Xinhua news, beijing, november 20, to respond effectivelyCybersecurityThreats and risks, secure network operations, 20-day publication by the national internet information office on cyber security threatsManagement approach(advisory draft) consults publicly and regulates the publication of information on threats to cybersecurity。
The relevant officials of the office of the president of the republic stated that, at present, the cybersecurity industry is developing rapidly, and that many cybersecurity researchers and businesses are actively disseminating information on cybersecurity threats to the community and contributing to the maintenance of national cybersecurity for the purpose of increasing citizens ' cybersecurity awareness and sharing cybersecurity technologies. However, the dissemination of information on cyber-security threats remains problematic. With a view to further regulating the dissemination of information on threats to cyber security, the office of the national networking and the ministry of public security, among others, prepared a draft opinion on this approach in accordance with its mandate。
According to the exposure draft, cybersecurity threat information includes information on behaviour that may threaten the proper functioning of the network, information describing its intentions, methods, tools, processes, results, etc., and information that may expose network vulnerability。
It is clear from the consultation draft that the information published on cyber security threats should not contain the source code of malicious programs such as computer viruses, carpenters, extortion software, etcProduction methods; procedures and tools specifically designed to engage in harmful network activities, such as intrusion into networks, interference with network normality, disruption of network protection measures or theft of network data; capable of reproducing full details of cyberattacks, cyberinvasive processes; data leaks themselves and others that may be directly used to jeopardize the proper functioning of networks。
“the above-mentioned cybersecurity threat information, which can easily be used directly by malicious elements or cybermafia practitioners, lowers the threshold of cyberattacks and therefore, from the point of view of the maintenance of cybersecurity, must not be required to publish cybersecurity threat information.” the relevant heads of the national network office indicated that cybersecurity practitioners and lovers could still enhance their rationale and technical research in a number of ways to improve cybersecurity capabilities。
The draft request for comments requires that information on cyber-security incidents, such as attacks on networks and information systems and illegal incursions, be reported to the public security organs above the municipal level where the incident occurred. No enterprise, social organization or individual may, without the approval and authorization of a government department, publish information on threats to cybersecurity without the words “early warning”。
