on April 6, the "fourth high level Forum on communication network and information security" held by the people's post and Telecommunications Publishing House was held in Beijing. It is understood that this forum has received strong support from the Ministry of industry and information technology and three major operators, including Huawei, Websense, Antai, Lvmeng technology, HengAn Jiaxin, Guoshun technology, beixinyuan software, Tiancun information, ANCODEC easy to cause disruption technology, Qiming Xingchen, Hangzhou Anheng and other security service manufacturers and R & D institutions. The grand occasion of the conference surpassed the previous three sessions, which shows that the security challenges faced by the communication industry are becoming more and more complex
"the information security situation was relatively stable throughout 2011." At this high-level security forum, xiongsihao, deputy director of the Communications Security Bureau of the Ministry of industry and information technology, said that with the joint efforts of operators, security manufacturers and other parties last year, the overall security situation of China's communication networks and interconnection was relatively stable, and there were no large, overall network security incidents that had a serious impact on social growth
however, in recent years, the new mobile Internet industry with mobile Internet, intelligent terminals and application platforms as the core has developed rapidly, which not only promotes the industrial development and transformation, but also brings increasingly prominent network security problems. The development of cloud computing technology and the introduction of cloud services have brought unpredictable risks to the existing information infrastructure and its security. In addition, the scale of value-added telecommunications services is gradually expanding, the number of users is surging, and the threats to network security such as network attacks and hackers are becoming increasingly complex
operators attach great importance to safety and have achieved remarkable results
according to xiongsihao, last year, the communication security bureau of the Ministry of industry and information technology organized and carried out spot checks on the network security protection work of the three major operators. The final spot check results show that the communication network security quality has reached a new level in 2011, "the overall compliance rate reached 98%"
in this regard, fengyunbo, deputy manager of the technical support division of China mobile information security management department, said that in 2011, China Mobile increased its investment in network information security work in the continuous "bumping". On the basis of information security management, it also established an information security and operation center, increased production functions on the basis of the original management functions, extended the cross departmental working mechanism, and enriched the information security team, The information security management has been strengthened to ensure the pragmatic promotion of network and information security
Feng Yunbo introduced that in 2011, according to customer reports, China Mobile handled 210000 spam SMS numbers in total. According to the data of the Ministry of industry and information technology, the index volume of China Mobile per 10 million showed a rapid downward trend, and the final index volume was one quarter of that in 2009
Chinatelecom liuzhiyong revealed that after three years of attempts, Chinatelecom has established a national network security operation management system, which has well guaranteed its own network security, and also provided customers with 24-hour security monitoring and protection, operation alarm and other services
facing the challenges brought by new technologies
"however, it was found in the spot check that there are still many problems in risk assessment." Xiongsihao said that during the inspection last year, it was found that Chinatelecom and China Mobile had many problems in the application store, among which there were many loopholes. "From the perspective of the current industry, the weak links of operators in the network have not been fundamentally changed. Although they have improved, they have not been fundamentally improved."
it is reported that cloud computing, mobile Internet, IOT, etc. are developing continuously, intelligent terminals are gradually popularized, and the types of security threats are increasing and new changes have taken place. However, the industry is not rich in security protection experience in these new fields, and the formulation of relevant security standards is slightly backward
for example, in view of the security threats of mobile Internet, Yao Tao of China Unicom pointed out that the focus of security risks of mobile Internet has shifted from availability to the loss of information assets. Mobile Internet applications are facing complex, diverse and advancing security threats. At present, there is a lack of a complete, open and secure identity mutual trust mechanism for mobile Internet applications
Feng Yunbo also said that although China Mobile made some achievements in information security in 2011, the overall information security situation is still facing no small challenges. "It is mainly reflected in the increasingly complex security threats brought about by the progress of new technology. At the same time, new businesses and security control are becoming more and more difficult."
on the other hand, the three major operators also have differences in security construction. A person from China Unicom admitted that, relatively speaking, the security management work of Chinatelecom and China Mobile is systematic and normative. They not only do a good job in accordance with the requirements of the Ministry of industry and information technology, but also actively think and innovate, and have made many useful explorations. "In these aspects, China Unicom needs to be strengthened."
Xiong Sihao pointed out that the network security problem involves multiple enterprises, departments and industries, which can not be solved by the Ministry of industry and information technology alone or by operators in one link, and requires the concerted efforts of all departments and all parties in the industrial chain
security of value-added services may become a new difficulty
an industry insider analyzed that in recent years, with the expansion of the scale of value-added telecommunications services and the sharp increase in the number of users, the threats to network security such as network attacks and hackers have become increasingly complex; Due to the lack of risk awareness, awareness and necessary protective measures, user information leakage, business interruption, domain name security and other events of value-added telecommunications enterprises occur from time to time, and the actual harm and negative social impact are increasing. It is very important and urgent to strengthen the security protection management of value-added telecommunications services
xiongsihao said that last year, the Communications Security Bureau of the Ministry of industry and Information Technology launched the pilot work of value-added telecommunications services and Internet domain name service network security protection, and the selected pilot enterprises include Taobao, Sina, Tencent, Baidu, Wanhe air
"from the pilot situation, the safety level of value-added enterprises is uneven." Xiongsihao pointed out that most value-added enterprises have relatively large investment in safety, the whole organization is relatively sound, and the quality of personnel is also relatively high. However, the problems of small and medium-sized value-added service enterprises are still relatively large. From the pilot situation, it can be called "a thousand threads", which requires security manufacturers to help these enterprises solve security vulnerabilities and threats as soon as possible. Communication world - Communication World weekly