enterprises in the protection of key information infrastructure in the important role.

Adhere to open to the outside world, based on open environment to maintain network security. Establish and implement the network security review system, strengthen the supply chain security management, the party and government organs, key industries procurement and use of important information technology products and services to carry out security review, improve product and service security and control, to prevent product service providers And other organizations use information technology to implement unfair competition or harm the interests of users.

(D) to strengthen the construction of network culture

Strengthen the construction of online ideological and cultural positions, vigorously cultivate and practice the socialist core values, the implementation of network content construction projects, the development of a positive network culture, the dissemination of positive energy, gather a strong spiritual strength, and create a good network atmosphere. Encourage the development of new business, create new products, to create the spirit of the times reflect the network culture brand, and constantly improve the network culture industry scale. The implementation of the outstanding culture of Chinese online communication project, and actively promote the excellent traditional culture and contemporary culture of digital, network production and dissemination. Play the advantages of Internet communication platform, promote the excellent cultural exchange between China and foreign countries, so that people understand the Chinese culture, so that the Chinese people understand the excellent culture of all countries, and jointly promote the prosperity and development of network culture, enrich people’s spiritual world and promote the progress of human civilization.

Strengthen the network ethics, network civilization construction, play moral education guide role, with human civilization excellent results nourish network space, repair network ecology. The construction of civilized integrity of the network environment, advocate civilization network, civilized Internet, the formation of safe, civilized and orderly information dissemination order. Resolutely crack down on rumors, obscenity, violence, superstition, cults and other harmful information spread in cyberspace spread. Improve the youth network literacy literacy, strengthen the protection of minors online, through the government, social organizations, communities, schools, families and other aspects of the joint efforts for the healthy growth of young people to create a good network environment.

(5) to combat cyber terror and crime

Strengthen the network anti-terrorism, anti-spy, anti-stealing capacity building, crack down on cyber terror and cyber espionage.

Adhere to comprehensive management, source control, according to the law to prevent, crack down on cyber fraud, Internet theft, trafficking in drug trafficking, infringement of personal information, dissemination of pornography, hacking, infringement of intellectual property rights and other criminal acts.

(6) improve the network management system

Adhere to the law, open, transparent network management network, and effectively do law, according to law, law enforcement must be strict, illegal research. Improve the network security laws and regulations system, enacted network security law, minor network protection regulations and other laws and regulations, a clear social responsibility and obligations, a clear network security management requirements. To speed up the revision and interpretation of existing laws, so that it applies to cyberspace. Improve the network security related system, establish a network trust system, improve the network security management of the scientific standardization level.

Speed ​​up the construction of legal norms, administrative supervision, industry self-discipline, technical support, public supervision, social education, a combination of network governance system to promote the network of social organization and management innovation, improve the basic management, content management, industry management and network crime prevention and combat Work linkage mechanism. Strengthen the cyberspace communication secrets, freedom of speech, trade secrets, as well as the right to reputation, property rights and other legitimate rights and interests of protection.

Encourage social organizations to participate in network governance, the development of network public welfare undertakings, strengthen the new network of social organization. Encourage Internet users to report network violations and bad information.

(7) reinforce the network security foundation

Adhere to innovation-driven development, and actively create a policy environment conducive to technological innovation, co-ordinate resources and strength to enterprises as the main body, combining production and research, collaborative research to point to the surface, the overall advance, as soon as possible in the core technology breakthrough. Attention to software security, accelerate the application of secure and credible products. The development of network infrastructure, rich network space information content. The implementation of “Internet +” action, vigorously develop the network economy. The implementation of national large data strategy, the establishment of large data security management system to support large data, cloud computing and other new generation of information technology innovation and application. Optimize the market environment, encourage network security enterprises bigger and stronger, to protect the national network security and consolidate the industrial base.

Establish and improve the national network security technology support system. Strengthening the basic theory and major problems of network security. Strengthen the network security standardization and certification work, more use of standard norms cyberspace behavior. Do a good job of level protection, risk assessment, vulnerability discovery and other basic work, improve the network security monitoring and early warning and network security emergency response mechanism.

The implementation of network security personnel projects, strengthen the network security professional construction, build first-class network security college and innovation park, the formation of personnel training and innovation and entrepreneurship of the ecological environment. Run the network security publicity week activities, vigorously carry out the national network security publicity and education. Promote the network security education into the teaching materials, into the school, into the classroom, improve the network media literacy, enhance the whole society network security awareness and protection skills, improve the network of Internet users harmful information, network fraud and other illegal and criminal activities identification and resistance.

(8) to enhance the ability of network space protection

Cyberspace is the new territory of national sovereignty. Construction and international status commensurate with the network power to adapt to the network space protection, and vigorously develop the network security and defense means to detect and resist the network invasion, casting and maintenance of national network security strong backing.

(9) to strengthen international cooperation in cyberspace

On the basis of mutual respect and mutual trust, strengthen cooperation in international cyberspace dialogue and promote the transformation of the global governance system of the Internet. Deepen cooperation with the bilateral and multilateral network security dialogue and information communication, effective control of differences, and actively participate in global and regional organizations, network security cooperation, to promote the Internet address, root domain name servers and other basic resource management internationalization.

Support the United Nations to play a leading role in promoting the development of international agreements on cyberspace, international cyberspace international anti-terrorism conventions, and sound legal mechanisms to combat cybercrime, deepening policy and legal, technical innovation, standards, emergency response, critical information infrastructure Protection and other fields of international cooperation.

Strengthen support for assistance in the development of Internet technologies and infrastructure in developing and backward regions, and strive to bridge the digital divide. To promote “along the way” building, improve the level of international communication interoperability, smooth information Silk Road. To build the World Internet Conference and other global Internet sharing system, and jointly promote the healthy development of the Internet. We will build a multilateral, democratic and transparent international Internet governance system through active and effective international cooperation to build a peaceful, safe, open, cooperative and orderly cyberspace.

Original Mandarin Chinese:

12月27日,經中央網絡安全和信息化領導小組批准,國家互聯網信息辦公室發布《國家網絡空間安全戰略》,全文如下。

信息技術廣泛應用和網絡空間興起發展,極大促進了經濟社會繁榮進步,同時也帶來了新的安全風險和挑戰。網絡空間安全(以下稱網絡安全)事關人類共同利益,事關世界和平與發展,事關各國國家安全。維護我國網絡安全是協調推進全面建成小康社會、全面深化改革、全面依法治國、全面從嚴治黨戰略佈局的重要舉措,是實現“兩個一百年”奮鬥目標、實現中華民族偉大復興中國夢的重要保障。為貫徹落實習近平主席關於推進全球互聯網治理體系變革的“四項原則”和構建網絡空間命運共同體的“五點主張”,闡明中國關於網絡空間發展和安全的重大立場,指導中國網絡安全工作,維護國家在網絡空間的主權、安全、發展利益,制定本戰略。

一、機遇和挑戰

(一)重大機遇

伴隨信息革命的飛速發展,互聯網、通信網、計算機系統、自動化控制系統、數字設備及其承載的應用、服務和數據等組成的網絡空間,正在全面改變人們的生產生活方式,深刻影響人類社會歷史發展進程。

信息傳播的新渠道。網絡技術的發展,突破了時空限制,拓展了傳播範圍,創新了傳播手段,引發了傳播格局的根本性變革。網絡已成為人們獲取信息、學習交流的新渠道,成為人類知識傳播的新載體。

生產生活的新空間。當今世界,網絡深度融入人們的學習、生活、工作等方方面面,網絡教育、創業、醫療、購物、金融等日益普及,越來越多的人通過網絡交流思想、成就事業、實現夢想。

經濟發展的新引擎。互聯網日益成為創新驅動發展的先導力量,信息技術在國民經濟各行業廣泛應用,推動傳統產業改造升級,催生了新技術、新業態、新產業、新模式,促進了經濟結構調整和經濟發展方式轉變,為經濟社會發展注入了新的動力。

文化繁榮的新載體。網絡促進了文化交流和知識普及,釋放了文化發展活力,推動了文化創新創造,豐富了人們精神文化生活,已經成為傳播文化的新途徑、提供公共文化服務的新手段。網絡文化已成為文化建設的重要組成部分。

社會治理的新平台。網絡在推進國家治理體系和治理能力現代化方面的作用日益凸顯,電子政務應用走向深入,政府信息公開共享,推動了政府決策科學化、民主化、法治化,暢通了公民​​參與社會治理的渠道,成為保障公民知情權、參與權、表達權、監督權的重要途徑。

交流合作的新紐帶。信息化與全球化交織發展,促進了信息、資金、技術、人才等要素的全球流動,增進了不同文明交流融合。網絡讓世界變成了地球村,國際社會越來越成為你中有我、我中有你的命運共同體。

國家主權的新疆域。網絡空間已經成為與陸地、海洋、天空、太空同等重要的人類活動新領域,國家主權拓展延伸到網絡空間,網絡空間主權成為國家主權的重要組成部分。尊重網絡空間主權,維護網絡安全,謀求共治,實現共贏,正在成為國際社會共識。

(二)嚴峻挑戰

網絡安全形勢日益嚴峻,國家政治、經濟、文化、社會、國防安全及公民在網絡空間的合法權益面臨嚴峻風險與挑戰。

網絡滲透危害政治安全。政治穩定是國家發展、人民幸福的基本前提。利用網絡干涉他國內政、攻擊他國政治制度、煽動社會動亂、顛覆他國政權,以及大規模網絡監控、網絡竊密等活動嚴重危害國家政治安全和用戶信息安全。

網絡攻擊威脅經濟安全。網絡和信息系統已經成為關鍵基礎設施乃至整個經濟社會的神經中樞,遭受攻擊破壞、發生重大安全事件,將導致能源、交通、通信、金融等基礎設施癱瘓,造成災難性後果,嚴重危害國家經濟安全和公共利益。

網絡有害信息侵蝕文化安全。網絡上各種思想文化相互激盪、交鋒,優秀傳統文化和主流價值觀面臨衝擊。網絡謠言、頹廢文化和淫穢、暴力、迷信等違背社會主義核心價值觀的有害信息侵蝕青少年身心健康,敗壞社會風氣,誤導價值取向,危害文化安全。網上道德失範、誠信缺失現象頻發,網絡文明程度亟待提高。

網絡恐怖和違法犯罪破壞社會安全。恐怖主義、分裂主義、極端主義等勢力利用網絡煽動、策劃、組織和實施暴力恐怖活動,直接威脅人民生命財產安全、社會秩序。計算機病毒、木馬等在網絡空間傳播蔓延,網絡欺詐、黑客攻擊、侵犯知識產權、濫用個人信息等不法行為大量存在,一些組織肆意竊取用戶信息、交易數據、位置信息以及企業商業秘密,嚴重損害國家、企業和個人利益,影響社會和諧穩定。

網絡空間的國際競爭方興未艾。國際上爭奪和控製網絡空間戰略資源、搶占規則制定權和戰略制高點、謀求戰略主動權的競爭日趨激烈。個別國家強化網絡威懾戰略,加劇網絡空間軍備競賽,世界和平受到新的挑戰。

網絡空間機遇和挑戰並存,機遇大於挑戰。必須堅持積極利用、科學發展、依法管理、確保安全,堅決維護網絡安全,最大限度利用網絡空間發展潛力,更好惠及13億多中國人民,造福全人類,堅定維護世界和平。

二、目標

以總體國家安全觀為指導,貫徹落實創新、協調、綠色、開放、共享的發展理念,增強風險意識和危機意識,統籌國內國際兩個大局,統籌發展安全兩件大事,積極防禦、有效應對,推進網絡空間和平、安全、開放、合作、有序,維護國家主權、安全、發展利益,實現建設網絡強國的戰略目標。

和平:信息技術濫用得到有效遏制,網絡空間軍備競賽等威脅國際和平的活動得到有效控制,網絡空間衝突得到有效防範。

安全:網絡安全風險得到有效控制,國家網絡安全保障體系健全完善,核心技術裝備安全可控,網絡和信息系統運行穩定可靠。網絡安全人才滿足需求,全社會的網絡安全意識、基本防護技能和利用網絡的信心大幅提升。

開放:信息技術標準、政策和市場開放、透明,產品流通和信息傳播更加順暢,數字鴻溝日益彌合。不分大小、強弱、貧富,世界各國特別是發展中國家都能分享發展機遇、共享發展成果、公平參與網絡空間治理。

合作:世界各國在技術交流、打擊網絡恐怖和網絡犯罪等領域的合作更加密切,多邊、民主、透明的國際互聯網治理體系健全完善,以合作共贏為核心的網絡空間命運共同體逐步形成。

有序:公眾在網絡空間的知情權、參與權、表達權、監督權等合法權益得到充分保障,網絡空間個人隱私獲得有效保護,人權受到充分尊重。網絡空間的國內和國際法律體系、標準規範逐步建立,網絡空間實現依法有效治理,網絡環境誠信、文明、健康,信息自由流動與維護國家安全、公共利益實現有機統一。

三、原則

一個安全穩定繁榮的網絡空間,對各國乃至世界都具有重大意義。中國願與各國一道,加強溝通、擴大共識、深化合作,積極推進全球互聯網治理體系變革,共同維護網絡空間和平安全。

(一)尊重維護網絡空間主權

網絡空間主權不容侵犯,尊重各國自主選擇發展道路、網絡管理模式、互聯網公共政策和平等參與國際網絡空間治理的權利。各國主權範圍內的網絡事務由各國人民自己做主,各國有權根據本國國情,借鑒國際經驗,制定有關網絡空間的法律法規,依法採取必要措施,管理本國信息系統及本國疆域上的網絡活動;保護本國信息系統和信息資源免受侵入、干擾、攻擊和破壞,保障公民在網絡空間的合法權益;防範、阻止和懲治危害國家安全和利益的有害信息在本國網絡傳播,維護網絡空間秩序。任何國家都不搞網絡霸權、不搞雙重標準,不利用網絡干涉他國內政,不從事、縱容或支持危害他國國家安全的網絡活動。

(二)和平利用網絡空間

和平利用網絡空間符合人類的共同利益。各國應遵守《聯合國憲章》關於不得使用或威脅使用武力的原則,防止信息技術被用於與維護國際安全與穩定相悖的目的,共同抵製網絡空間軍備競賽、防範網絡空間衝突。堅持相互尊重、平等相待,求同存異、包容互信,尊重彼此在網絡空間的安全利益和重大關切,推動構建和諧網絡世界。反對以國家安全為藉口,利用技術優勢控制他國網絡和信息系統、收集和竊取他國數據,更不能以犧牲別國安全謀求自身所謂絕對安全。

(三)依法治理網絡空間

全面推進網絡空間法治化,堅持依法治網、依法辦網、依法上網,讓互聯網在法治軌道上健康運行。依法構建良好網絡秩序,保護網絡空間信息依法有序自由流動,保護個人隱私,保護知識產權。任何組織和個人在網絡空間享有自由、行使權利的同時,須遵守法律,尊重他人權利,對自己在網絡上的言行負責。

(四)統籌網絡安全與發展

沒有網絡安全就沒有國家安全,沒有信息化就沒有現代化。網絡安全和信息化是一體之兩翼、驅動之雙輪。正確處理髮展和安全的關係,堅持以安全保發展,以發展促安全。安全是發展的前提,任何以犧牲安全為代價的發展都難以持續。發展是安全的基礎,不發展是最大的不安全。沒有信息化發展,網絡安全也沒有保障,已有的安全甚至會喪失。

四、戰略任務

中國的網民數量和網絡規模世界第一,維護好中國網絡安全,不僅是自身需要,對於維護全球網絡安全乃至世界和平都具有重大意義。中國致力於維護國家網絡空間主權、安全、發展利益,推動互聯網造福人類,推動網絡空間和平利用和共同治理。

(一)堅定捍衛網絡空間主權

根據憲法和法律法規管理我國主權範圍內的網絡活動,保護我國信息設施和信息資源安全,採取包括經濟、行政、科技、法律、外交、軍事等一切措施,堅定不移地維護我國網絡空間主權。堅決反對通過網絡顛覆我國國家政權、破壞我國國家主權的一切行為。

(二)堅決維護國家安全

防範、制止和依法懲治任何利用網絡進行叛國、分裂國家、煽動叛亂、顛覆或者煽動顛覆人民民主專政政權的行為;防範、制止和依法懲治利用網絡進行竊取、洩露國家秘密等危害國家安全的行為;防範、制止和依法懲治境外勢力利用網絡進行滲透、破壞、顛覆、分裂活動。

(三)保護關鍵信息基礎設施

國家關鍵信息基礎設施是指關係國家安全、國計民生,一旦數據洩露、遭到破壞或者喪失功能可能嚴重危害國家安全、公共利益的信息設施,包括但不限於提供公共通信、廣播電視傳輸等服務的基礎信息網絡,能源、金融、交通、教育、科研、水利、工業製造、醫療衛生、社會保障、公用事業等領域和國家機關的重要信息系統,重要互聯網應用系統等。採取一切必要措施保護關鍵信息基礎設施及其重要數據不受攻擊破壞。堅持技術和管理並重、保護和震懾並舉,著眼識別、防護、檢測、預警、響應、處置等環節,建立實施關鍵信息基礎設施保護製度,從管理、技術、人才、資金等方面加大投入,依法綜合施策,切實加強關鍵信息基礎設施安全防護。

關鍵信息基礎設施保護是政府、企業和全社會的共同責任,主管、運營單位和組織要按照法律法規、制度標準的要求,採取必要措施保障關鍵信息基礎設施安全,逐步實現先評估後使用。加強關鍵信息基礎設施風險評估。加強黨政機關以及重點領域網站的安全防護,基層黨政機關網站要按集約化模式建設運行和管理。建立政府、行業與企業的網絡安全信息有序共享機制,充分發揮企業在保護關鍵信息基礎設施中的重要作用。

堅持對外開放,立足開放環境下維護網絡安全。建立實施網絡安全審查制度,加強供應鏈安全管理,對黨政機關、重點行業採購使用的重要信息技術產品和服務開展安全審查,提高產品和服務的安全性和可控性,防止產品服務提供者和其他組織利用信息技術優勢實施不正當競爭或損害用戶利益。

(四)統籌網絡安全與發展

沒有網絡安全就沒有國家安全,沒有信息化就沒有現代化。網絡安全和信息化是一體之兩翼、驅動之雙輪。正確處理髮展和安全的關係,堅持以安全保發展,以發展促安全。安全是發展的前提,任何以犧牲安全為代價的發展都難以持續。發展是安全的基礎,不發展是最大的不安全。沒有信息化發展,網絡安全也沒有保障,已有的安全甚至會喪失。

四、戰略任務

中國的網民數量和網絡規模世界第一,維護好中國網絡安全,不僅是自身需要,對於維護全球網絡安全乃至世界和平都具有重大意義。中國致力於維護國家網絡空間主權、安全、發展利益,推動互聯網造福人類,推動網絡空間和平利用和共同治理。

(一)堅定捍衛網絡空間主權

根據憲法和法律法規管理我國主權範圍內的網絡活動,保護我國信息設施和信息資源安全,採取包括經濟、行政、科技、法律、外交、軍事等一切措施,堅定不移地維護我國網絡空間主權。堅決反對通過網絡顛覆我國國家政權、破壞我國國家主權的一切行為。

(二)堅決維護國家安全

防範、制止和依法懲治任何利用網絡進行叛國、分裂國家、煽動叛亂、顛覆或者煽動顛覆人民民主專政政權的行為;防範、制止和依法懲治利用網絡進行竊取、洩露國家秘密等危害國家安全的行為;防範、制止和依法懲治境外勢力利用網絡進行滲透、破壞、顛覆、分裂活動。

(三)保護關鍵信息基礎設施

國家關鍵信息基礎設施是指關係國家安全、國計民生,一旦數據洩露、遭到破壞或者喪失功能可能嚴重危害國家安全、公共利益的信息設施,包括但不限於提供公共通信、廣播電視傳輸等服務的基礎信息網絡,能源、金融、交通、教育、科研、水利、工業製造、醫療衛生、社會保障、公用事業等領域和國家機關的重要信息系統,重要互聯網應用系統等。採取一切必要措施保護關鍵信息基礎設施及其重要數據不受攻擊破壞。堅持技術和管理並重、保護和震懾並舉,著眼識別、防護、檢測、預警、響應、處置等環節,建立實施關鍵信息基礎設施保護製度,從管理、技術、人才、資金等方面加大投入,依法綜合施策,切實加強關鍵信息基礎設施安全防護。

關鍵信息基礎設施保護是政府、企業和全社會的共同責任,主管、運營單位和組織要按照法律法規、制度標準的要求,採取必要措施保障關鍵信息基礎設施安全,逐步實現先評估後使用。加強關鍵信息基礎設施風險評估。加強黨政機關以及重點領域網站的安全防護,基層黨政機關網站要按集約化模式建設運行和管理。建立政府、行業與企業的網絡安全信息有序共享機制,充分發揮企業在保護關鍵信息基礎設施中的重要作用。

堅持對外開放,立足開放環境下維護網絡安全。建立實施網絡安全審查制度,加強供應鏈安全管理,對黨政機關、重點行業採購使用的重要信息技術產品和服務開展安全審查,提高產品和服務的安全性和可控性,防止產品服務提供者和其他組織利用信息技術優勢實施不正當競爭或損害用戶利益。

(四)加強網絡文化建設

加強網上思想文化陣地建設,大力培育和踐行社會主義核心價值觀,實施網絡內容建設工程,發展積極向上的網絡文化,傳播正能量,凝聚強大精神力量,營造良好網絡氛圍。鼓勵拓展新業務、創作新產品,打造體現時代精神的網絡文化品牌,不斷提高網絡文化產業規模水平。實施中華優秀文化網上傳播工程,積極推動優秀傳統文化和當代文化精品的數字化、網絡化製作和傳播。發揮互聯網傳播平台優勢,推動中外優秀文化交流互鑑,讓各國人民了解中華優秀文化,讓中國人民了解各國優秀文化,共同推動網絡文化繁榮發展,豐富人們精神世界,促進人類文明進步。

加強網絡倫理、網絡文明建設,發揮道德教化引導作用,用人類文明優秀成果滋養網絡空間、修復網絡生態。建設文明誠信的網絡環境,倡導文明辦網、文明上網,形成安全、文明、有序的信息傳播秩序。堅決打擊謠言、淫穢、暴力、迷信、邪教等違法有害信息在網絡空間傳播蔓延。提高青少年網絡文明素養,加強對未成年人上網保護,通過政府、社會組織、社區、學校、家庭等方面的共同努力,為青少年健康成長創造良好的網絡環境。

(五)打擊網絡恐怖和違法犯罪

加強網絡反恐、反間諜、反竊密能力建設,嚴厲打擊網絡恐怖和網絡間諜活動。

堅持綜合治理、源頭控制、依法防範,嚴厲打擊網絡詐騙、網絡盜竊、販槍販毒、侵害公民個人信息、傳播淫穢色情、黑客攻擊、侵犯知識產權等違法犯罪行為。

(六)完善網絡治理體系

堅持依法、公開、透明管網治網,切實做到有法可依、有法必依、執法必嚴、違法必究。健全網絡安全法律法規體系,制定出台網絡安全法、未成年人網絡保護條例等法律法規,明確社會各方面的責任和義務,明確網絡安全管理要求。加快對現行法律的修訂和解釋,使之適用於網絡空間。完善網絡安全相關製度,建立網絡信任體系,提高網絡安全管理的科學化規範化水平。

加快構建法律規範、行政監管、行業自律、技術保障、公眾監督、社會教育相結合的網絡治理體系,推進網絡社會組織管理創新,健全基礎管理、內容管理、行業管理以及網絡違法犯罪防範和打擊等工作聯動機制。加強網絡空間通信秘密、言論自由、商業秘密,以及名譽權、財產權等合法權益的保護。

鼓勵社會組織等參與網絡治理,發展網絡公益事業,加強新型網絡社會組織建設。鼓勵網民舉報網絡違法行為和不良信息。

(七)夯實網絡安全基礎

堅持創新驅動發展,積極創造有利於技術創新的政策環境,統籌資源和力量,以企業為主體,產學研用相結合,協同攻關、以點帶面、整體推進,盡快在核心技術上取得突破。重視軟件安全,加快安全可信產品推廣應用。發展網絡基礎設施,豐富網絡空間信息內容。實施“互聯網+”行動,大力發展網絡經濟。實施國家大數據戰略,建立大數據安全管理制度,支持大數據、雲計算等新一代信息技術創新和應用。優化市場環境,鼓勵網絡安全企業做大做強,為保障國家網絡安全夯實產業基礎。

建立完善國家網絡安全技術支撐體系。加強網絡安全基礎理論和重大問題研究。加強網絡安全標準化和認證認可工作,更多地利用標準規範網絡空間行為。做好等級保護、風險評估、漏洞發現等基礎性工作,完善網絡安全監測預警和網絡安全重大事件應急處置機制。

實施網絡安全人才工程,加強網絡安全學科專業建設,打造一流網絡安全學院和創新園區,形成有利於人才培養和創新創業的生態環境。辦好網絡安全宣傳周活動,大力開展全民網絡安全宣傳教育。推動網絡安全教育進教材、進學校、進課堂,提高網絡媒介素養,增強全社會網絡安全意識和防護技能,提高廣大網民對網絡違法有害信息、網絡欺詐等違法犯罪活動的辨識和抵禦能力。

(八)提升網絡空間防護能力

網絡空間是國家主權的新疆域。建設與我國國際地位相稱、與網絡強國相適應的網絡空間防護力量,大力發展網絡安全防御手段,及時發現和抵禦網絡入侵,鑄造維護國家網絡安全的堅強後盾。

(九)強化網絡空間國際合作

在相互尊重、相互信任的基礎上,加強國際網絡空間對話合作,推動互聯網全球治理體系變革。深化同各國的雙邊、多邊網絡安全對話交流和信息溝通,有效管控分歧,積極參與全球和區域組織網絡安全合作,推動互聯網地址、根域名服務器等基礎資源管理國際化。

支持聯合國發揮主導作用,推動制定各方普遍接受的網絡空間國際規則、網絡空間國際反恐公約,健全打擊網絡犯罪司法協助機制,深化在政策法律、技術創新、標準規範、應急響應、關鍵信息基礎設施保護等領域的國際合作。

加強對發展中國家和落後地區互聯網技術普及和基礎設施建設的支持援助,努力彌合數字鴻溝。推動“一帶一路”建設,提高國際通信互聯互通水平,暢通信息絲綢之路。搭建世界互聯網大會等全球互聯網共享共治平台,共同推動互聯網健康發展。通過積極有效的國際合作,建立多邊、民主、透明的國際互聯網治理體系,共同構建和平、安全、開放、合作、有序的網絡空間。

Original Source: http://politics.people.com.cn/n1/2016/1227/c1001-28980829.html

 

A Summary of China ‘s Internet Security Situation in China in 2016 // 2016年中國中國互聯網安全形勢總結

A Summary of China ‘s Internet Security Situation in China in 2016

2016年中國中國互聯網安全形勢總結

19 APRIL 2017 BEIJING, People’s Republic of China

April 19, the National Computer Network Emergency Technology Processing Coordination Center (referred to as “National Internet Emergency Response Center”, the English referred to as “CNCERT”) released “China’s Internet security situation in 2016,” a review of China’s Internet macro security situation monitoring On the basis of the combination of network security warning and emergency response work, the paper focuses on analyzing and summarizing the Internet security situation of China in 2016 and predicting the hotspot of network security in 2017.

Analysis of Internet Security Monitoring Data in China in 2016

CNCs continued to monitor the macroeconomic situation of China’s cybersecurity. In 2016, the number of mobile Internet malicious programs was captured, the number of backdoor attacks and the number of security vulnerabilities were increased compared with 2015, and the number of Trojans and botnets was denied. Quantity, phishing and page tampering the number of pages have declined.

According to the sampling monitoring, about 70,000 Trojans and botnet control servers in 2016 control 1699 million hosts in our country, the number of control servers decreased by 8.0% compared with 2015, the number of domestic infection host decreased by 14.1% compared with 2015. The Among them, about 48,000 from outside the control server control of China’s 1499 million units in the host, from the United States the number of control servers in the first place, followed by Hong Kong, China and Japan.

In the botnet found in the detection of malicious programs and the formation of botnets, the size of more than 100 hosts in the number of botnets 4896, of which the size of more than 100,000 units in the number of botnets 52. According to the quantitative analysis of the distribution of Trojans and botnets in China, the top three were Guangdong Province (13.4% of the total number of infections in China), Jiangsu Province (9.2%) and Shandong Province (8.3 %). In order to effectively control the damage caused by the host of Trojans and botnets, in 2016, under the guidance of the Ministry of Industry and Information Technology, under the guidance of “Trojan and botnet monitoring and disposal mechanism”, CNCERT organization basic telecommunications companies, domain name service agencies, etc. successfully closed 1011 Control the larger botnets.

In 2016, CNCERT received more than 205 million mobile Internet malpractions through autonomous capture and vendor switching, an increase of 39.0% over 2015, and continued to maintain rapid growth in the past seven years. According to their malicious behavior classification, the top three were hooliganism, malicious deductions and tariff consumption class 1, accounting for 61.1%, respectively, 18.2% and 13.6%. CNCERT found that mobile Internet malicious program download links nearly 670,000, an increase of nearly 1.2 times compared with 2015, involving more than 22 million source of the source, IP address of more than 30,000, the number of malicious programs spread to 124 million times.

In 2016, CNCERT focused on the “album” category 2 Andrews and malicious pornographic software with malicious deductions and maliciously disseminated attributes that were spread by SMS and had malicious behavior such as stealing user messages and correspondence, and coordinated work The A total of 47,316 cases of such malicious programs were found in the year, and more than 1.01 million were collected, and 6045 domain names were used to disseminate malicious programs. 7645 malicious mailbox accounts for receiving user’s text messages and contacts were used to receive user text messages Malicious mobile phone number 6616, leaked users SMS and address book mail 222 million, seriously endangering the user’s personal information security and property security. Under the guidance of the Ministry of Industry and Information Technology, according to the “mobile Internet malicious program monitoring and disposal mechanism”, CNCERT organization of e-mail service providers, domain name registrar and other active coordination work to find the malicious mailbox account, malicious domain name, etc. Dispose of.

Second, 2016 China’s Internet security situation

In recent years, with China’s network security laws and regulations, management system of continuous improvement, China’s network security technology strength, personnel, international cooperation, and achieved remarkable results. In 2016, China’s Internet security situation is generally stable, the rapid development of network security industry, network security and protection capabilities have been improved, international cooperation to further strengthen the network security. But with cyberspace strategically

The increasing number of countries, the world’s major countries have set up cyberspace attack capability, the growing national network conflict, China’s cyberspace security challenges facing increasingly complex.

Domain name system security in good condition, anti-attack ability increased significantly. In 2016, China’s domain name service system security in good condition, no major security incidents. According to the sampling monitoring, 2016 years for China’s domain name system traffic scale of more than 1Gpbs DDoS attacks on the daily average of about 32 cases, did not affect the domain name resolution services in China, the basic telecommunications companies have not seriously affected the success rate of analysis Attack events, mainly with the domain name system to strengthen security measures, anti-DDoS attack ability significantly improved related. In June 2016, there were large-scale DDoS attacks against the global root domain name servers and their mirrors. Most of the root domain servers were affected to varying degrees. The domain name mirroring servers in China also suffered large-scale network traffic attacks at the same time. Due to emergency treatment in a timely manner, and the root zone top-level domain cache expiration time is often more than 1 day, the attack did not affect the domain name system network security.

For the industrial control system of network security attacks increasing, many important industrial control system security incidents should pay attention. In 2016, the world occurred more than the major areas of industrial accidents worthy of our country wake up. In August, Kaspersky Security Laboratories exposed the “ghoul” network attack against the industrial sector, which focused on the Middle East and other countries’ Industrial enterprises launched a targeted network intrusion; in December, the Ukrainian power grid once again experienced a power supply failure, according to the analysis of the origin of this malpractice “dark forces” variants.

China’s industrial control system is huge, security vulnerabilities, malicious detection, etc. to our industrial control system to bring some security risks. As of the end of 2016, CNVD included 1036 industrial malpractices, of which 173 were included in 2016, an increase of 38.4% over 2015. Industrial control system mainly exists buffer overflow, lack of access control mechanism, weak password, directory traversal and other loopholes risk. Through the analysis of network traffic, 2016 CNCERT cumulative monitoring to the network of industrial equipment fingerprint detection event more than 880,000 times, and found 60 countries from outside the 1610 IP address of China’s network of industrial equipment for fingerprint detection.

High-level persistent threat normalization, China’s attack is particularly serious threat. As of the end of 2016, domestic enterprises issued a senior Sustainability Threat (APT) study reported a total of 43 APT organizations, including targeted targets for China’s APT organizations have 36 4. From the attack to achieve the point of view, more APT attacks using engineering to achieve, that is, relying on commercial attack platform and the Internet black industry

Chain data and other mature resources to achieve APT attacks. This kind of attack not only reduces the technical and resource threshold of initiating APT attack, but also increases the difficulty of traceability analysis. In 2016, many of the important information system for the implementation of the APT attacks were exposed, including “white elephant action 5”, “Man Linghua attack action”, mainly in China’s education, energy, military and scientific research as the main target The In August 2016, the hacker organization “Shadow Brokers” published the Formula Organization 6 frequently used toolkits, including various firewall exploits, hacking tools and scripts involving Juniper, Flying Tower, Cisco, and Financial letter, Huawei and other manufacturers products. CNCERT released 11 software vulnerabilities (there are four suspected 0day vulnerability) for census analysis and found that the world has about 120,000 IP addresses carrying the relevant products of network equipment, of which China’s IP address of about 33,000, accounting for 27.8% of all IP addresses poses a serious potential threat to cyberspace security in China. In November 2016, the hacker organization “shadow broker” also announced a group has been attacked by the National Security Agency network control and IP address and domain name data, China is the most attacked countries, involving at least nine universities in China, 12 Energy, aviation, telecommunications and other important information systems departments and two government information centers.

A large number of networked smart devices were attacked by malicious programs to form botnets, which were used to initiate large traffic DDoS attacks. In recent years, with the intelligent wearable equipment, intelligent home, intelligent routers and other terminal equipment and network equipment, the rapid development and popularization, for the Internet of intelligent devices, the proportion of network attacks increased, the attackers use the Internet of things intelligent device vulnerabilities Access to device control rights, or other hacker underground transactions for user information data theft, network traffic hijacking, or for controlling the formation of large-scale botnets. CNCERT on-line monitoring of vehicle network security system analysis and found that some car network information service providers and related products, security vulnerabilities can lead to vehicle, location and vehicle owners information disclosure and vehicle remote control and other security risks. At the end of 2016, Mirai malicious programs were widely watched as a result of large-scale off-site events on the east coast of the United States and a large number of users of Deutsche Telekom visited Internet anomalies. Mirai is a typical use of Internet of things intelligent device vulnerabilities to penetrate infiltration to achieve the control of the device malicious code, the number of charged devices accumulated to a certain extent will form a huge “botnet”, known as “Mirai botnet.” And because of Internet of things intelligent devices are generally 24 hours online, infected with malicious programs are not easily perceived by the user, forming a “stable” attack source. CNC inspections of the Mirai botnet show that by the end of 2016, a total of 2526 control servers were deployed to control 125.4 million devices, which posed a serious potential security threat to the stable operation of the Internet. In addition, CNCERT also analyzed the Gafgyt botnet sampling analysis. In the fourth quarter of 2016, a total of 817 control servers were selected to control 425,000 devices, and more than 18,000 DDoS attacks were initiated, with peak traffic 5Gpbs more than 72 times the number of attacks.

Web site data and personal information leak is not uncommon, “derivative disaster” serious. Due to the disappearance of the traditional boundaries of the Internet, all kinds of data spread across the terminal, network, mobile phone and cloud, coupled with the interests of the Internet black industry chain driven by data leakage threats are increasing. In 2016, the domestic and international website data and personal information leakage incidents frequently, the political, economic and social impact gradually deepened, and even personal life safety has also been violated. In the United States, the United States election candidate Hillary’s mail leak, directly affect the US election process; Yahoo two account information disclosure involving about 1.5 billion personal accounts, resulting in US telecom operators Verizon $ 4.8 billion acquisition of Yahoo plans to shelve May even be canceled. In the country, China’s immune planning system network was malicious invasion, 200,000 children’s information was stolen and publicly sold online; information leakage led to frequent fraud cases, college entrance examination information leaks to take away the university students will soon enter the life of Xu Yuyu ; 2016 public security organs were detected more than 1,800 cases of infringement of personal information, seized 30 million pieces of personal information of various types of citizens. In addition, according to the news media reported that Russia, Mexico, Turkey, the Philippines, Syria, Kenya and other countries of the government website data leaked.

Mobile Internet malicious program more profitable, mobile Internet black industry chain has matured. In 2016, CNCERT received more than 205 million mobile Internet malpractions through autonomous capture and vendor exchange, up 39.0% from 2015 and continued to grow at a high rate in the past six years. Through malware behavior analysis, it was found that the number of applications for fraudulent, malicious deductions, lockdowns and other economic interests was 59.6% of the total number of malicious programs, nearly three times over 2015. From the spread of malicious programs found that fraudulent acts of fraudulent procedures mainly through SMS, advertising and network disk and other specific communication channels to spread, the number of infected users reached 24.93 million, causing significant economic losses. From the attack mode of malicious programs, it is found that the number of malicious programs that steal SMS verification codes is larger than that of SMS, and 10845 samples are obtained in the whole year. It shows the characteristics of simple production, fixed attack mode and huge profits. The mobile Internet industry Mature.

Extortion software raging, a serious threat to local data and intelligent equipment security. According to CNCERT monitoring found in 2016 in the traditional PC side, to capture extortion class malicious program sample of about 19,000, the number of a record high in recent years. Analysis of extortion software attack object found that extortion software has been gradually extended from the individual terminal equipment to business users, especially for high-value target blackmail situation

Heavy. For enterprise users, blackmail software exploits security vulnerabilities to attack, the enterprise database encryption and extortion, the end of 2016 open source MongoDB database was a blackmail software attacks, a large number of users affected. For personal terminal equipment, extortion software malicious behavior in the traditional PC and mobile terminals show obvious different characteristics: in the traditional PC side, mainly through the “encrypted data” to blackmail, that is, the user’s computer file encryption, stress users Purchase the decryption key; on the mobile side, mainly through the “encryption device” to blackmail, that is, remote lock the user mobile devices, so that users can not use the device, and to coerce users to pay the cost of unlocking. However, from the extortion of software transmission point of view, the traditional PC and mobile side show a common, mainly through e-mail, counterfeit normal application, QQ group, network disk, paste it, victims and other spread.

Three, 2017 worthy of attention to the hot spots

According to the analysis of the characteristics of China’s Internet security situation in 2016, CNCERT predicts that the hot spots that are worthy of attention in 2017 are as follows.

(A) cyberspace according to the law of governance more clear. On November 7, 2016, the Twenty-fourth Session of the Standing Committee of the 12th National People’s Congress passed the “Network Security Law” and came into effect on June 1, 2017. The Act has 7 chapters and 79 articles on cyberspace sovereignty, network products and service providers ‘security obligations, network operators’ safety obligations, personal information protection rules, critical information infrastructure security protection systems and important data cross-border transmission rules, etc. Has been clearly defined. It is expected that the departments will pay more attention to the propaganda and interpretation work of the “Network Security Law” in 2017, compile relevant supporting policies and regulations, implement various supporting measures, and make cyberspace according to law more clear.

(B) the use of Internet of things intelligent device network attacks will continue to increase. 2016 CNVD collection of intelligent networking equipment vulnerabilities 1117, mainly related to web cameras, intelligent routers, smart appliances, intelligent gateway and other equipment. The vulnerability type is mainly privilege to bypass, information disclosure, command execution, etc., which weak password (or built-in default password) vulnerability is easy to be used, the actual impact is very extensive, malicious code attack to use an important risk point. With the development of unmanned aerial vehicles, autopilot vehicles, the popularity of smart home appliances and the development of smart cities, the number of vulnerabilities in networked smart devices will increase significantly, and network attacks against or using intelligent networking devices will be more frequent.

(C) the Internet and the traditional industry integration caused by the security threat is more complex. With the deepening of China’s “Internet +” and “Made in China 2025” action plan, almost all traditional industries, traditional applications and services in China are being changed by the Internet, bringing innovation and development opportunities to various industries. In the process of integration innovation and development, the traditional industry closed mode gradually changed to open mode, but also the future of the Internet virtual network security events into real-world security threats. Internet finance, industrial Internet and other emerging industries rapid development, but triggered a new network security threats can not be ignored, the Internet financial integration of information flow and capital flow, the risk of information flow is likely to lead to loss of capital flow; industrial control system more For the intelligent, network, open Internet brings malicious sniffing behavior increased, the risk of malicious attacks continue to increase. Traditional Internet security and real-world security issues intertwined with the security threat is more complex, the consequences are more serious.

(D) personal information and important data protection will be more attention. In recent years, the development of Internet technology is extremely convenient and rich in our lives and work, online shopping, online job search, social platform, government services and other platforms are filled with a large number of personal detailed privacy information. Since 2011, China’s serious personal information on the leak of the event, especially in recent years, the case of network fraud, the victim’s details have been grasped by fraud, to social stability and serious harm. 2013 “Snowdon incident” and the follow-up of the US government has been a large-scale monitoring of the project, to stimulate countries to strengthen the protection of important data measures, strict norms of Internet data collection, use, storage and so on. China in the “Network Security Law” on the personal information protection rules, important data cross-border transmission has been clearly defined, is expected on personal information and important data protection of the detailed regulatory documents will be enacted, and effectively implement the protection measures.

(5) Network security threats Information sharing has attracted the attention of all parties. Timely comprehensive access to and analysis of network security threats, ahead of network security early warning and deployment of emergency response measures, fully embodies a national network security comprehensive defense capabilities. Through the network security threat information sharing, the use of collective knowledge and technical ability, is to achieve a comprehensive grasp of the network security threats an effective way. The United States as early as 1998 in the Clinton administration signed a presidential decree to encourage the government and enterprises to carry out network security information sharing, to the Obama administration is the network security information sharing is written into the government bill. In recent years, China attaches great importance to the work of network security information sharing, in the “Network Security Law” clearly put forward to promote the relevant departments, key information infrastructure operators and the relevant research institutions, network security services and other network security information sharing The However, in the face of complex and multi-dimensional data source information, how to carry out sharing and in-depth analysis efficiently, we need to establish a set of information security standards for network security threats based on large data analysis. At present, many organizations in our country have been engaged in the exploration and practice of information sharing of network security threats. The relevant national standards and industry standards have been formulated. CNCERT has also established a network security threat information sharing platform for sharing in the communication industry and security industry. jobs.

(6) the background of the network disputes will continue to heat up the degree of concern. At present, China’s Internet penetration rate has reached 53.2% 7, the public through the Internet to get the news more and more fast and convenient, people concerned about the global political hot spots are also rising. 2016 US presidential election “mail door” incident, the Russian hacker exposure of the World Anti-Doping Agency scandal, etc., allow netizens to feel organized, purposeful careful network attacks can have a serious impact on the politics of other countries, Will have a national background of the network disputes from the perspective of industry concerns extended to all Internet users. With a large number of countries continue to strengthen the network space military capacity building, there are national background of the network dispute event will be hot, the crisis frequently, the trend of popular discussion will continue to heat up.

(7) based on artificial intelligence network security technology research in full swing. In the third World Internet Conference, “World Internet leading technology results release activities” site, Microsoft, IBM, Google three major international technology giants show machine learning based on artificial intelligence technology, for us to describe a beautiful future of artificial intelligence. At present, the network attack events are endless, the means are complex, the purpose is complex, the shortage of network security personnel is difficult to cope with the rapid changes in the network security situation, and machine learning in the field of data analysis outstanding performance, artificial intelligence is considered in the network security will “Great as”. There are statistical agencies found that the 2016 “network security” and “artificial intelligence” co-appeared in the article the frequency of rapid rise, indicating that more and more discussions will be linked together with the two together. Based on the large data related to network security, artificial intelligence technology such as machine learning can make breakthrough progress in unknown threat discovery, network behavior analysis and network security warning.

Original Mandarin Chinese:

4月19日消息,國家計算機網絡應急技術處理協調中心(簡稱“國家互聯網應急中心”,英文簡稱“CNCERT”)發布《2016年我國互聯網網絡安全態勢綜述》,在對我國互聯網宏觀安全態勢監測的基礎上,結合網絡安全預警通報、應急處置工作實踐成果,著重分析和總結了2016年我國互聯網網絡安全狀況,並預測2017年網絡安全熱點問題。
一、2016年我國互聯網網絡安全監測數據分析
CNCERT持續對我國網絡安全宏觀狀況開展抽樣監測,2016年,移動互聯網惡意程序捕獲數量、網站後門攻擊數量以及安全漏洞收錄數量較2015年有所上升,而木馬和殭屍網絡感染數量、拒絕服務攻擊事件數量、網頁仿冒和網頁篡改頁面數量等均有所下降。
據抽樣監測,2016年約9.7萬個木馬和殭屍網絡控制服務器控制了我國境內1699萬餘台主機,控制服務器數量較2015年下降8.0%,境內感染主機數量較2015年下降了14.1%。 。其中,來自境外的約4.8萬個控制服務器控制了我國境內1499萬餘台主機,來自美國的控制服務器數量居首位,其次是中國香港和日本。
在監測發現的因感染惡意程序而形成的殭屍網絡中,規模在100台主機以上的殭屍網絡數量4896個,其中規模在10萬台以上的殭屍網絡數量52個。從我國境內感染木馬和殭屍網絡主機按地區分佈數量分析來看,排名前三位的分別是廣東省(占我國境內感染數量的13.4%)、江蘇省(佔9.2%)和山東省(佔8.3 %)。為有效控制木馬和殭屍網絡感染主機引發的危害,2016年,在工業和信息化部指導下,根據《木馬和殭屍網絡監測與處置機制》,CNCERT組織基礎電信企業、域名服務機構等成功關閉1011個控制規模較大的殭屍網絡。
2016年,CNCERT通過自主捕獲和廠商交換獲得移動互聯網惡意程序數量205萬餘個,較2015年增長39.0%,近7年來持續保持高速增長趨勢。按其惡意行為進行分類,前三位分別是流氓行為類、惡意扣費類和資費消耗類1,佔比分別為61.1%、18.2%和13.6%。 CNCERT發現移動互聯網惡意程序下載鏈接近67萬條,較2015年增長近1.2倍,涉及的傳播源域名22萬餘個、IP地址3萬餘個,惡意程序傳播次數達1.24億次。
2016年,CNCERT重點對通過短信傳播,且具有竊取用戶短信和通信錄等惡意行為的“相冊”類2安卓惡意程序及具有惡意扣費、惡意傳播屬性的色情軟件進行監測,並開展協調處置工作。全年共發現此類惡意程序47316個,累計感染用戶超過101萬人,用於傳播惡意程序的域名6045個,用於接收用戶短信和通訊錄的惡意郵箱賬戶7645個,用於接收用戶短信的惡意手機號6616個,洩露用戶短信和通訊錄的郵件222萬封,嚴重危害用戶個人信息安全和財產安全。在工業和信息化部指導下,根據《移動互聯網惡意程序監測與處置機制》,CNCERT組織郵箱服務商、域名註冊商等積極開展協調處置工作,對發現的惡意郵箱賬號、惡意域名等進行關停處置。
二、2016年我國互聯網網絡安全狀況
近年來,隨著我國網絡安全法律法規、管理制度的不斷完善,我國在網絡安全技術實力、人才隊伍、國際合作等方面取得了明顯的成效。 2016年,我國互聯網網絡安全狀況總體平穩,網絡安全產業快速發展,網絡安全防護能力得到提升,網絡安全國際合作進一步加強。但隨著網絡空間戰略地
位的日益提升,世界主要國家紛紛建立網絡空間攻擊能力,國家級網絡衝突日益增多,我國網絡空間面臨的安全挑戰日益複雜。
域名系統安全狀況良好,防攻擊能力明顯上升。 2016年,我國域名服務系統安全狀況良好,無重大安全事件發生。據抽樣監測,2016年針對我國域名系統的流量規模達1Gpbs以上的DDoS攻擊事件日均約32起,均未對我國域名解析服務造成影響,在基礎電信企業側也未發生嚴重影響解析成功率的攻擊事件,主要與域名系統普遍加強安全防護措施,抗DDoS攻擊能力顯著提升相關。 2016年6月,發生針對全球根域名服務器及其鏡像的大規模DDoS攻擊,大部分根域名服務器受到不同程度的影響,位於我國的域名根鏡像服務器也在同時段遭受大規模網絡流量攻擊。因應急處置及時,且根區頂級域緩存過期時間往往超過1天,此次攻擊未對我國域名系統網絡安全造成影響。
針對工業控制系統的網絡安全攻擊日益增多,多起重要工控系統安全事件應引起重視。 2016年,全球發生的多起工控領域重大事件值得我國警醒。 3月,美國紐約鮑曼水壩的一個小型防洪控制系統遭攻擊;8月,卡巴斯基安全實驗室揭露了針對工控行業的“食屍鬼”網絡攻擊活動,該攻擊主要對中東和其他國家的工業企業發起定向網絡入侵;12月,烏克蘭電網再一次經歷了供電故障,據分析本次故障緣起惡意程序“黑暗勢力”的變種。
我國工控系統規模巨大,安全漏洞、惡意探測等均給我國工控系統帶來一定安全隱患。截至2016年年底,CNVD共收錄工控漏洞1036條,其中2016年收錄了173個,較2015年增長了38.4%。工控系統主要存在緩衝區溢出、缺乏訪問控制機制、弱口令、目錄遍歷等漏洞風險。通過對網絡流量分析發現,2016年度CNCERT累計監測到聯網工控設備指紋探測事件88萬餘次,並發現來自境外60個國家的1610個IP地址對我國聯網工控設備進行了指紋探測。
高級持續性威脅常態化,我國面臨的攻擊威脅尤為嚴重。截止到2016年底,國內企業發布高級持續性威脅(APT)研究報告共提及43個APT組織,其中針對我國境內目標發動攻擊的APT組織有36個4。從攻擊實現方式來看,更多APT攻擊採用工程化實現,即依托商業攻擊平台和互聯網黑色產業
鏈數據等成熟資源實現 APT攻擊。這類攻擊不僅降低了發起APT攻擊的技術和資源門檻,而且加大了受害方溯源分析的難度。 2016年,多起針對我國重要信息系統實施的APT攻擊事件被曝光,包括“白象行動5”、“蔓靈花攻擊行動”等,主要以我國教育、能源、軍事和科研領域為主要攻擊目標。 2016年8月,黑客組織“影子經紀人(Shadow Brokers)”公佈了方程式組織6經常使用的工具包,包含各種防火牆的漏洞利用代碼、黑客工具和腳本,涉及Juniper、飛塔、思科、天融信、華為等廠商產品。 CNCERT對公佈的11個產品漏洞(有4個疑似為0day漏洞)進行普查分析,發現全球有約12萬個IP地址承載了相關產品的網絡設備,其中我國境內IP地址有約3.3萬個,佔全部IP地址的27.8%,對我國網絡空間安全造成嚴重的潛在威脅。 2016年11月,黑客組織“影子經紀人”又公佈一組曾受美國國家安全局網絡攻擊與控制的IP地址和域名數據,中國是被攻擊最多的國家,涉及我國至少9所高校,12家能源、航空、電信等重要信息系統部門和2個政府部門信息中心。
大量聯網智能設備遭惡意程序攻擊形成殭屍網絡,被用於發起大流量DDoS攻擊。近年來,隨著智能可穿戴設備、智能家居、智能路由器等終端設備和網絡設備的迅速發展和普及利用,針對物聯網智能設備的網絡攻擊事件比例呈上升趨勢,攻擊者利用物聯網智能設備漏洞可獲取設備控制權限,或用於用戶信息數據竊取、網絡流量劫持等其他黑客地下產業交易,或用於被控制形成大規模殭屍網絡。 CNCERT對車聯網系統安全性進行在線監測分析,發現部分車聯網信息服務商及相關產品存在安全漏洞,可導致車輛、位置及車主信息洩露和車輛被遠程控制等安全風險。 2016年底,因美國東海岸大規模斷網事件和德國電信大量用戶訪問網絡異常事件,Mirai惡意程序受到廣泛關注。 Mirai是一款典型的利用物聯網智能設備漏洞進行入侵滲透以實現對設備控制的惡意代碼,被控設備數量積累到一定程度將形成一個龐大的“殭屍網絡”,稱為“Mirai殭屍網絡”。又因物聯網智能設備普遍是24小時在線,感染惡意程序後也不易被用戶察覺,形成了“穩定”的攻擊源。 CNCERT對Mirai殭屍網絡進行抽樣監測顯示,截至2016年年底,共發現2526台控制服務器控制了125.4萬餘台物聯網智能設備,對互聯網的穩定運行形成了嚴重的潛在安全威脅。此外,CNCERT還對Gafgyt殭屍網絡進行抽樣檢測分析,在2016年第四季度,共發現817台控制服務器控制了42.5萬台物聯網智能設備,累計發起超過1.8萬次的DDoS攻擊,其中峰值流量在5Gpbs以上的攻擊次數高達72次。
網站數據和個人信息洩露屢見不鮮,“衍生災害”嚴重。由於互聯網傳統邊界的消失,各種數據遍布終端、網絡、手機和雲上,加上互聯網黑色產業鏈的利益驅動,數據洩露威脅日益加劇。 2016年,國內外網站數據和個人信息洩露事件頻發,對政治、經濟、社會的影響逐步加深,甚至個人生命安全也受到侵犯。在國外,美國大選候選人希拉里的郵件洩露,直接影響到美國大選的進程;雅虎兩次賬戶信息洩露涉及約15億的個人賬戶,致使美國電信運營商威瑞森48億美元收購雅虎計劃擱置甚至可能取消。在國內,我國免疫規劃系統網絡被惡意入侵,20萬兒童信息被竊取並在網上公開售賣;信息洩露導致精準詐騙案件頻發,高考考生信息洩露間接奪去即將步入大學的女學生徐玉玉的生命;2016年公安機關共偵破侵犯個人信息案件1800餘起,查獲各類公民個人信息300億餘條。此外,據新聞媒體報導,俄羅斯、墨西哥、土耳其、菲律賓、敘利亞、肯尼亞等多個國家政府的網站數據發生了洩漏。
移動互聯網惡意程序趨利性更加明確,移動互聯網黑色產業鏈已經成熟。 2016年,CNCERT通過自主捕獲和廠商交換獲得移動互聯網惡意程序數量205萬餘個,較2015年增長39.0%,近6年來持續保持高速增長趨勢。通過惡意程序行為分析發現,以誘騙欺詐、惡意扣費、鎖屏勒索等攫取經濟利益為目的的應用程序驟增,佔惡意程序總數的59.6%,較2015年增長了近三倍。從惡意程序傳播途徑發現,誘騙欺詐行為的惡意程序主要通過短信、廣告和網盤等特定傳播渠道進行傳播,感染用戶數達到2493萬人,造成重大經濟損失。從惡意程序的攻擊模式發現,通過短信方式傳播竊取短信驗證碼的惡意程序數量佔比較大,全年獲得相關樣本10845個,表現出製作簡單、攻擊模式固定、暴利等特點,移動互聯網黑色產業鏈已經成熟。
敲詐勒索軟件肆虐,嚴重威脅本地數據和智能設備安全。根據CNCERT監測發現,2016年在傳統PC端,捕獲敲詐勒索類惡意程序樣本約1.9萬個,數量創近年來新高。對敲詐勒索軟件攻擊對象分析發現,勒索軟件已逐漸由針對個人終端設備延伸至企業用戶,特別是針對高價值目標的勒索情況嚴
重。針對企業用戶方面,勒索軟件利用安全漏洞發起攻擊,對企業數據庫進行加密勒索,2016年底開源MongoDB數據庫遭一輪勒索軟件攻擊,大量的用戶受到影響。針對個人終端設備方面,敲詐勒索軟件惡意行為在傳統PC端和移動端表現出明顯的不同特點:在傳統PC端,主要通過“加密數據”進行勒索,即對用戶電腦中的文件加密,脅迫用戶購買解密密鑰;在移動端,主要通過“加密設備”進行勒索,即遠程鎖住用戶移動設備,使用戶無法正常使用設備,並以此脅迫用戶支付解鎖費用。但從敲詐勒索軟件傳播方式來看,傳統PC端和移動端表現出共性,主要是通過郵件、仿冒正常應用、QQ群、網盤、貼吧、受害者等傳播。
三、2017年值得關注的熱點
根據對2016年我國互聯網網絡安全形勢特點的分析,CNCERT預測2017年值得關注的熱點方向主要如下。
(一)網絡空間依法治理脈絡更為清晰。 2016年11月7日第十二屆全國人大常委會第二十四次會議表決通過《網絡安全法》,並將於2017年6月1日起施行。該法有7章79條,對網絡空間主權、網絡產品和服務提供者的安全義務、網絡運營者的安全義務、個人信息保護規則、關鍵信息基礎設施安全保護製度和重要數據跨境傳輸規則等進行了明確規定。預計2017年各部門將更加重視《網絡安全法》的宣傳和解讀工作,編制出台相關配套政策法規,落實各項配套措施,網絡空間依法治理脈絡將更為清晰。
(二)利用物聯網智能設備的網絡攻擊事件將繼續增多。 2016年CNVD收錄物聯網智能設備漏洞1117個,

(三)互聯網與傳統產業融合引發的安全威脅更為複雜。隨著我國“互聯網+”、“中國製造2025”行動計劃的深入推進,我國幾乎所有的傳統行業、傳統應用與服務都在被互聯網改變,給各個行業帶來了創新和發展機會。在融合創新發展的過程中,傳統產業封閉的模式逐漸轉變為開放模式,也將以往互聯網上虛擬的網絡安全事件轉變為現實世界安全威脅。互聯網金融、工業互聯網等融合的新興行業快速發展,但引發的新的網絡安全威脅也不容忽略,互聯網金融整合了信息流和資金流,信息流的風險很可能引發資金流損失;工業控制系統更為智能化、網絡化,開放互聯帶來的惡意嗅探行為增多,被惡意攻擊的風險不斷加大。傳統互聯網安全與現實世界安全問題相交織引發的安全威脅更為複雜,產生的後果也更為嚴重。
(四)個人信息和重要數據保護將更受重視。近年來,互聯網技術的發展極大的方便和豐富了我們的生活和工作,網上購物、網上求職、社交平台、政府服務等平台上充斥著大量的個人詳細隱私信息。自2011年以來我國關於嚴重個人信息洩露的事件不絕於耳,特別是近年來的網絡詐騙案件中,受害人的詳細信息都被詐騙分子所掌握,給社會安定帶來嚴重危害。 2013年 “斯諾登事件”及後續相繼爆出的美國政府大範圍監聽項目,刺激著各國加強重要數據的保護措施,嚴格規範互聯網數據的收集、使用、存儲等。我國在《網絡安全法》中對個人信息保護規則、重要數據跨境傳輸進行了明確規定,預計關於個人信息和重要數據信息保護的詳細規範性文件將製定出台,切實落實保護措施。
(五)網絡安全威脅信息共享工作備受各方關注。及時全面獲取和分析網絡安全威脅,提前做好網絡安全預警和部署應急響應措施,充分體現了一個國家網絡安全綜合防禦能力。通過網絡安全威脅信息共享,利用集體的知識和技術能力,是實現全面掌握網絡安全威脅情況的有效途徑。美國早在1998年的克林頓政府時期就簽署了總統令,鼓勵政府與企業開展網絡安全信息共享,到奧巴馬政府時期更是將網絡安全信息共享寫入了政府法案。近年來,我國高度重視網絡安全信息共享工作,在《網絡安全法》中明確提出了促進有關部門、關鍵信息基礎設施的運營者以及有關研究機構、網絡安全服務機構等之間的網絡安全信息共享。但面對紛繁複雜的、多維度的數據源信息,如何高效地開展共享和深入分析,需建立一套基於大數據分析的網絡安全威脅信息共享標準。目前,我國很多機構已經在開展網絡安全威脅信息共享的探索與實踐,相關國家標準和行業標準已在製定中,CNCERT也建立了網絡安全威脅信息共享平台,在通信行業和安全行業內進行相關共享工作。
(六)有國家背景的網絡爭端受關注度將繼續升溫。目前,我國互聯網普及率已經達到53.2%7,民眾通過互聯網獲得的新聞資訊越來越快捷方便,民眾關注全球政治熱點的熱度也不斷高漲。 2016年美國總統大選“郵件門”事件、俄羅斯黑客曝光世界反興奮劑機構醜聞事件等,都讓網民真切感受到有組織、有目的的一場縝密的網絡攻擊可以對他國政治產生嚴重的影響,將有國家背景的網絡爭端從行業領域關注視角延伸到了全體網民。隨著大量的國家不斷強化網絡空間軍事能力建設,有國家背景的網絡爭端事件將會熱點不斷、危機頻出,全民討論的趨勢將會持續升溫。
(七)基於人工智能的網絡安全技術研究全面鋪開。在第三屆世界互聯網大會“世界互聯網領先科技成果發布活動”現場,微軟、IBM、谷歌三大國際科技巨頭展示了基於機器學習的人工智能技術,為我們描繪了人工智能美好的未來。目前,網絡攻擊事件層出不窮、手段多樣、目的複雜,較為短缺的網絡安全人才難以應對變化過快的網絡安全形勢,而機器學習在數據分析領域的出色表現,人工智能被認為在網絡安全方面將會“大有作為”。有研究機構8統計發現,2016年“網絡安全”與“人工智能”兩詞共同出現在文章中的頻率快速上升,表明越來越多的討論將二者聯繫在一起共同關注。以網絡安全相關的大數據為基礎,利用機器學習等人工智能技術,能夠在未知威脅發現、網絡行為分析、網絡安全預警等方面取得突破性進展。