Cyberspace sovereignty (referred to here by its short form, cyber sovereignty) is the extension of national sovereignty to the platform of information and communication technology systems. This article defines cyberspace and cyber sovereignty, discusses the existence of cyber sovereignty, and judges several erroneous points of view that deny cyber sovereignty.
As cyberspace carries more and more national, public, and private interests, the issue of a cyber sovereignty guarantee has attracted great attention around the world. From the perspective of China's cyber sovereignty situation, this paper analyzes the main problems related to China's cyber sovereignty guarantee, including the implications of the cyber rights of independence, equality, self-defense, and jurisdiction. Corresponding countermeasures and suggestions are also provided. The purpose of this paper is to promote the establishment of cyber sovereignty, enhance China's discourse right on international cyberspace governance rules, and enhance the ability to safeguard national cyberspace security interests.
Cyberspace security has been a crucial part in national security and is more and more important in the development of economy and society. Based on the current situation of international cyberspace security, this article analyzes the opportunities and challenges that China is confronted with, and study China's international cyberspace security strategy suitable for its own value and national interest. We then propose the objectives, principles and tasks of the strategy.
From the perspectives of computer science, information science, management, and sociology, this paper summarizes research on domestic and international network public opinion monitoring, analysis, and management, followed by a brief introduction to China's major domain applications. On this basis, we discuss the future development of network public opinion when facing the challenges and opportunities of the Big Data Era.
This paper analyzes and sorts out the policies, laws, and regulations of network electronic identity management in major countries, regions in foreign countries, and China. It discusses the development of China's network identity management, and outlines the 13th Five-Year Plan's policies and regulations for network electronic identity management in China, including the development of ideas and constructive suggestions, the strengthening of network space identity management, and the construction of a network space identity management system.
Although cybersecurity legislation has made some progress since the 18th National Congress of the Communist Party of China, there is still a large gap between the law and development of cybersecurity and informatization and the requirements of the public. In addition, many problems exist in the fields of legislation, enforcement, administration, and legality. Some people, both at home and abroad, question China's efforts in the legislation of cybersecurity. Based on a study of current cybersecurity law, we suggest that it is necessary to speed up cybersecurity legislation and improve the legal system, particularly in order to enact cybersecurity law, e-commercial law, administrative law for cyber information service, personal information protection law, e-government law, information and telecommunication network law, and administrative law for cyber society, supported by matched regulations and by laws. In this way, a perfected legal system for cybersecurity will be achieved.
The obligation of decryption assistance by Internet service providers reflects the conflict between public power (the power of investigation) and the right of privacy (the right of communication privacy, private rights). Internet service providers should gather data under encryption by users on the basis of the principles of controllability and traceability, proportionality, and necessity. Providers should consider choosing their path prudently, supervised by strict procedure. Thus, the overall utility of social governance control, the tranquility of private life, and the business interests of Internet service providers can be maximized. Severe violations of private rights and disorderly situations due to governmental failure can be avoided if these suggestions are carried out.
Cybersecurity is part of national security. The rules and regulations for security testing and evaluation are distributed as policies for national security review or cyberspace management. This paper focuses on the current international systems related to cybersecurity review, and analyzes governments’ practices in the aspects of information technology product and service security evaluation, critical information infrastructure security evaluation and management, information and communication technology (ICT) supply chain security, and background security investigation. Based on the above, this paper discusses how to establish a cybersecurity review system in the fields of law and regulation, organization framework, operation mode, review approach, and supporting technology.
Cyberspace security professional certification and vocational training is an important part of cyberspace security talent cultivation. It can quickly grow talents and continuously improve the technical level and practical ability of existing employees. First, we survey the current situation of cyberspace security professional certification and vocational training. Then, we analyze the main problems of cyberspace security professional certification and vocational training. Finally, we propose a policy proposal to establish the architecture of cyberspace security professional certification and vocational training.
Competition of talents is fundamental to international cyberspace security, and the discovery and tracking of talents is one of the key links. First, we investigate the development status of domestic and international cyberspace security competition. Then, we analyze the main problems of cyberspace security competition in discovering and tracking talents. Finally, we propose a long-term policy to discover and track talents based on cyberspace competitions.
This paper introduces the status, problems, and future strategies of the traditional defense system and analyzes issues in the current protection structure. We then propose the trusted computing (TC) 3.0 strategy, which is an active defense architecture based on active immunity. Furthermore, we give an example of TC 3.0 in cloud computing and provide some suggestions on enforcing active defense.
This paper introduces the status, problems, and future strategies of the cyberspace security infrastructure system, and proposes that cyberspace security infrastructure must be based on active defense. Therefore, this paper proposes several suggestions for a trusted technology insurance system, which include the following: In order to build a trusted technology insurance system, independent innovation in active defense must be the breaking point; key information security systems must be developed by local institutions; independent innovation must be increased; research, product development, and active defense applications must be promoted; the development of trusted computing standards must be promoted; and experimental demonstrations must be carried out.
With the development of the Internet, cyberspace security issues have become a major concern related to national security. This paper first introduces some classic network defense technology. Next, it introduces the technology of mimic defense, including mimic defense systems, related scientific problems, and the theoretical framework of mimicry defense. The effectiveness of a mimic defense system is also analyzed in comparison with a traditional network defense technology. Finally, some problems worthy of study are presented regarding the basic theory of mimic defense.
Cybersecurity is in an unbalanced situation: It is easy to attack cybersecurity but difficult to defend it. Active defense technology is a new direction in cybersecurity research that has attracted more and more attention. This paper summarizes the development of active defense via the introduction of intrusion tolerance technology and moving target defense technology. We then introduce the theory, implementation, and testing of mimic defense. By comparing mimic defense with intrusion tolerance and moving target defense, we propose a research direction and a key point in the cybersecurity rebalancing strategy in order to provide a reference for the development of national cybersecurity.
With the development of the Internet, the process of computer software globalization continues to push forward. For widely used software, anidentical binary code is installed on millions of computers; sometimes even hundreds of millions. This makes widespread exploitation easy and attractive for an attacker because the same attack vector is likely to succeed on a large number of targets. Traditional software security methods can only counter the threat temporarily, and cannot eliminate essential vulnerabilities. This paper proposes a scheme of combining software diversity with mimic defense in the software security industry.
Based on the current situation and main problems with cyberspace security in China, this paper proposes that cyberspace security should shift its focus from emergency to response. Some transformation strategies are proposed, including three aspects: network security-monitoring capacity, network security guarantee capacity, and talents construction capacity.
Considering the emergence of recent network security threats, this article presents network security features and the current situation. Updated attack methods, enhanced attack technology, and expanded attack scope have changed emergency work. Some problems exist in emergency management of the status quo; the core technology and security assurance are relatively backward. Learning from the emergency response system in traditional areas in order to improve current emergency technical measures becomes an important part of network security. In this paper, the author proposes a multi-linkage elimination method that can mobilize system strength and protect against network threats based on the system and the mechanism.
As well as bringing great convenience, cyberspace poses new problems and challenges. Cyber sovereignty, in particular, constitutes the basic principle for solving national interest conflicts that arise in the process of cyberspace development. This paper provides a review and an analysis of three typical viewpoints on cyber sovereignty from around the world; namely, advocating for cyber sovereignty, opposing it, or being indifferent to it. We also give an overview of the attitudes of important international organizations and major countries toward cyber sovereignty. Our purpose is to provide an objective description of the cyber sovereignty situation.
In view of the management needs of all kinds of harmful information (including terrorism, rumor, fraud, violence, pornography, and subversion) in cyberspace, this paper summarizes the management situation of harmful information around the world. The paper first introduces the definition and classification of harmful information. It then proposes laws and regulations for the supervision of harmful information, and expounds the regulations that countries generally adopt in their legislative practice. Next, starting from network data monitoring, information filtering, and public opinion against network management, this paper introduces the technology and means of network governance over harmful information. Finally, this paper describes recent global internal Internet governance special action, and so forth.
This paper analyzes and sorts out the latest developments and typical applications of network electronic identity management in major countries and regions around the world, and discusses development trends in network identity management technology. It outlines network electronic identity management in China according to the 13th Five-Year Plan, including the development of ideas and constructive suggestions, the strengthening of network space identity management, and the construction of a network space identity management system. Such a system can help to regulate the behavior of Internet users, fight against network crime, build network power, safeguard national security and cyberspace sovereignty, and protect the privacy of network users; thus, it provides a reference for China’s network identity management development during the 13th Five-Year Plan.
Given the nation’s critical infrastructure and key resources (CIKR) reliance on information and communication technology (ICT), identifying and controlling the ICT supply chain risk has become an important factor when protecting national security. As the forerunner of ICT supply chain management, the US provides rich experience in enhancing the strategic position of the ICT supply chain, establishing the standards of ICT supply chain management, ensuring the security of software and hardware in the ICT supply chain, and supervising the procurement of ICT supply chains. In addition, the EU and Russia also specifically strengthen the security management of the ICT supply chain. Based on the above research, this paper provides some suggestions on the security management of the ICT supply chain in China.
The "Numerical Control (NC) Generation Innovation Project" aims to apply NC technology to the mechanical products of all industries to update and upgrade the overall installed base of manufacturing equipment, thus promoting upgrading of the industrial base. This paper takes the update and upgrade of NC equipment in Quanzhou city as a case study. Focusing on practical experience with the NC Generation Innovation Project within the framework of innovation governance, it discusses a new generation of "organized innovation" generated by the collaboration of multiple innovation participants. Through analysis and on the basis of strong demand pull from the user market and effective technology push from R&D agencies, the NC Generation Innovation Project, by playing a "skillful deflection" role, has enabled the government to kick-start extensive market resource investment with a small amount of policy resources, to mobilize the enthusiasm of multiple innovation participants such as enterprises, R&D institutions, intermediaries, and financial institutions and to organize many manufacturing enterprises in different industries. Using the principles of the market economy, these enterprises overcame all kinds of obstacles, actively accepting key generic technology. The result is a successful example of promoting generic technology diffusion in manufacturing industries. At the same time, this project has found existing insufficiencies in the course of summarizing the existing successful experience and has provided a decision-making basis for advancing of a broad-based manufacturing industry upgrade.
This Issue
Dec 2016, Volume 18 Issue 6