Critical information infrastructure is an important strategic resource of the country. It is related to national security, national economy and people’s livelihood and public interests. It has a basic, supporting and overall role. Protecting the security of critical information infrastructure is the top priority of national cybersecurity work. The promulgation and implementation of the “Regulations on the Security Protection of Critical Information Infrastructure” (hereinafter referred to as the “Regulations”) is a timely move to improve my country’s cyberspace governance, strengthen the security protection of critical information infrastructure, and safeguard national security and development interests. It is of great significance. far-reaching.
1. Critical information infrastructure security is the top priority of network security
General Secretary Xi Jinping pointed out at the network security and informatization work symposium, “The key information infrastructure in the fields of finance, energy, electricity, communication, transportation, etc. is the nerve center of economic and social operation, and it is the top priority of network security. Targets that may be under attack… We must conduct in-depth research and take effective measures to effectively protect the country’s critical information infrastructure.” General Secretary Xi Jinping’s important instructions pointed out the direction for us to carry out the security protection of critical information infrastructure.
Countries around the world attach great importance to the security of critical information infrastructure. The United States and Europe have raised the cybersecurity protection of critical infrastructure security to the level of national security strategies through legislation or policy documents. Network attack and defense around the security of critical information infrastructure has become an important field of strategic games between countries and the main battlefield of high-intensity confrontation in cyberspace.
my country’s Cybersecurity Law, which was officially implemented in 2017, clearly sets forth requirements for the security of critical information infrastructure operations. The promulgation and implementation of the “Regulations” is an important measure to implement General Secretary Xi Jinping’s important thought on cyber power, implement the major decisions and deployments of the Party Central Committee and the State Council, implement the relevant requirements of the Cyber Security Law, and improve the security protection of my country’s critical information infrastructure. The protection of the rule of law is also the proper meaning of implementing the overall national security concept in the cyberspace field, responding to the new changes in the current international situation, and maintaining the sovereignty and security of cyberspace.
2. The promulgation and implementation of the “Regulations” provides basic guidelines for the security protection of critical information infrastructure
As an administrative regulation formulated in accordance with the Cybersecurity Law, the “Regulations” implement and refine the relevant provisions of the Cybersecurity Law on the operation security of critical information infrastructure, and promote the establishment and improvement of the legal and regulatory system for the security protection of critical information infrastructure in my country.
(1) Clarify the objects and key processes of critical information infrastructure security protection. The Regulations clearly define the concept and scope of critical information infrastructure. At the same time, it also sets up process-based and standardized requirements guidelines for key links such as the identification and change of critical information infrastructure, the establishment of special security management agencies by operators, and the reporting of cybersecurity incidents and threats.
(2) Clarify key national protection, guarantee and promotion measures for critical information infrastructure. The “Regulations” established the working principle of “comprehensive coordination, division of responsibilities, and legal protection”, and clarified the division of responsibilities among the national network information department, the public security department of the State Council, the protection work department, and the local government, forming a joint force of supervision and protection; on the other hand, the “Regulations” The Regulations put forward protection measures such as information sharing, monitoring and early warning, emergency response, inspection and testing, and military-civilian coordination around key information infrastructure, as well as promotion measures such as professional personnel training, technological innovation and industrial development, and network security service organization construction and management. , which reflects the state’s will and determination to protect critical information infrastructure; in addition, the “Regulations” also make special provisions prohibiting illegal intrusion, interference, and destruction of critical information infrastructure. Safe behavior will face severe punishment by laws and regulations.
(3) Clarify the responsibilities and obligations of critical information infrastructure operators. The “Regulations” focus on consolidating the main responsibilities of critical information infrastructure operators (hereinafter referred to as “operators”), from security protection measures, establishing and improving protection systems and responsibility systems, setting up special security management agencies, funding and personnel input, testing Clear requirements have been put forward at multiple levels such as assessment, cyber security incident and threat reporting, and cyber product and service procurement, and a long-term mechanism for the security protection of critical information infrastructure has been established.
3. Some thoughts on implementing the requirements of the “Regulations” and improving the security protection capability of critical information infrastructure
The first is to strengthen awareness and deeply understand the importance of critical information infrastructure security protection. Units and individuals engaged in the operation and protection of critical information infrastructure should be fully aware that doing a good job in the security protection of critical information infrastructure is not only related to their own system security and stable business operation, but also to the national economy and people’s livelihood. Facility security is extremely important, stand in a high position, stay awake, dare to take responsibility, and act bravely, take national network security as its own responsibility, and strictly implement the requirements of relevant laws, policies and systems.
The second is to clarify the bottom line and accurately grasp the safe operation of key information infrastructure. Mastering the network and data asset information for the safe operation of critical information infrastructure is an important prerequisite for the competent national regulatory authorities and protection departments to carry out guidance and supervision; for operators, it is also a necessary means to implement the main responsibility and strengthen the protection work. On the one hand, it is necessary to comprehensively sort out the network products and services of the key information infrastructure. On the basis of mastering the network assets of the key information infrastructure, further sort out the component-level Model information, configuration setting information, etc., to support the rapid development of supply chain cyber attacks. positioning and accurate judgment. On the other hand, it is necessary to clarify the data assets carried by the key information infrastructure, sort out the data collection, processing, and transmission, and analyze the data flow conditions and paths. In addition, for the critical information infrastructure involving control systems, on the basis of the above measures, focus on strengthening analysis and identification, to maximize the understanding of the protocols and instructions that trigger or may trigger control actions, as well as those that may touch core control equipment and systems. Data flow and personnel with operating authority.
The third is to enhance capabilities and comprehensively strengthen the security protection of key information infrastructure. Operators should focus on self-examination and self-correction of vulnerabilities and hidden dangers, analysis and judgment of security incidents and threats, and continuous and stable operation of key information infrastructure under extreme extreme conditions, strengthen the construction of corresponding means, and gradually cultivate network security professionals. Team, pay attention to the inspection and evaluation of the effectiveness of protective measures, and strengthen the concept of continuous operation of network security protection; for network security academia, enterprises, and research institutions, it should be based on the particularity and importance of key information infrastructure, risk identification, assessment , prevention, and resolution are the focus of attention, and research and development will be strengthened from the theoretical, method, and technical levels to provide technical support for the security protection of key information infrastructure.
The fourth is to fully integrate and jointly promote the security protection of key information infrastructure. On the one hand, measures such as information sharing, monitoring and early warning, emergency response, inspection and testing in the “Regulations” need to be further systematized, institutionalized, and normalized by relevant departments to promote improvement; The relevant requirements for “the situation where network products and services may affect national security” are in line with the national network security review system. Operators should further enhance their initiative in the process of implementing network security review and ensuring the security of critical information infrastructure supply chains.
The implementation of the critical information infrastructure protection system requires full cooperation at all levels of government, industry, academia, research, and application. All sectors of society should strengthen their understanding, identify their positions, and contribute to jointly build a national network security barrier, thereby safeguarding national security. , economic development and social stability to provide solid support.
The Links: LQ10D131 NL6448BC33-70C