The Cybersecurity Law of the People's Republic of China is formulated to ensure network security, safeguard cyberspace sovereignty and national security, social and public interests, protect the legitimate rights and interests of citizens, legal persons and other organizations, and promote the healthy development of economic and social informationization, which is of great significance to the construction of the rule of law in China's cyberspace.
Loading...
below
Let's learn this law together!
↓↓↓
Typical case of the Cybersecurity Law
Cybersecurity
Case 1: The parking lot charging system was damaged and lost 300,000 yuan - a case of the destruction of the computer information system of a parking lot
A parking lot manager reported that his toll room computer would "operate automatically" at night and "delete the relevant parking fee data by itself" when no one was using it. After forensic analysis, the police found that the information system was maliciously loaded with "remote control software", so that the criminals could remotely control the computer in the toll room and delete and modify the parking fee fund data. After in-depth investigation, it was found that the financial manager of the parking lot property management company, the administrator of the charging room and the manager of the charging system operation and maintenance company colluded with each other to commit the crime. The above three people took advantage of their positions to install "remote control software" on the smart toll computer and personal mobile phone in the parking lot to steal the assets of the property management company. According to statistics, the criminal gang embezzled a total of about 300,000 yuan in parking fees.
The reason for this case was that the internal cybersecurity management system was not in place. While the Internet provides great convenience for office, it also provides new channels for crime. The main reason for the occurrence of cybersecurity cases is not the commonly imagined "technical attack", but the lack of security management. Because internal employees are familiar with business processes, they are more likely to take advantage of management loopholes to commit crimes related to embezzlement. Strengthening management awareness and implementing management systems is the core of ensuring network security.
Internet police alert
All units should establish and improve the management system of the daily work business-related information system, strictly implement the supervision and management of the operation of the business system through technical measures such as login authentication and behavior audit, and retain the relevant log records of the system in accordance with the law, so as to ensure that the relevant systems can be used legally and compliantly, and truly serve the business operation.
Case 2: Anti-virus software and firewall were not enabled, and the server was controlled by hackers - Guangdong X Education Technology Co., Ltd. failed to implement Internet security technical measures
Guangzhou police received a report that the IP of Guangdong X Education Technology Co., Ltd. was suspected of frequently launching cyber attacks. After investigation, the relevant system using the IP did not enable anti-virus software and firewalls, resulting in a network attack on the server after being controlled by hackers, and the network security system logs were retained for less than 6 months. In accordance with the relevant provisions of the "Provisions on Technical Measures for Internet Security Protection", the police issued a warning to the company and ordered it to make corrections within a time limit. In this case, the company involved "emphasized application over security", believing that the business volume was small, the leased bandwidth was not large, and the network security facilities could be exempted, and did not implement the security protection and log retention measures required by laws and regulations.
Internet police alert
All units should establish a correct concept of network security and earnestly implement technical measures for network security. Once a network security incident occurs, it will greatly disrupt the normal business order and lead to the loss of business results. Therefore, the effective implementation of cybersecurity technical measures can avoid security risks, and is not an unwarranted increase in business burden. Security protection technical measures such as log retention required by laws and regulations are the bottom line and cannot be ignored.
Case 3: Classified Protection Filing ≠ Classified Protection Evaluation - Guangdong YiX E-commerce Co., Ltd. violated the computer information system security graded protection system
In their daily work, the police found that an information system of Guangdong Yix E-commerce Co., Ltd. was put into operation in July 2015 and completed the filing of classified protection (level 2) on February 6, 2016, but since then, the level assessment has not been carried out in accordance with the law. To this end, the relevant investigators went to the company to carry out an investigation. After investigation, the company did not understand the relevant laws, regulations and systems, and mistakenly believed that the classified protection work had been completed after completing the classified protection filing, so it did not further carry out the information security classified protection assessment after the filing. Subsequently, the Guangzhou police gave the company a warning and punishment in accordance with the law and ordered it to make corrections within a time limit.
This case reflects some misunderstandings in the process of implementing classified information security protection. First of all, they do not understand the relevant laws and regulations of classified protection, and some units mistakenly believe that they have obtained the filing certificate provided by the public security organ and have the level of graded protection, but they have not started the evaluation process and have not substantively implemented the technical measures and management system for security protection. What's more, it is believed that the filing of classified protection is to "obtain qualifications" by obtaining a filing certificate, so as to increase the "bargaining chips" when bidding, and deliberately do not implement the "various systems and measures for network security protection" required by law. If the network security technical measures related to the MLPS are not in place, it may lead to serious problems such as the leakage of sensitive information, the encroachment of network resources, and the paralysis and damage of controlled equipment.
Internet police alert
In the process of carrying out classified protection work, all units should first clarify the purpose of hierarchical protection - to strengthen the ability and level of network security protection to ensure the safe and stable operation of information systems. On this basis, in strict accordance with the requirements of the "Cybersecurity Law" and other laws and regulations, implement various security management systems and protection technical measures, and effectively strengthen the level of network security protection.
Case 4: How important should weblogs be?! -- Case of a unit failing to implement technical measures for internet security
At the end of 2018, the police cracked a case of using a system vulnerability to tamper with data and illegally buy and sell public resources. In the course of the investigation and handling of the case, the investigation and handling of the case was hindered due to the insufficient retention of logs related to the key systems involved in the unit. In accordance with Article 21 of the Cybersecurity Law (the logs recording the operation status of the network must be kept for no less than six months), the police imposed an administrative penalty of a warning on him and ordered him to make corrections within a time limit.
Network logs are important records for recording the operation status of the network, and strict implementation of log retention is a necessary measure to strengthen the audit and management of relevant information systems, and can provide important support for backtracking operations and clarifying objects in the event of network-related incidents. However, the actual situation is that many units that have occurred cyber-related cases have not implemented the retention of network logs in accordance with the law, or the retention period is insufficient, or the key retention fields are missing. In this regard, the Ministry of Public Security has specially set up a system of "one case and two investigations", that is, when carrying out investigation and investigation of cases of online violations and crimes, it will simultaneously initiate supervision and inspection of the performance of the statutory network security obligations of the network service providers involved in the cases. The public security organs will investigate network service providers who refuse to perform their legally-prescribed network security obligations or provide assistance for illegal and criminal online activities, and will severely punish them.
Internet police alert
It is a requirement clearly stipulated in laws and regulations for all units to strictly keep the relevant logs of the information system in accordance with the law to ensure that the system operation behavior is traceable. At the same time, it will create a strong deterrent to those with bad intentions, provide law enforcement support for the investigation and handling of cases after being attacked, and protect their legitimate rights and interests.
Source: Netinfo Tianjin, China Law Popularization Network, Sanmenxia Reservoir Water Policy Law Popularization