Go homepage(回首页) Upload pictures (上传图片) Write articles (发文字帖)
The author:(作者)归海一刀published in(发表于) 2014/5/27 9:18:57 Network security review system will bring the people what _ Sina news
Beijing, May 26 (journalist Cheng Shihua, nanting) national Internet Information Office recently announced upcoming review of network security system of our country, sparked concern. In China, the network security system is a new, launched its network of hundreds of millions of Internet users and many SMEs will have any effect?
Peoples ' welfare are worried
22nd National Internet Information Office announced that, in the interests of national security, protection of the legitimate interests of China, my upcoming review of network security systems. The system provides, national security and public interest of systems using key technology products and services, through review of network security.
"Some Internet users worry about network security review system would affect freedom of speech on the Web, in fact, this is not necessary. "China electronic technology group Corporation (CETC) Zhang Jianjun, Chief Information Security Officer explained that the network security review system for critical public facilities, software and hardware security, equivalent information security provides the umbrella role of netizens, is a benefit rather than a burden, whose review is the company and its products, does not involve control of Internet content.
Xinhua learned from the Office of national Internet information, Internet security and controllability of technology, will be the review focus on network security. Network security review system for important providers of information technology products and focusing on reviewing product security and controllability to prevent illegal control of product providers, interfere, interrupt the user's system, illegal collection, storage, processing and use of user information. Products and services that do not meet security requirements, shall not be used in the Chinese territory.
Compared with United States cybersecurity review system has been in existence for more than 10 years, short review of network security system of our country's blank, passive disadvantage of China's enterprises at the industry level. At the same time, there is an urgent need for both individual information security or a safety and security at the national level, is imperative to make network security review system was introduced.
Network Enterprise good or bad?
Industry sources said, such as ctrip: a large number of users credit card information leaks that occurred previously, millet 8 million users, such as information disclosure, online safety review system had been implemented, probability of such an event happening would be greatly reduced. For security breaches by businesses, whether it is the inherent power of checking and correcting themselves, was an external regulatory pressures, will be significantly increased.
"Network security review is not trade protectionism both domestic products and foreign products, as long as it meets our network security standards, will be able to enter the market freely. "National information security testing evaluation Center chief engineer Wang said.
National Research Center for information technology security chief Li Jingchun says, just surface for your network management in China in the past, now gradually deeper development of network products and services, if continuing previous monitoring approach, network regulatory gaps may occur, which cause loss to the State and user security. Li Jingchun says, to discover security breaches of network products and services, and must be in order, to follow, adapted management systems implemented to meet national critical infrastructure and essential performance requirements for security of information systems, on the premise of guaranteeing security to achieve sound development and sustainable development.
Fang Binxing, academician of Chinese Academy of engineering believes that access to government agencies, key areas such as transport, electricity, financial products, you need to establish "blacklist" system not only technology but also business background reviewed. As for information technology products in circulation, the need for a "white list" compulsory certification, products to enter the market only if they meet safety standards. This review is only a technical assessment, ordinary users ' interests will not be affected.
Fang Binxing believes that implementing network security review, are those loopholes in the law that most affect behavior. WiFi crack, for example, such technologies themselves against information security in any country is prohibited, establish a system for such acts to constrain, is the rectification of the market order, comply with WTO requirements.
Combination of expert advice review platform group
Not only foreign companies, Internet security review on domestic industry is also very necessary. Meng Zhuo of Heads of well-known network vulnerability reports platform cloud operations said the rapid development of the Internet in recent years, many domestic Internet Enterprise, if an enterprise product and public security, national interest, then the products of the company only if they meet the safety standards and to address the existing risks, ready for release.
An Tian said laboratory Chief Architect xiaoxinguang, looks forward to become truly national security network security review system threshold barriers to industry growth. At the same time, also look forward to protect domestic system innovation in the industry, not to create new national threshold of administrative costs and bring new business.
More name senior network security expert recommends, to let review platform real played role, and more has persuasive, needs Government functions sector led built a open of test platform, let by review of products in platform Shang accept in-depth full of security review test, Government related functions sector led test work, and from research homes by and market of third party identification institutions and has advanced detection analysis capacity of enterprise,, also can in platform Shang participation test. After this test, security threats and risks beyond their control would greatly reduce the chances, while effectively avoiding "say" "the motions", and so on.
新华网北京5月26日专电 (记者程士华、南婷)国家互联网信息办公室近日宣布我国即将推出网络安全审查制度,引发各界关注。在我国,网络安全审查制度是个新生事物,它的推出对数亿网民和众多网企将会产生什么影响?
对网民是福利还是忧虑
国家互联网信息办公室22日宣布,为维护国家网络安全、保障中国用户合法利益,我国即将推出网络安全审查制度。该项制度规定,关系国家安全和公共利益的系统使用的重要技术产品和服务,应通过网络安全审查。
“有的网民担忧网络安全审查制度会影响网络言论自由,其实这是没必要的。”中国电子科技集团(CETC)首席信息安全官张建军解释说,网络安全审查制度针对关键公共设施软件硬件的安全,相当于为网民信息安全提供了保护伞的作用,是福利而不是负担,其审查对象是企业及其产品,不涉及互联网内容层面的管控。
记者从国家互联网信息办公室获悉,互联网产品技术的安全性和可控性,将是网络安全审查重点。网络安全审查制度将针对重要信息技术产品及提供者,重点审查产品的安全性和可控性,以防产品提供者非法控制、干扰、中断用户系统,非法收集、存储、处理和利用用户有关信息。对不符合安全要求的产品和服务,将不得在中国境内使用。
相比美国已实行了10多年的网络安全审查制度,我国网络安全审查制度的空白短板,在产业层面让我国企业处于被动劣势。同时,无论是个体信息安全的迫切需要,还是国家层面的安全保障,都使得推出网络安全审查制度势在必行。
对网络企业利好还是利空?
业内人士表示,诸如此前发生的携程网大量用户银行卡信息泄露、小米800万用户信息泄露等,在网络安全审查制度得到落实后,这类事件发生的概率将会大大降低。对存在安全隐患的企业而言,无论是自查自纠的内在动力,还是外在的监管压力,都将会明显增加。
“网络安全审查并不是贸易保护,无论是国内产品还是国外产品,只要符合我国的网络安全标准,就能进入市场自由流通。”国家信息安全测评中心总工程师王军说。
国家信息技术安全研究中心总工李京春表示,以往我国只是对网络进行表层化管理,目前网络产品和服务逐渐向深层次发展,若继续沿用以前的监管办法,就很可能会出现网络监管漏洞,进而给国家和用户安全造成损失。李京春说,对发现存在安全隐患的网络产品和服务,都必须整改,要遵从、适应管理制度的实施,满足国家关键基础设施和重要信息系统的安全性能要求,在保障安全的前提下实现良性发展、持续发展。
中国工程院院士方滨兴认为,对于进入政府机构、交通、电力、金融等重要领域的产品,需要建立“黑名单”制,不仅对技术也对企业背景进行审查。而对于在市面流通的信息技术产品,需进行“白名单”强制认证,只有符合安全标准的产品才能入市。这种审查只是一种技术评估,普通用户的利益不会受到影响。
方滨兴认为,实施网络安全审查后,影响最大的是那些钻法律漏洞的行为。以WiFi破解器为例,此类技术本身侵害了信息安全,在任何国家都是被禁止的,对此类行为建立制度进行约束,是对市场秩序的整顿,符合WTO的要求。
专家建言审查平台专群结合
不仅是对国外企业,网络安全审查对国内诸多行业也都非常必要。知名网络漏洞报告平台乌云运营负责人孟卓表示,近年来互联网快速发展,国内互联网企业众多,如果一个企业的产品和公共安全、国家利益相关,那么该企业的产品只有符合了安全标准及解决了现有风险后,才可以进行发布使用。
安天实验室首席架构师肖新光表示,期待网络安全审查制度真正成为国家安全的门槛,产业成长的屏障。同时,业界也期待相关制度能保护国内创新,特别不要给创新型民族企业带来新的行政成本和门槛。
多名资深网络安全专家建议,为了让审查平台真正发挥作用,且更具有说服力,需要政府职能部门牵头搭建一个开放的测试平台,让受审查的产品在平台上接受深入全面的安全审查测试,政府相关职能部门主导测试工作,而来自科研院所和市场的第三方鉴定机构和具有先进检测分析能力的企业等,也可以在平台上参与测试。经过这样各方的测试,安全威胁与不可控隐患存在几率就会大大减少,同时能有效避免“一言堂”“走过场”等问题。
赞