Policies and Practices on Network Security of MIIT



Similar documents
PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

The Information Security Problem

Cyber Security and Critical Information Infrastructure

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Promoting Network Security (A Service Provider Perspective)

The FBI and the Internet

Cybersecurity: Thailand s and ASEAN s priorities. Soranun Jiwasurat

CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY. Sazali Sukardi Vice President Research CyberSecurity Malaysia

What legal aspects are needed to address specific ICT related issues?

Pacific Islands Telecommunications Association

Cyber security Indian perspective & Collaboration With EU

Research Topics in the National Cyber Security Research Agenda

September 20, 2013 Senior IT Examiner Gene Lilienthal

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

Fighting Cyber Crime in the Telecommunications Industry. Sachi Chakrabarty

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Cyber Security ( Lao PDR )

The National Cyber Security Strategy (NCSS) Success through cooperation

CYBERSECURITY INESTIGATION AND ANALYSIS

(BDT) BDT/POL/CYB/Circular

VISA International Security Summit. Dr. Colonel Tran Van Hoa Deputy Director Viet Nam Hightech Crime Police Department

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Cyber Security. A professional qualification awarded in association with University of Manchester Business School

Promoting a cyber security culture and demand compliance with minimum security standards;

Managing Web Security in an Increasingly Challenging Threat Landscape

Lith Networking and Network Marketing Safety

Top tips for improved network security

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Cybercrime in Canadian Criminal Law

Certified Cyber Security Analyst VS-1160

Current counter-measures and responses by CERTs

Module 5: Analytical Writing

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

U. S. Attorney Office Northern District of Texas March 2013

2009 Antispyware Coalition Public Workshop

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

National Cyber Crime Unit

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Malware & Botnets. Botnets

Cybersecurity for ALL

Detailed Description about course module wise:

ITU Global Cybersecurity Agenda (GCA)

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

COMMISSION OF THE EUROPEAN COMMUNITIES

Cybersecurity Awareness. Part 1

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Cybersecurity and Incident Response Initiatives: Brazil and Americas

CERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency

Trends and Tactics in Cyber- Terrorism

Cyber Security. John Leek Chief Strategist

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

NEW ZEALAND S CYBER SECURITY STRATEGY

Countering Insider Threats Jeremy Ho

DDoS Attacks Can Take Down Your Online Services

Middle Class Economics: Cybersecurity Updated August 7, 2015

CYBERSECURITY HOT TOPICS

How To Protect Yourself From Cyber Crime

Network Security and the Small Business

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

Internet threats: steps to security for your small business

About Botnet, and the influence that Botnet gives to broadband ISP

ITU Cybersecurity Work Programme to Assist Developing Countries

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September Co-Chair s Summary Report

the Council of Councils initiative

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Executive Director Centre for Cyber Victim Counselling /

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Online International Interdisciplinary Research Journal, {Bi-Monthly}, ISSN , Volume-III, Issue-IV, July-Aug 2013

ITU WSIS Thematic Meeting on Countering Spam: The Scope of the problem. Mark Sunner, Chief Technical Officer MessageLabs

CYBER SECURITY. Marcin Olender Head of Unit Information Society Department

Addressing Big Data Security Challenges: The Right Tools for Smart Protection

CO-CHAIRS SUMMARY REPORT ARF CYBERCRIME CAPACITY-BUILDING CONFERENCE BANDAR SERI BEGAWAN, BRUNEI DARUSSALAM APRIL 27-28, 2010

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

National Cyber Security Policy -2013

Fraud and Abuse Policy

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

Cyber Security: Policy of the Internet Infrastructure

Anti-counterfeiting Situation in China

FEDERAL IDENTITY THEFT TASK FORCE. On May 10, 2006, the President signed an Executive Order establishing an Identity Theft

Transcription:

2011/TEL43/SPSG/WKSP/004 Policies and Practices on Network Security of MIIT Submitted by: China Workshop on Cybersecurity Policy Development in the APEC Region Hangzhou, China 27 March 2011

Policies and Practices on Network Security of MIIT Fu Jingguang, MIIT March 27, 2011 Contents I. Current Status of Internet Development in China II. Network Security Threats and the Characteristics III. Recent Practices of MIIT in Network Security Management IV. Proposals on Strengthening International Cooperation 1

I. Current Status of Internet Development in China Customer base kept growing The number of China s netizens reached 457 million, with a penetration rate of 34.3%. The number of mobile netizens totaled 288 million. Network scale continued to expand The number of IPv4 addresses was 278 million. The total international gateway bandwidth of China s Internet was 1073 G, registering an annual growth rate of 26.9%. The accumulated number of.cn domain names reached 8.66 million. Network applications constantly emerged The number of domestic websites was 1.13 million. E-commerce turnover for the year 2010 was 4.5 trillion RMB with an annual increase rate of 22%. The number of government portals at various levels reached 70 thousand. Note: Data is presented as of December 2010. Prime Minister Wen Jiabao had an online interactive exchange with netizens 2

The three telecom operators provide broadband access, IDC and other fundamental Internet services. A slew of renowned Internet enterprises offering a wide range of services including search engine, online news, online shopping, email, instant message and social networking mushroomed in the market. 3

In nowadays China, politics, economy, culture and people s daily work and life all increasingly rely on the Internet. Accordingly, to ensure a Trusted, Secure and Sustainable Online Environment(TSSOE) is of vital importance to safeguard the interests of the economies, the enterprises and the users. Contents I. Current Status of Internet Development in China II. Network Security Threats and the Characteristics III. Recent Practices of MIIT in Network Security Management IV. Proposals on Strengthening International Cooperation 4

II. Network Security Threats and the Characteristics Most prominent problems at present DDOS attack crack down system operation and block network traffic Information theft steal user data or conduct illegal remote control via malware Spam sending unsolicited advertisement or fraud and other illegal information Internet fraud cause economic loss for users Cyber porn pose harm to the healthy growth of minors Roots of problems Temptation of profits Technical defects (lack of authentication mechanism, software vulnerabilities) Difficulties in law enforcement (fabricated IP address, cross-boundary or cross-border criminal) Shortage of network security awareness of users Characteristics of the evolvement of network security problems Online criminal activities have gradually become an underground industry chain featuring more processes and lower threshold. Problems of malware, spam and Internet fraud combined each other, resulting in more complicated online criminals. Attacks and damages targeted at terminal systems brought heavier influence on network infrastructures, and risks confronted by backbone network, DNS and other Internet infrastructures cannot be ignored. 5

Due to the profit-driven nature, network security threats will remain for a long term and take on variable forms. It is a long-standing and arduous task to build TSSOE. Contents I. Current Status of Internet Development in China II. Network Security Threats and the Characteristics III. Recent Practices of MIIT in Network Security Management IV. Proposals on Strengthening International Cooperation 6

III. Recent Practices of MIIT in Network Security Management Basic principle To address network security issues require the joint efforts of the government departments, industries and the users. At the government level, the enforcement department, communication authorities, management & operation department of various critical information systems and the media administrations shall fulfill their own responsibilities while strengthen coordination and cooperation. General ideas at the state level Improve legislation on cybercrime Legally combat against the criminals Strengthen the network security awareness of the society Enhance the protection, response and enforcement capabilities in relation to network security issues Step up efforts in international cooperation Main work of MIIT as the communication authority 1. Intensify efforts in network security protection and management Objective: Provide guidance for and supervise the implementation of network security protection measures by Internet infrastructures and websites so as to improve the capabilities and skills in withstanding attacks and damages Major measures: In 2008, MIIT promulgated a series of standards on network security protection, identifying the basic protection measures that shall be implemented by ISPs and ICPs. In 2009, MIIT issued the Administrative Measures for Protection and Management of Network Security, specifying the obligations of ISPs and ICPs on network security and establishing the risk assessment and security inspection system. In 2010, MIIT issued and distributed the Notice on Strengthening Security Protection of Domain Name Systems. MIIT has organized and conducted inspections on network security regularly to detect and rectify the potential risks and vulnerabilities. 7

2. Strengthen emergency management in relation to network security Objective: Improve the response capabilities for the emergencies so as to ensure the rapid recovery Major measures: In 2005, MIIT established the Network Security Emergency Action Plan for the Internet, specifying the monitoring, report and disposal processes for major events. In 2009, MIIT developed the Network Security Information Circulation Mechanism to reinforce information sharing among Internet industries. In 2010, MIIT worked out the Special Emergency Action Plan for Domain Name Security. MIIT has organized and carried out emergency drills regularly. 3. Reinforce the governance of online environment Objective: Reduce threats to network security and foster a safe and reliable Internet environment for users Major measures: In 2006, MIIT formulated the Administrative Measures for the Internet Email Service, making a clear definition of the spam and regulating the manner of sending emails. In 2006, MIIT delegated the Internet Society of China to establish the 12321 Harmful and Spam Internet Information Reporting and Reception Center to receive the public s report on spam and Internet fraud, Internet porn and to assist the government department in investigation and prosecution. In 2009, MIIT issued the Network Monitoring and Disposal Mechanism for Trojan and botnet and led CNCERT, ISPs and domain name service providers to monitor and deal with malicious IPs and relevant domain names. MIIT has been studying the development of governance measures for cellphone viruses. 8

4. Encourage industry self-regulation Objective: Promote the self-regulation of ISPs, ICPs and users in flexible and various ways, and strengthen publicity and education on this subject to raise the network security awareness of the whole society Major measures: MIIT supported the Internet Society of China and CNCERT in the anti spam, anti online malware and anti phishing websites efforts. MIIT assisted the China Association of Communication Enterprises in setting up the Communication Network Security Committee. MIIT backed up CNCERT in building the virus and vulnerability database. 5. Participate in international exchange and cooperation Objective: Promote exchange and mutual trust and work together to address network security issues Major measures: MIIT took part in the standard development with regard to network security of ITU-T SG17 and promoted the unveiling of anti-spam standard. MIIT participated in related discussions held by the UN, ITU, APEC, SCO and ASEAN+3. MIIT was in favor of the participation of CNCERT and the Internet Society of China in international exchange and cooperation programs. 9

With the common efforts of all parties, China s Internet infrastructures have maintained stable operation, the volume of spam mails and botnet has been reduced by a large margin and the network security awareness of the government departments, enterprises and users has been effectively enhanced. At the same time, it is necessary to realize that the network security management requires consistent efforts and continuous innovation owning to the persistence and complexity of network security threats. Special efforts shall be put in three aspects continuously: crime crackdown, capacity building and users awareness raising. Contents I. Current Status of Internet Development in China II. Network Security Threats and the Characteristics III. Recent Practices of MIIT in Network Security Management IV. Proposals on Strengthening International Cooperation 10

IV. Proposals on Strengthening International Cooperation Set up a mutual-trust mechanism on response of network security incidents to avoid suspicions and accusations each other. Expand the depth of international cooperation and facilitate the cooperation in monitoring, response and law enforcement practices in relation to network security incidents. Extend the breadth of international cooperation and tighten up the horizontal exchanges and coordination with the UN, ITU, OECD, SCO and the international cooperation organizations in law enforcement. Promote the development of best practice and standards on network security. Network security has become a common threat to the globe in this information era. We would like to propose to work together to address various network security threats through strengthening mutual exchanges and trust to make great contributions to the peaceful development of the Internet and the mankind. 11

THANKS! 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information