习近平总书记关于网络强国的重要思想概论 第五章:筑牢国家网络安全屏障
Return to the Library

General Secretary Xi Jinping’s Introduction to Important Ideology Regarding China as a Cyber Powerhouse (Chapter 5: Building a Durable National Cybersecurity Barrier)

习近平总书记关于网络强国的重要思想概论 第五章:筑牢国家网络安全屏障

In this piece, the CCP Central Committee Office of the Central Cyberspace Affairs Commission (CAC), known under its public regulatory-body name as the Cyberspace Administration of China, outlines a vision for cybersecurity policy and regulation. The piece suggests that private industry, critical information infrastructure, and cybersecurity providers will be vital partners in improving China’s cybersecurity in the years to come. Cybersecurity, CAC argues, cannot be achieved without more government visibility into private industry’s data on cybersecurity threats and incidents.

Key takeaways
  • Published by the Cyberspace Administration of China (CAC) in July 2023, General Secretary Xi Jinping’s Introduction to Important Ideology Regarding China as Cyber Powerhouse outlines the CCP’s views for the future of the internet both behind and beyond China’s Great Firewall. Nestled among surrounding chapters entitled “Strengthen Internet Content Infrastructure and Management”, “Speeding the Development of Self-Reliance in Core Technologies in the Information Domain”, and “Promoting the Construction of a Community with a Shared Future in Cyberspace”, Chapter 5 outlines the Party’s thoughts most closely-related to cybersecurity policy.
  • The CAC admonishes the idea that cybersecurity can ever be achieved “behind closed doors” and clearly articulates the role that an “open system” can play in achieving better national cybersecurity. The CAC states that it will aim to improve regulatory oversight via legal mechanisms for punishment, increase the stringency of regulations that are to be complied with, and seek to increase the government’s understanding of the cybersecurity situation in China.
  • Five months after the book was published, the CAC issued draft requirements for the reporting of cybersecurity incidents to specific regulatory bodies. An incident reporting document is currently available for download from the CAC, but the regulations have not been fully implemented. Collecting national data on cybersecurity incidents is clearly the next step in creating the “open system” the CAC is pursuing. Other government agencies are moving in this direction, too. The Ministry of Industry and Information Technology’s vulnerability database also has a form for collecting cybersecurity incident reports. Provincial CAC offices may soon roll out their own versions. It is unclear who will analyze all this data.
  • Finally, Chapter 5 moves to the brass-tax of the cyber domain: talent and education. To this end, the authors highlight several ongoing initiatives to revamp cybersecurity education, train more hackers and defenders, and improve their integration “into important positions.” The chapter underlines that improvements in national cybersecurity stem from well-educated people working in a system designed to facilitate their access to large amounts of data collected from many parts of society. The CAC makes clear they aim to continue expanding their oversight of society’s cybersecurity.

FacebookTwitterLinkedInEmailPrintCopy Link
Original text
English text
See an error? Drop us a line at
View the translated and original text side-by-side

Throughout the history of human society’s development, every major technological innovation brought new challenges to national security. Currently, network security is a major issue impacting the overall situation. General Secretary Xi Jinping states: “Cybersecurity affects the whole body and profoundly influences the security of politics, economy, culture, society, military and other domains. Without cybersecurity, there is no national security, the economy and society will not operate in a stable manner, and the broad popular masses’ interests will be difficult to guarantee.”1 “We must stand at the height of implementing the overall national security outlook, strengthen network security consciousness, comprehensively strengthen the network security assurance system and capacity building, build a strong network security barrier, and resolutely safeguard national network security.


I. Without cybersecurity, there is no national security


Examining the security threats we face, the most realistic, everyday ones that occur in large numbers do not come from sea, land, airspace, or space, but from cyberspace which has come to be known as the “fifth domain.” Nowadays, network security threats and risks are becoming increasingly prominent and are penetrating into political, economic, cultural, social, ecological, military and other fields. Deeply understanding network security risks and effectively safeguarding the security of cyberspace are major security issues that we must face and solve.


The security situation of critical information infrastructure is grim. Currently, cyberattacks against critical information infrastructure occur from time to time, involving every major country around the world and affecting many important industries such as energy, finance, telecommunications, aviation, and government. Our country’s critical information infrastructure is developing rapidly, and at the same time it is also one of the countries that suffers the most severe cyber security threats in the world. Nation-state advanced persistent threat attacks, intrusion control, information theft, and frequent and sustained attacks by some hacker organizations have seriously threatened our country’s critical information infrastructure.


Data security management faces challenges. Following the development and advancement of artificial intelligence, 5G, Internet of Things, blockchain and other technologies, the number of devices and data volume has increased dramatically and data security threats have continued to rise. This has become a major issue for national security and economic and social development. Attacks targeting data security are becoming increasingly serious, and important data related to the national economy and people’s livelihood have become important targets for attackers; data faces risks of interception, tampering, and forgery among other risks, and problems such as data leakage are prone to occur in the storage process, and there are risks of leakage in use and processing. The risk of excessive collection and leakage of personal information is increasing, some Internet platforms excessively collect and use data beyond an appropriate bound, infringing on the legitimate rights and interests of consumers; some of these platform companies fail to properly handle and secure data, resulting in data leakage and breeding fraud against telecommunications networks. Fraud and other criminal activities have become a major hidden danger that endangers the safety of people’s lives and property.


The threat of militarization in cyberspace is increasing day by day. The militarization process of cyberspace is obvious; some countries have strengthened their offensive cyber compellence strategy and developed cyber combat forces on a large scale, exacerbating the risk of cyber conflicts. Strategic balance and stability of cyberspace are facing new tests between large countries, and world peace is facing new challenges.


II. Establishing a correct view of cybersecurity


Since the 18th National Congress of the Communist Party of China, the Central Committee with Comrade Xi Jinping as its core has attached great importance to cybersecurity work. General Secretary Xi Jinping stressed: “Establish a correct view of cybersecurity.” “National cybersecurity work must adhere to cybersecurity for the people and cybersecurity by the people, ensure the security of personal information, and safeguard the legitimate rights and interests of citizens in cyberspace. We should persist in cybersecurity education, technology, and industry integration, to form a healthy ecosystem of talent training, technological innovation, and industrial development. We should persist in the unification of a development and legal management system, and not only vigorously cultivate new technologies such as artificial intelligence, the Internet of Things, and next-generation communication networks, but also energetically use laws, regulations and standards to guide the application of new technologies. We should pay equal attention to security and controllability, in concert with open innovation, establish a foothold of cybersecurity in an open environment, strengthen international exchanges and cooperation, and raise the people’s sense of gain, happiness, and security in cyberspace.”


“Disasters arise from neglect, and misfortunes arise from subtleties.” The security issues we face are often not technical issues, but issues of consciousness. In recent years, the consciousness of cybersecurity in the whole society has been significantly improved, but the problem of insufficient understanding of cybersecurity still exists. Some people focus on development and neglect security, emphasizing construction and neglecting protection; some think closing the door improves security, unwilling to move towards an open environment to increase security. Some think that cybersecurity is a matter for the central government and professional departments and has nothing to do with them. These views are incorrect. To establish a correct concept of cybersecurity, we need to focus on the following characteristics.


Cybersecurity is holistic rather than fragmented. To maintain cybersecurity we must have visibility into the overall situation, consciousness of the big picture, and from this complete view we must plan, promote, and implement cybersecurity work. On the one hand, cybersecurity radiates outwards and affects political, homeland, military, economic, cultural, social, scientific and technological, ecological, resource, nuclear and other security levels. It pushes and pulls the entire body of national security, we must adhere to the overall national security outlook and regard cybersecurity as an integral part of the national security system. On the other hand, cybersecurity threats come from all directions, and any single hidden danger may cause the collapse of the entire system. We must comprehensively consider the synergy between various network security elements.


Cybersecurity is dynamic, not static. The game of cybersecurity is one where one good thing is met with ten bad things, it cannot be solved once and for all. In the cyber domain, system, product, and management vulnerabilities are all dynamic, and threat methods are also dynamic. The idea of relying on installing a few security devices and security software to maintain security forever is no longer appropriate. All these require us to establish a dynamic protection concept, and at the same time monitor changes to the situation and always regard maintaining cybersecurity as normal work.


Cybersecurity is open, not closed. Nowadays, the vast majority of systems are internet connected, and, since the object of protection itself is in an open environment, security can no longer be based entirely on “closed” measures. In addition, because of the global nature of the internet, the idea of ​​keeping security behind closed doors is neither practical nor feasible. Only by establishing an open environment, improving the level of openness, and absorbing advanced technologies can the level of cybersecurity be continuously improved.


Cybersecurity is relative rather than absolute. Cybersecurity protection is a process of continuous progress and development, and it is impossible to achieve absolute security that exceeds the current level of cybersecurity technology in any given period of time. Cyberattack and defense are asymmetrical, and network confrontation often favors the offense. Network security incidents are sudden and it is impossible to achieve absolute comprehensive prevention beforehand. Strengthening pre-event well-researched prevention measures, and strengthening mid-event and post-event remediation capabilities are the most realistic choices for maintaining cybersecurity.


Cybersecurity is communal, not siloed. In a cyber environment where everything is interconnected and deeply integrated, it is necessary to establish a cybersecurity maintenance mechanism with extensive participation. Government, enterprises, social organizations, and netizens must jointly build a cybersecurity defensive line. In addition, cyberspace is a space for all human activities. Maintaining cyber security is not a matter for one country, but a common responsibility of all countries. It is necessary to strengthen communication, expand consensus, deepen cooperation, and jointly maintain cyberspace security.


We should coordinate development and security, ensure the security of development, and promote the development of security. General Secretary Xi Jinping pointed out, “Cybersecurity and informatization are a single body with two wings, the two wheels of a single drive, and require unified planning, unified deployment, unified promotion, and unified implementation.” 2“Cybersecurity and informatization are complementary to each other. Security is the prerequisite for development, development is the guarantor of security, and security and development must be promoted simultaneously.” Only by adhering to equal emphasis on development and security and keeping pace with the two wheels, can cybersecurity and informatization work be promoted in a healthier, more balanced, and more sustainable way.


Without cybersecurity, there would be no methods to guarantee the development of informatization, and the faster the development of informatization, the greater the potential risk of cybersecurity threats. Globally, many major incidents have occurred due to this lack of synchronization between cybersecurity and informatization, which has brought great risks to critical infrastructure, social productivity and life, and even national power. At present, our country’s network applications and network industry are developing rapidly, but cybersecurity consciousness is not progressing and cybersecurity guarantees have not kept pace with change. Some places and departments have high enthusiasm and investment in informatization construction, but pay little attention to cybersecurity issues with their level of consciousness, attention and investment remaining inadequate. We must coordinate development and security, and strive to build long-term stability and growth.


Failure to develop is the greatest insecurity, and we must not refuse development because of security issues. Cybersecurity is a new problem that arises in the process of informatization and can only be solved in the process of development. Without informatization development, economic and social development will lag behind, cybersecurity will not be guaranteed, and even existing security will be lost.


III. Comprehensively strengthen cybersecurity systems and capacity building


The report of the 20th National Congress of the CCP emphasized the need to firmly safeguard the security of national power, the security of the (political) system, and the security of ideology, strengthen cyber and data security assurance systems, and strengthen the protection of personal information. This requires us to enhance our risk awareness, hold on to the bottom line of security, do a good job in resolving various existing risks and preventing further incremental increases of risk, further build a national cybersecurity barrier, and provide security guarantees for economic and social development and people’s well-being.


Strengthen the security measures for critical information infrastructure. General Secretary Xi Jinping pointed out that “critical information infrastructure is the top priority of cybersecurity protection. Finance, energy, electricity, communications, transportation and other domains are the nerve centers of economic and social operations, and are also a key target of cyber attacks. If one thing goes wrong, it will be a big deal.” “We must conduct in-depth research and take effective measures to protect the security of the country’s critical information infrastructure.” Efforts should be made to establish a national integrated critical information infrastructure security guarantee system, strengthen the awareness of “one game of chess”, strengthen threat information sharing and protective action coordination between critical information infrastructure in different regions, different industries, and different fields, and realize the transformation from decentralized protection to overall protection, the transformation from static protection to dynamic protection, and from passive protection to active protection, implement the main responsibilities of critical information infrastructure operators and the supervision responsibilities of protection work departments, coordinate and organize the implementation of party and government agencies, key industries, and large internet service platforms, inspection and rectification of industrial control systems, etc., to improve risk management, in-depth defense, emergency recovery and other capabilities.


Strengthen cybersecurity situation sensing and emergency response. General Secretary Xi Jinping pointed out, “To maintain network security, we must first know where the risks are, what they are, and when they occur.” If cyberattacks are not detected, early warnings are not timely, information is not summarized, actions are not unified, and the reflection arc is too long, combat opportunities will be missed. “Those who are clever hear what is silent, and those who are wise see the invisible.” Perceiving the cybersecurity situation is the basis for doing a good job in cybersecurity. It is necessary to comprehensively strengthen network security inspections, understand the situation, identify risks, identify vulnerabilities, report the results, and urge rectification. Strengthen the construction of cybersecurity information coordination mechanisms, means, and platforms to bring together security threats, risk situations, and incident information from governments and enterprises, domestic and foreign countries’ security threats, and form a unified and efficient cybersecurity risk reporting, information sharing, research, and disposal mechanism. Establish and improve the linkage mechanism for handling major security incidents, and improve the emergency command and response capabilities for network security incidents.


Strengthen network security review. Cybersecurity review is a common practice in many countries around the world to maintain cybersecurity, and it is also a legitimate measure generally accepted by the international community to ensure national cybersecurity. It is necessary to speed up the improvement and active use of cybersecurity review, use legal weapons to put forward security management requirements for important information technology products and services, and resolutely safeguard our country’s national interests and the legitimate rights and interests of the people.


Strengthen data security management. Data has become an important strategic basic resource, having a revolutionary impact on economic development, social life, national governance, and international competition. It is necessary to adhere to comprehensive management, focus on key aspects of network data management, strengthen policy guidance, legal regulations, administrative supervision, industry self-discipline, social supervision, and public participation, and form a working pattern in which data security is jointly maintained and developed. It is necessary to move the management gate forward, consolidate the main responsibilities of the network platform, adhere to the whole process management before, during and after the event, and strengthen the security protection of important data. It is necessary to build a strong data security barrier, implement a data outbound security assessment system, and promote the safe and orderly flow of data.


Strengthen the protection of personal information. It is necessary to comprehensively use policy, legal, economic, technical and other means to focus on solving the problem of personal information security issues that the people have strongly expressed interest in fixing, ensuring personal information rights and interests such as personal rights to know, make decisions, and deletion. Strengthen law enforcement coordination, and refine and improve legal measures for violations of laws and regulations in the digital domain, ensure the security of personal information, and safeguard the legitimate rights and interests of citizens in cyberspace.


IV. Laying the foundation for cybersecurity


If the foundation is not strong, the ground will shake. Cybersecurity is a baseline and all-encompassing security issue. To do a good job in network security, we must plan and promote it as a whole. It is necessary to clearly recognize the situation and tasks we are facing, fully understand the importance and urgency of doing a good job, plan according to the situation, move in response to the situation, and follow the trend, twist all the threads of resources and forces into a single rope, and effectively consolidate the role of the cybersecurity work base.


Implement the network security work responsibility system. The Internet is a single-point of access into a global network, while cybersecurity protects a single breaking point from becoming a global cybersecurity issue. We should move forward with improving and implementing the cybersecurity work responsibility system, clarify the responsibilities and obligations of various departments and units, hold those responsible for major cybersecurity problems to account, strengthen the overall coordination of cybersecurity work, and increase the coordination of cybersecurity policy planning, major projects, the technology industry, talent cultivation and other aspects to ensure that the defenders are accountable, responsible, and dutiful.


Cultivate a healthy ecosystem for the integration and development of cybersecurity education, technology, and industry. General Secretary Xi Jinping emphasized that “we must persist in the integrated development of cybersecurity education, technology, and industry to form a healthy ecosystem of talent training, technological innovation, and industrial development.” “We must make great efforts and spare no expense, hire excellent teachers, compile excellent teaching materials, recruit outstanding students, and build world-class cyberspace security schools.” Competition in cyberspace is, ultimately, a competition for talent. We should continue to implement the cybersecurity talent process, strengthen talent education and industry coordination, focus on the role of enterprises and the market, build the National Cybersecurity Talent and Innovation Base3, establish World-Class Cybersecurity Schools4, and explore new mechanisms for the integrated development of cybersecurity education and industry integration model. We should support enterprises to deeply participate in the training of cybersecurity talents, from setting training goals, educational materials, the establishment of laboratories, hands-on education, and project-defined research among other things, in cooperation with universities, while encouraging and supporting students to participate in innovation and entrepreneurship while in school. We must insist on promoting talents in an eclectic way, resolutely get rid of evaluation mechanisms such as “paper only” and “hat only”, establish evaluation standards oriented by practical ability and contribution, and discover prodigies and geniuses through various methods, while not demanding perfection, and without reverence for existing seniority, and to not measure with a ruler, while adopting special policies to recruit talents extensively and place them into important positions. It is necessary to strengthen technological innovation in cybersecurity, establish a mechanism to reveal who is responsible for the implementation of major tasks, and strive to break through the core technologies that restrict the development of cybersecurity. It is necessary to strengthen the overall planning and overall layout of the cybersecurity industry, improve policies and measures to support the development of cybersecurity enterprises, increase investment in cybersecurity, strengthen network product management, promote and standardize the healthy development of the network security service market, reduce the burden on enterprises, and stimulate innovation vitality, cultivate and support a group of internationally competitive cybersecurity companies.


Strengthen the entire Party’s and society’s cybersecurity awareness and skills. Not recognizing the risk is the biggest risk, you must put risk prevention in a prominent position and truly build a “firewall” of cybersecurity in your mind. We must adhere to the principle that cybersecurity is for the people and cybersecurity depends on the people, carry out cybersecurity publicity and education by group, level, and field, guide the whole society to master basic cybersecurity skills, develop good safety habits, jointly safeguard the cybersecurity rights and interests of netizens, and build a cybersecurity atmosphere in which everyone participates, everyone is responsible, and everyone shares.


Accelerate the establishment of cybersecurity standards. The root of the Internet is technical protocols, and the root of technical protocols is standards. Whoever sets the standards has the right to speak5; whoever controls the standards has the commanding heights. In the final analysis, the cybersecurity game is about the right to set standards and the right to set rules. It is necessary to conduct in-depth research on the security standards, technical standards, and governance standards of cyberspace, propose more standards that reflect China’s views and demonstrate international morality, and actively participate in the formulation of international standards and rules for cyberspace.


To top

Cite This Page

国家互联网信息办公室 (Cyberspace Administration of China (CAC)). "General Secretary Xi Jinping’s Introduction to Important Ideology Regarding China as a Cyber Powerhouse (Chapter 5: Building a Durable National Cybersecurity Barrier) [习近平总书记关于网络强国的重要思想概论 第五章:筑牢国家网络安全屏障]", (Dakota Cary, Trans.), CSIS Interpret: China, original work published in People's Publishing House [人民出版社], July 1, 2023

FacebookTwitterLinkedInEmailPrintCopy Link