Abstract:







[Domestic Policy Trends]

The CYBERSPACE Administration of the CPC Central Committee, the National Development and Reform Commission and the Ministry of Industry and Information Technology jointly launched a pilot project to open up public information resources
Click to view the original article

Summary: Recently, the CYBERSPACE Administration of the CPC Central Committee, the National Development and Reform Commission and the Ministry of Industry and Information Technology jointly issued the Work Plan for the Pilot Opening of Public Information Resources, and decided to carry out the pilot opening of public information resources in Beijing, Shanghai, Zhejiang, Fujian and Guizhou. Pilot projects will be carried out in the following six aspects: establishing a unified open platform, clarifying the scope of opening, improving data quality, promoting data utilization, establishing and perfecting systems and norms, and strengthening security guarantee.

Comments: The sharing and circulation of public information resources plays a great role in promoting the release of data dividend and “information universal benefit”. The pilot program aims to explore a comprehensive, reasonable and safe opening model. Security work is the premise of resource sharing. Network security technical measures should be planned, constructed and run synchronously with the open platform of public information resources. It is necessary to establish and improve management systems and confidential review systems, strengthen dynamic management, establish and improve emergency plans, and organize regular drills.




[Domestic Policy Trends]

Ministry of Industry and Information Technology releases Action Plan on Information Security of Industrial Control System
Click to view the original article

Summary: The Ministry of Industry and Information Technology issued the Action Plan of Industrial Control System information Security at the end of last year. On January 3, the official website of the Ministry of Industry and Information Technology released a detailed interpretation of the action plan by the head of the information and software Services department. The plan lists several projects, by 2020, one is to build industrial safety management system; Two is to enhance the whole system, the whole industry industrial control safety awareness; Third, the capacity of situation awareness, security protection and emergency response has been significantly improved, and a national online monitoring network, emergency resource database, simulation testing, information sharing and information notification platform (one network, one database and three platforms) has been established. Fourth, promote the development of industrial information security industry, cultivate a number of leading backbone enterprises, and create 3-5 national demonstration bases for new industrialization.

Comments: Industrial safety is an important premise for the implementation of manufacturing power and network power strategy, will be one of the key areas in the next few years. “Action plan” stressed the implementation of the main responsibility of industrial security: one is to implement the implementation of the network security Law, in accordance with the “who is in charge, who is responsible; Who operates, who is responsible for “principle, the establishment of industrial control safety responsibility system; Second, the establishment of enterprise industrial control safety management mechanism, strengthen operation management; Third, establish and improve systems for configuration and patch management, physical and environmental security protection, etc. Four is to carry out industrial control safety protection ability assessment; Fifth, we will continue to increase investment and implement special funds for technological upgrading and prevention and control of hidden dangers. Another important goal is to build “one network, one library and three platforms” in 2020, from the perspective of online monitoring, emergency response, policy testing to strengthen the overall planning of industrial control safety.



[Industry Trends]
Pyeongchang Winter Olympics could be targeted by hackers Some organizations have been phished

Bottom line: Hackers have deployed spear-phishing attacks targeting the Pyeongchang Olympics in South Korea, potentially involving financial and other sensitive information, according to foreign security researchers. The attacks are said to have begun as early as December 22. The hackers sent phishing emails impersonating the National Anti-terrorism Center, which was conducting anti-terrorism drills, but the real address was Singapore.

Comments: Experts predict more attacks on sports events like the Pyeongchang Olympics in the future. Hackers use phishing methods to break into systems and steal, tamper with or misappropriate sensitive information during the preparation and staging of major events. Large-scale events have become an important period of network security, which requires the organizing committee and host country to fully deploy reasonable security measures, do a good job in personnel training, and formulate emergency plans to avoid disrupting events and causing cross-border information security losses.





To subscribe to

NEWS FROM THE LAB