Security and development are two wings of one body. Cybersecurity capability plays an important role in digital competitiveness. Infrastructure Construction, economic and technological development lay an important foundation for cybersecurity capability. Based on the main network and digital development and security-related indexes, a comparative analysis of the network strength, digital competitiveness and cybersecurity capability at home and abroad is made. Then, from the organizational, technical, capacity development and cooperation dimensions, the experience of main countries to enhance the strength of cybersecurity has been summed up. Finally, combined with the international useful experience, suggestions on how to improve the level of cybersecurity ability in China has been given.
Against the backdrop of digital transformation, cybersecurity threats are becoming increasingly serious, and the potential threats of systemic cyber risks are constantly increasing. However, current digital product designers and manufacturers often fail to fully recognize the importance of cybersecurity, leading to significant flaws in the quality management of cybersecurity during the manufacturing process. To tackle this challenge, the United States and Europe have emphasized the role of government intervention when market mechanisms are ineffective, swiftly enacting a series of policies and regulations to enhance the security quality management of digital products in the production phase. Therefore, China must adhere to independent innovation, leverage its first mover advantage in endogenous security theory and mimetic construction technology in the manufacturing industry, and propose a solution that balances cybersecurity responsibilities and risks to avoid falling behind.
With the wide deployment and application of 5G technology, the sliced packet network (SPN) that carries 5G base stations has become an important cornerstone to ensure the security of 5G network. Firstly, SPN security technology is elaborated, including SPN security isolation technology and network layer security technology. The security isolation technology mainly focuses on SPN small-grain slicing security isolation, and the network layer security technology includes authentication and encryption, access control, anti-attack, and emergency recovery. Then, the application of security technology in the current SPN network of China Mobile is explained. Finally, the SPN security technology is summarized and prospected.
Against the backdrop of the digital age, the challenges faced by cybersecurity are increasing, with alarm fatigue becoming a prominent issue. Traditional alarm handling methods suffer from low efficiency due to their inability to effectively distinguish between real and false threats. The adoption of generative artificial intelligence (AI) technology not only allows for more accurate identification of security threats and reduction in false alarms but also enhances the efficiency of handling security events. Moreover, AI’s capability in data analysis aids security teams in more effectively addressing complex security incidents, thereby improving the overall level of network security. Despite the challenges of accuracy and interpretability faced by AI technology in practical applications, the introduction of the LLM agent noise reduction system, which integrates the capabilities of both large and small models, combined with alert situation awareness and knowledge database data, can achieve efficient alarm processing.
In recent years, artificial intelligence (AI) technology has developed by leaps and bounds. How to integrate industrial internet security with new technologies such as big models and generative AI has become the key direction and problem in this field. Aiming at the prominent problems faced by industrial internet security, this paper summarized and analyzed the current situation of AI applications in this field, proposed an intelligent classification standard suitable for generative AI applications in this field, and finally summarized and prospected the integration of two new technologies, new concepts, and new fields in order to guide and lead the follow-up research in this field.
The governance of internet domain name abuse is an important connotation and main focus of cyberspace governance. The disposal of domain name abuse information is the core and key link in domain name abuse governance. A review of the current domain name abuse information disposal architecture was conducted, and based on this, a new type of domain name abuse information disposal architecture was discussed. Combined with blockchain technology, a decentralized domain name abuse information disposal architecture based on reputation incentives was proposed. The experimental results demonstrate the availability and reliability of the architecture.
On average, university email systems face tens of thousands of brute force authentication attacks every month. Attackers will use the SMTP protocol authentication method to perform brute force authentication on email accounts of university teachers and students. Especially, it is difficult to identify and detect distributed brute force attacks and low-frequency slow brute force attacks, which is a huge threat to the resource consumption and account security of the mail server.Therefore, it is necessary to design a mail access control gateway for abnormal behavior, which can dynamically block malicious IP addresses by analyzing mail logs to capture abnormal attacks. The test results indicate that the gateway has constructed feature rules by analyzing email logs, extracting security events, and capturing abnormal behavior characteristics; based on the leaky bucket algorithm,low-frequency and distributed brute force attacking malicious IPs are captured, and dynamic blocking and lifting of malicious IPs are achieved through linkage with firewalls; designed and implemented an access control gateway and applied it to the campus network, successfully blocking 62% of attack traffic.
Given that data elements will become an important driving force for the national economy, data element security has become a new trend in data security. Therefore, it is necessary to study the new technologies adopted in the process of data element security circulation, explain the differences between data element security and traditional data security, analyze new technologies such as privacy computing and confidential computing that can empower data elementsecurity, and analyze how to use new technologies to promote the secure circulation of data elements through scenario analysis of industry practice cases.
As a new type of information infrastructure, computing power network is an effective driving force for the high-quality development of digital economy, so improving the security guarantee capability of computing power network has become an important topic. This paper briefly reviews the rise and development of computing power network. Then, it analyzes the data security risks. Finally, it proposes a data security architecture of computing power network. It is aimed to provide technical reference for constructing a data security protection system for computing power network.
With the extensive application and continuous development of artificial intelligence technology, the data security risks caused by it are increasing. By summarizing security risks such as data leakage, excessive data collection, lack of transparency of model algorithms and data vulnerability in the application of artificial intelligence, this paper reviews and analyzes the practical experience of the United States, the United Kingdom, the European Union and Singapore in data security regulation activities. Comprehensive and diversified development paths such as strengthening top-level design, strengthening practical guidance and accelerating technological innovation are proposed to further improve the ability of artificial intelligence data security protection.
Cybersecurity and data security are important components of non-traditional security under the overall national security concept. In the process of promoting the big data strategy to empower the development of traditional industries, the intelligent connected vehicle (ICV) industry has developed rapidly. It has given rise to a widespread demand for data outbound transfer, which also poses a challenge to national security. The data outbound transfer of the ICV industry needs to integrate the dual objectives of maintaining national security and promoting the healthy development of the industry. It also needs to build a data outbound transfer security mechanism with clear rights and responsibilities, convenient operation and multi-party collaboration under the premise of maintaining national security.
The integration of Internet technology and government services has effectively improved the efficiency and service level of government offices. However, in terms of data security, there are still many internal management problems and external threats. To resolve security risks and guarantee the safe and stable operation of government information systems, it is necessary to establish a set of scientific and reasonable data security guarantee system, and to improve the system mechanism construction, software and hardware security protection, emergency response to network emergencies, and the cultivation of practitioners’ data security awareness.
In the current wave of enterprise digitization, data have become the core asset of enterprises, and ensuring the security and availability of these data is crucial. Cloud disaster recovery, as a new method of data protection, is gradually emerging in China. This article elaborates on the current development of cloud disaster recovery in China and analyzes some existing issues, such as technical difficulties in disaster recovery, the need to improve the management system, and the need to further strengthen product adaptability. Meanwhile, it discusses future development trends, including the trend of multi-cloud heterogeneous disaster recovery, the continuous expansion of data utilization scenarios, and the gradual improvement of industry standards.
Information processors may create interaction control risks in the course of information processing, and when such risks exceed the necessary limits to cause undue interference with the subject of the information, there is a need for the law to intervene. The judgment of whether the risk exceeds the necessary limit shall be based on whether the information processor has fulfilled the legal obligation of action or inaction, and whether the information processor has the improper purpose of influencing the decision-making of others does not constitute the criterion for judging the abnormality of the risk. The act of creating an abnormal risk is illegal and constitutes an infringement of personal information. However, the abnormal risk is difficult to be included in the concept of damage, and treating the risk as damage is contrary to the certainty and objectivity of damage, and will also increase the difficulty and cost of determining the causal relationship. Therefore, in terms of legislation, we can try to introduce punitive damages system, taking the risk of relationship control as one of the criteria for judging the elements of punitive damages. In terms of interpretation, the court may apply by analogy the personal information damages rules to compensate for lost.