Throughout the history of human society’s development, every major technological innovation brought new challenges to national security. Currently, network security is a major issue impacting the overall situation. General Secretary Xi Jinping states: “Cybersecurity affects the whole body and profoundly influences the security of politics, economy, culture, society, military and other domains. Without cybersecurity, there is no national security, the economy and society will not operate in a stable manner, and the broad popular masses’ interests will be difficult to guarantee.”1 “We must stand at the height of implementing the overall national security outlook, strengthen network security consciousness, comprehensively strengthen the network security assurance system and capacity building, build a strong network security barrier, and resolutely safeguard national network security.
纵观人类社会发展历程,每一次重大技术革新,都会给国家安全带来新的挑战。当前,网络安全成为关乎全局的重大问题。习近平总书记指出:“网络安全牵一发而动全身,深刻影响政治、经济、文化、社会、军事等各领域安全。没有网络安全就没有国家安全,就没有经济社会稳定运行,广大人民群众利益也难以得到保障。”要站在贯彻落实总体国家安全观的高度,强化网络安全意识,全面加强网络安全保障体系和能力建设,筑牢网络安全屏障,坚决维护国家网络安全。
I. Without cybersecurity, there is no national security
一、没有网络安全就没有国家安全
Examining the security threats we face, the most realistic, everyday ones that occur in large numbers do not come from sea, land, airspace, or space, but from cyberspace which has come to be known as the “fifth domain.” Nowadays, network security threats and risks are becoming increasingly prominent and are penetrating into political, economic, cultural, social, ecological, military and other fields. Deeply understanding network security risks and effectively safeguarding the security of cyberspace are major security issues that we must face and solve.
审视我们面临的安全威胁,最现实的、日常大量发生的不是来自海上、陆地、领空、太空,而是来自被称为“第五疆域”的网络空间。当前,网络安全威胁和风险日益突出,并且向政治、经济、文化、社会、生态、军事等领域传导渗透。深刻认识网络安全风险、有力维护网络空间安全,已成为我们必须面对和解决的重大安全课题。
The security situation of critical information infrastructure is grim. Currently, cyberattacks against critical information infrastructure occur from time to time, involving every major country around the world and affecting many important industries such as energy, finance, telecommunications, aviation, and government. Our country’s critical information infrastructure is developing rapidly, and at the same time it is also one of the countries that suffers the most severe cyber security threats in the world. Nation-state advanced persistent threat attacks, intrusion control, information theft, and frequent and sustained attacks by some hacker organizations have seriously threatened our country’s critical information infrastructure.
关键信息基础设施安全形势严峻。当前,针对关键信息基础设施的网络攻击活动时有发生,涉及全球各主要国家,影响能源、金融、电信、航空、政务等多个重要行业领域。我国关键信息基础设施发展迅速,同时也是全球遭受网络安全威胁最严重的国家之一,国家级的高级持续性威胁攻击、人侵控制、信息窃取,以及部分黑客组织频繁持续的攻击行动,对我国关键信息基础设施安全构成严重威胁。
Data security management faces challenges. Following the development and advancement of artificial intelligence, 5G, Internet of Things, blockchain and other technologies, the number of devices and data volume has increased dramatically and data security threats have continued to rise. This has become a major issue for national security and economic and social development. Attacks targeting data security are becoming increasingly serious, and important data related to the national economy and people’s livelihood have become important targets for attackers; data faces risks of interception, tampering, and forgery among other risks, and problems such as data leakage are prone to occur in the storage process, and there are risks of leakage in use and processing. The risk of excessive collection and leakage of personal information is increasing, some Internet platforms excessively collect and use data beyond an appropriate bound, infringing on the legitimate rights and interests of consumers; some of these platform companies fail to properly handle and secure data, resulting in data leakage and breeding fraud against telecommunications networks. Fraud and other criminal activities have become a major hidden danger that endangers the safety of people’s lives and property.
数据安全管理面临挑战。随着人工智能、5G、物联网、区块链等技术的发展和进步,设备数量及数据量急剧增加,数据安全威胁持续放大,已成为事关国家安全与经济社会发展的重大问题。针对数据的网络攻击日趋严重,涉及国计民生的重要数据成为攻击者的重要目标;数据在传输过程中面临被截获、篡改、伪造等风险,在存储环节容易出现数据泄露等问题,在使用加工环节存在数据开发利用违规风险;个人信息过度采集和泄露风险加剧,一些互联网平台过度收集、超范围使用数据,侵害消费者合法权益;部分平台企业未能妥善处理、保管数据,导致数据泄露,滋生电信网络诈骗等犯罪行为,成为危害人民群众生命财产安全的重大隐患。
The threat of militarization in cyberspace is increasing day by day. The militarization process of cyberspace is obvious; some countries have strengthened their offensive cyber compellence strategy and developed cyber combat forces on a large scale, exacerbating the risk of cyber conflicts. Strategic balance and stability of cyberspace are facing new tests between large countries, and world peace is facing new challenges.
网络空间军事化威胁日益加剧。网络空间军事化进程明显,有的国家强化进攻性网络威慑战略,大规模发展网络作战力量,加剧网络冲突风险,大国间网络空间战略平衡与稳定面临新考验,世界和平受到新挑战。
II. Establishing a correct view of cybersecurity
二、树立正确的网络安全观
Since the 18th National Congress of the Communist Party of China, the Central Committee with Comrade Xi Jinping as its core has attached great importance to cybersecurity work. General Secretary Xi Jinping stressed: “Establish a correct view of cybersecurity.” “National cybersecurity work must adhere to cybersecurity for the people and cybersecurity by the people, ensure the security of personal information, and safeguard the legitimate rights and interests of citizens in cyberspace. We should persist in cybersecurity education, technology, and industry integration, to form a healthy ecosystem of talent training, technological innovation, and industrial development. We should persist in the unification of a development and legal management system, and not only vigorously cultivate new technologies such as artificial intelligence, the Internet of Things, and next-generation communication networks, but also energetically use laws, regulations and standards to guide the application of new technologies. We should pay equal attention to security and controllability, in concert with open innovation, establish a foothold of cybersecurity in an open environment, strengthen international exchanges and cooperation, and raise the people’s sense of gain, happiness, and security in cyberspace.”
党的十八大以来,以习近平同志为核心的觉中央高度重视网络安全工作。习近平总书记强调:“树立正确的网络安全观。”“国家网络安全工作要坚持网络安全为人民、网络安全靠人民,保障个人信息安全,维护公民在网络空间的合法权益。要坚持网络安全教育、技术、产业融合发展,形成人才培养、技术创新、产业发展的良性生态。要坚持促进发展和依法管理相统一,既大力培育人工智能、物联网、下一代通信网络等新技术新应用,又积极利用法律法规和标准规范引导新技术应用。要坚持安全可控和开放创新并重,立足于开放环境维护网络安全,加强国际交流合作,提升广大人民群众在网络空间的获得感、幸福感、安全感.”
“Disasters arise from neglect, and misfortunes arise from subtleties.” The security issues we face are often not technical issues, but issues of consciousness. In recent years, the consciousness of cybersecurity in the whole society has been significantly improved, but the problem of insufficient understanding of cybersecurity still exists. Some people focus on development and neglect security, emphasizing construction and neglecting protection; some think closing the door improves security, unwilling to move towards an open environment to increase security. Some think that cybersecurity is a matter for the central government and professional departments and has nothing to do with them. These views are incorrect. To establish a correct concept of cybersecurity, we need to focus on the following characteristics.
“患生于所忽,祸起于细微。”我们面临的安全问题,很多时候不是技术问题,而是意识问题。这几年,全社会网络安全意识有了显著提高,但网络安全认识不到位的问题依然存在,有的重发展轻安全、重建设轻防护;有的认为关起门来搞更安全,不愿立足开放环境搞安全;有的认为网络安全是中央的事、专业部门的事,同自己无关。这些看法都是不正确的。树立正确的网络安全观,需要重点把握好以下几个特点。
Cybersecurity is holistic rather than fragmented. To maintain cybersecurity we must have visibility into the overall situation, consciousness of the big picture, and from this complete view we must plan, promote, and implement cybersecurity work. On the one hand, cybersecurity radiates outwards and affects political, homeland, military, economic, cultural, social, scientific and technological, ecological, resource, nuclear and other security levels. It pushes and pulls the entire body of national security, we must adhere to the overall national security outlook and regard cybersecurity as an integral part of the national security system. On the other hand, cybersecurity threats come from all directions, and any single hidden danger may cause the collapse of the entire system. We must comprehensively consider the synergy between various network security elements.
网络安全是整体的而不是割裂的。维护网络安全必须有全局视野、大局意识,从整体出发谋划、推进、落实网络安全工作。一方面,网络安全辐射影响到政治安全、国土安全、军事安全、经济安全、文化安全、社会安全、科技安全、生态安全、资源安全、核安全等各个层面,对国家安全牵一发而动全身,必须坚持总体国家安全观,将网络安全作国家安全体系的有机组成部分。另一方面,网络安全威胁来自四面八方,任何单点隐患都有可能造成整体系统的崩溃,必须综合考虑网络安全各要素之间的协同性。
Cybersecurity is dynamic, not static. The game of cybersecurity is one where one good thing is met with ten bad things, it cannot be solved once and for all. In the cyber domain, system, product, and management vulnerabilities are all dynamic, and threat methods are also dynamic. The idea of relying on installing a few security devices and security software to maintain security forever is no longer appropriate. All these require us to establish a dynamic protection concept, and at the same time monitor changes to the situation and always regard maintaining cybersecurity as normal work.
网络安全是动态的而不是静态的。网络安全的博弈是魔高一尺道高一丈,不可能一劳永逸。在网络安全领域,系统漏洞、产品漏洞、管理漏洞都是动态的,威胁手段也是动态的,那种依靠装几个安全设备和安全软件就想永保安全的想法已不合时宜。这些都要求我们树立动态的防护理念,及时监测态势变化,始终将维护网络安全作为常态化的工作。
Cybersecurity is open, not closed. Nowadays, the vast majority of systems are internet connected, and, since the object of protection itself is in an open environment, security can no longer be based entirely on “closed” measures. In addition, because of the global nature of the internet, the idea of keeping security behind closed doors is neither practical nor feasible. Only by establishing an open environment, improving the level of openness, and absorbing advanced technologies can the level of cybersecurity be continuously improved.
网络安全是开放的而不是封闭的。如今,绝大多数系统都在联网运行,既然保护的对象本身就处在开放环境中,就不能再将安全全部建立在封闭的措施之上。此外,互联网具有高度全球化的特征,关起门来保安全的想法既不符合实际也难以做到。只有立足开放环境,提高开放水平,吸收先进技术,网络安全水平才能不断提高。
Cybersecurity is relative rather than absolute. Cybersecurity protection is a process of continuous progress and development, and it is impossible to achieve absolute security that exceeds the current level of cybersecurity technology in any given period of time. Cyberattack and defense are asymmetrical, and network confrontation often favors the offense. Network security incidents are sudden and it is impossible to achieve absolute comprehensive prevention beforehand. Strengthening pre-event well-researched prevention measures, and strengthening mid-event and post-event remediation capabilities are the most realistic choices for maintaining cybersecurity.
网络安全是相对的而不是绝对的。网络安全防护是不断进步发展的过程,不可能在特定时间段内实现超越当下网络安全技术水平的绝对安全。网络攻防具有不对称性,网络对抗往往是攻易守难。网络安全事件具有突发性,无法实现绝对的事前全面防范。强化事前研判防范,加强事中事后处置能力,是维护网络安全的现实选择。
Cybersecurity is communal, not siloed. In a cyber environment where everything is interconnected and deeply integrated, it is necessary to establish a cybersecurity maintenance mechanism with extensive participation. Government, enterprises, social organizations, and netizens must jointly build a cybersecurity defensive line. In addition, cyberspace is a space for all human activities. Maintaining cyber security is not a matter for one country, but a common responsibility of all countries. It is necessary to strengthen communication, expand consensus, deepen cooperation, and jointly maintain cyberspace security.
网络安全是共同的而不是孤立的。在万物互联、深度融合的网络环境下,需要建立广泛参与的网络安全维护机制,政府、企业、社会组织、广大网民共同参与,共筑网络安全防线。此外,网络空间是全人类的活动空间,维护网络安全不是一国的事,是各国共同的责任,需要加强沟通、扩大共识、深化合作,共同维护网络空间安全。
We should coordinate development and security, ensure the security of development, and promote the development of security. General Secretary Xi Jinping pointed out, “Cybersecurity and informatization are a single body with two wings, the two wheels of a single drive, and require unified planning, unified deployment, unified promotion, and unified implementation.” 2“Cybersecurity and informatization are complementary to each other. Security is the prerequisite for development, development is the guarantor of security, and security and development must be promoted simultaneously.” Only by adhering to equal emphasis on development and security and keeping pace with the two wheels, can cybersecurity and informatization work be promoted in a healthier, more balanced, and more sustainable way.
统筹发展和安全,以安全保发展、以发展促安全。习近平总书记指出,“网络安全和信息化是一体之两翼、驱动之双轮,必须统一谋划、统一部署、统一推进、统一实施”,“网络安全和信息化是相辅相成的。安全是发展的前提,发展是安全的保障,安全和发展要同步推进”。只有坚持发展安全并重、双轮并驾齐驱,网络安全和信息化工作才能推进得更健康、更均衡、更可持续。
Without cybersecurity, there would be no methods to guarantee the development of informatization, and the faster the development of informatization, the greater the potential risk of cybersecurity threats. Globally, many major incidents have occurred due to this lack of synchronization between cybersecurity and informatization, which has brought great risks to critical infrastructure, social productivity and life, and even national power. At present, our country’s network applications and network industry are developing rapidly, but cybersecurity consciousness is not progressing and cybersecurity guarantees have not kept pace with change. Some places and departments have high enthusiasm and investment in informatization construction, but pay little attention to cybersecurity issues with their level of consciousness, attention and investment remaining inadequate. We must coordinate development and security, and strive to build long-term stability and growth.
没有网络安全,就无法保障信息化发展,而且信息化发展越快,网络安全威胁潜在的风险就可能越大。在全球范围内,已经发生许多因网络安全防护没有同步跟进而导致的重大事件,对关键基础设施、社会生产生活乃至国家政权安全带来极大风险。目前,我国网络应用和网络产业发展很快,但网络安全意识不足、网络安全保障没有同步跟上的情况仍然存在,有的地方和部门信息化建设热情高、投入大,但是对网络安全问题的认识程度、重视程度、投人程度还不够。必须统筹发展和安全,努力建久安之势、成长治之业。
Failure to develop is the greatest insecurity, and we must not refuse development because of security issues. Cybersecurity is a new problem that arises in the process of informatization and can only be solved in the process of development. Without informatization development, economic and social development will lag behind, cybersecurity will not be guaranteed, and even existing security will be lost.
不发展是最大的不安全,绝不能因安全间题而拒绝发展。网络安全是信息化推进过程中出现的新问题,只能在发展的过程中用发展的方式加以解决。没有信息化发展,经济社会发展将会滞后,网络安全也没有保障,已有的安全甚至会丧失。
III. Comprehensively strengthen cybersecurity systems and capacity building
三、全面加强网狢安全保障体系和能力建没
The report of the 20th National Congress of the CCP emphasized the need to firmly safeguard the security of national power, the security of the (political) system, and the security of ideology, strengthen cyber and data security assurance systems, and strengthen the protection of personal information. This requires us to enhance our risk awareness, hold on to the bottom line of security, do a good job in resolving various existing risks and preventing further incremental increases of risk, further build a national cybersecurity barrier, and provide security guarantees for economic and social development and people’s well-being.
党的二十大报告强调,要坚定维护国家政权安全、制度安全、意识形态安全,加强重点领域安全能力建设,强化网络、数据等安全保障体系建设,加强个人信息保护。这就要求我们必须增强风险意识、守牢安全底线,抓好各种存量风险化解和增量风险防范,进一步筑牢国家网络安全屏障,为经济社会发展和人民群众福祉提供安全保障。
Strengthen the security measures for critical information infrastructure. General Secretary Xi Jinping pointed out that “critical information infrastructure is the top priority of cybersecurity protection. Finance, energy, electricity, communications, transportation and other domains are the nerve centers of economic and social operations, and are also a key target of cyber attacks. If one thing goes wrong, it will be a big deal.” “We must conduct in-depth research and take effective measures to protect the security of the country’s critical information infrastructure.” Efforts should be made to establish a national integrated critical information infrastructure security guarantee system, strengthen the awareness of “one game of chess”, strengthen threat information sharing and protective action coordination between critical information infrastructure in different regions, different industries, and different fields, and realize the transformation from decentralized protection to overall protection, the transformation from static protection to dynamic protection, and from passive protection to active protection, implement the main responsibilities of critical information infrastructure operators and the supervision responsibilities of protection work departments, coordinate and organize the implementation of party and government agencies, key industries, and large internet service platforms, inspection and rectification of industrial control systems, etc., to improve risk management, in-depth defense, emergency recovery and other capabilities.
加强关键信息基础设施安全防护。习近平总书记指出,“关键信息基础设施是网络安全防护的重中之重。金融、能源、电力、通信、交通等领域的关键信息基础设施是经济社会运行的神经中枢,也是网络攻击的重点目标,不出事则已,一出事就是大事”,“我们必须深人研究,采取有效措施,切实做好国家关键信息基础设施安全防护”。要着力构建全国一体化的关键信息基础设施安全保障体系,强化“一盘棋”意识,加强不同地区、不同行业、不同领域关键信息基础设施之间的威胁信息共享和防护行动协同,实现从分散防护到整体防护、从静态防护到动态防护、从被动防护到主动防护的转变,落实关键信息基础设施运营者主体责任和保护工作部门监管责任,统筹组织开展对党政机关、重点行业、大型互联网服务平台、工业控制系统等的检查整改,提升风险管理、纵深防御、应急恢复等能力.
Strengthen cybersecurity situation sensing and emergency response. General Secretary Xi Jinping pointed out, “To maintain network security, we must first know where the risks are, what they are, and when they occur.” If cyberattacks are not detected, early warnings are not timely, information is not summarized, actions are not unified, and the reflection arc is too long, combat opportunities will be missed. “Those who are clever hear what is silent, and those who are wise see the invisible.” Perceiving the cybersecurity situation is the basis for doing a good job in cybersecurity. It is necessary to comprehensively strengthen network security inspections, understand the situation, identify risks, identify vulnerabilities, report the results, and urge rectification. Strengthen the construction of cybersecurity information coordination mechanisms, means, and platforms to bring together security threats, risk situations, and incident information from governments and enterprises, domestic and foreign countries’ security threats, and form a unified and efficient cybersecurity risk reporting, information sharing, research, and disposal mechanism. Establish and improve the linkage mechanism for handling major security incidents, and improve the emergency command and response capabilities for network security incidents.
加强网络安全态势感知和应急处置。习近平总书记指出,“维护网络安全,首先要知道风险在哪里,是什么样的风险,什么时候发生风险”。如果对网络攻击感知不到位、预警不及时、信息不汇总、行动不统一,反射弧太长,就会贻误战机。“聪者听于无声,明者见于未形”,感知网络安全态势是做好网络安全工作的基础。要全面加强网络安全检查,摸清家底,认清风险,找出漏洞,通报结果,督促整改。加强网络安全信息统筹机制建设、手段建设、平台建设,把政府和企业、国内和国外的安全威胁、风险情况和事件信息汇集起来,形成统一高效的网络安全风险报告、信息共享和研判处置机制,建立健全重大安全事件处置联动机制,提高网络安全事件应急指挥和响应处置能力。
Strengthen network security review. Cybersecurity review is a common practice in many countries around the world to maintain cybersecurity, and it is also a legitimate measure generally accepted by the international community to ensure national cybersecurity. It is necessary to speed up the improvement and active use of cybersecurity review, use legal weapons to put forward security management requirements for important information technology products and services, and resolutely safeguard our country’s national interests and the legitimate rights and interests of the people.
加强网络安全审查。网络安全审查是世界很多国家维护国家网络安全的普遍做法,也是国际社会普遍接受的保障国家网络安全的正当措施。要加快完善和积极运用网络安全审查,运用法律武器对重要信息技术产品和服务提出安全管理要求,坚决维护我国国家利益和人民群众合法权益。
Strengthen data security management. Data has become an important strategic basic resource, having a revolutionary impact on economic development, social life, national governance, and international competition. It is necessary to adhere to comprehensive management, focus on key aspects of network data management, strengthen policy guidance, legal regulations, administrative supervision, industry self-discipline, social supervision, and public participation, and form a working pattern in which data security is jointly maintained and developed. It is necessary to move the management gate forward, consolidate the main responsibilities of the network platform, adhere to the whole process management before, during and after the event, and strengthen the security protection of important data. It is necessary to build a strong data security barrier, implement a data outbound security assessment system, and promote the safe and orderly flow of data.
加强数据安全管理。数据已成为重要的战略性基础性资源,对经济发展、社会生活、国家治理、国际竞争产生革命性影响。要坚持综合治理,聚焦网络数据管理重点环节,加强政策引导、法律规制、行政监管、行业自律、社会监督、公众参与,形成数据安全共同维护和发展共同促进的工作格局。要推动管理关口前移,压实网络平台主体责任,坚持事前、事中、事后全过程管理,强化重要数据安全保护。要筑牢数据安全屏障,实施数据出境安全评估制度,促进数据安全有序流动。
Strengthen the protection of personal information. It is necessary to comprehensively use policy, legal, economic, technical and other means to focus on solving the problem of personal information security issues that the people have strongly expressed interest in fixing, ensuring personal information rights and interests such as personal rights to know, make decisions, and deletion. Strengthen law enforcement coordination, and refine and improve legal measures for violations of laws and regulations in the digital domain, ensure the security of personal information, and safeguard the legitimate rights and interests of citizens in cyberspace.
加强个人信息保护。要综合运用政策、法律、经济、技术等手段,着力破解人民群众反映强烈的个人信息安全等问题,保证个人知情权、决定权、删除权等个人信息权益,加强执法工作协调,细化完善打击数据领域违法违规行为的法律措施,保障个人信息安全,维护公民在网络空间的合法权益。
IV. Laying the foundation for cybersecurity
四、夯实网络安全基础
If the foundation is not strong, the ground will shake. Cybersecurity is a baseline and all-encompassing security issue. To do a good job in network security, we must plan and promote it as a whole. It is necessary to clearly recognize the situation and tasks we are facing, fully understand the importance and urgency of doing a good job, plan according to the situation, move in response to the situation, and follow the trend, twist all the threads of resources and forces into a single rope, and effectively consolidate the role of the cybersecurity work base.
基础不牢,地动山摇。网络安全是基础性、全局性的安全问题,做好网络安全工作,必须统筹谋划、统筹推进。要认清面临的形势和任务,充分认识做好工作的重要性和紧迫性,因势而谋、应势而动、顺势而,把方方面面资源和力量拧成一股绳,切实夯实网络安全工作的基础。
Implement the network security work responsibility system. The Internet is a single-point of access into a global network, while cybersecurity protects a single breaking point from becoming a global cybersecurity issue. We should move forward with improving and implementing the cybersecurity work responsibility system, clarify the responsibilities and obligations of various departments and units, hold those responsible for major cybersecurity problems to account, strengthen the overall coordination of cybersecurity work, and increase the coordination of cybersecurity policy planning, major projects, the technology industry, talent cultivation and other aspects to ensure that the defenders are accountable, responsible, and dutiful.
落实网络安全工作责任制。互联网是一点接入、全球联网,网络安全是一点击破、全网突破。要进一步完善并落实网络安全工作责任制,明确各部门各单位的职责和义务,对发生重大网络安全问题的要追究责任,加强网络安全工作统筹协调,加大对网络安全政策规划、重大项目、技术产业、人才教育等方面的统筹力度,做到守士有责、守土负责、守士尽责。
Cultivate a healthy ecosystem for the integration and development of cybersecurity education, technology, and industry. General Secretary Xi Jinping emphasized that “we must persist in the integrated development of cybersecurity education, technology, and industry to form a healthy ecosystem of talent training, technological innovation, and industrial development.” “We must make great efforts and spare no expense, hire excellent teachers, compile excellent teaching materials, recruit outstanding students, and build world-class cyberspace security schools.” Competition in cyberspace is, ultimately, a competition for talent. We should continue to implement the cybersecurity talent process, strengthen talent education and industry coordination, focus on the role of enterprises and the market, build the National Cybersecurity Talent and Innovation Base3, establish World-Class Cybersecurity Schools4, and explore new mechanisms for the integrated development of cybersecurity education and industry integration model. We should support enterprises to deeply participate in the training of cybersecurity talents, from setting training goals, educational materials, the establishment of laboratories, hands-on education, and project-defined research among other things, in cooperation with universities, while encouraging and supporting students to participate in innovation and entrepreneurship while in school. We must insist on promoting talents in an eclectic way, resolutely get rid of evaluation mechanisms such as “paper only” and “hat only”, establish evaluation standards oriented by practical ability and contribution, and discover prodigies and geniuses through various methods, while not demanding perfection, and without reverence for existing seniority, and to not measure with a ruler, while adopting special policies to recruit talents extensively and place them into important positions. It is necessary to strengthen technological innovation in cybersecurity, establish a mechanism to reveal who is responsible for the implementation of major tasks, and strive to break through the core technologies that restrict the development of cybersecurity. It is necessary to strengthen the overall planning and overall layout of the cybersecurity industry, improve policies and measures to support the development of cybersecurity enterprises, increase investment in cybersecurity, strengthen network product management, promote and standardize the healthy development of the network security service market, reduce the burden on enterprises, and stimulate innovation vitality, cultivate and support a group of internationally competitive cybersecurity companies.
培育网络安全教育技术产业融合发展良性生态。习近平总书记强调,“要坚持网络安全教育、技术、产业融合发展,形成人才培养、技术创新、产业发展的良性生态”,“要下大功夫、下大本钱,请优秀的老师,编优秀的教材,招优秀的学生,建一流的网络空间安全学院”。网络空间的竞争,归根结底是人才竞争。要持续实施网络安全人才工程,加强人才教育和技术产业统筹,重点发挥企业和市场作用,建设国家网络安全人才与创新基地,创建世界一流网络空间安全学院,探索网络安全教育技术产业融合发展新机制新模式。要支持企业深度参与网络安全人才培养,从培养日标、课程设置、教材编制、实验室建设、实践教学、课题研究等环节加强与高校的合作,鼓励和支持学生在校阶段参与创新创业。要坚持做到不拘一格降人才,坚决破除“唯论文”、“唯帽子”等评价机制,树立以实际能力和贡献为导向的评价标准,通过多种方式发现民间的怪才、奇才,不求全责备,不论资排辈,不一把尺子衡量,采取特殊政策广泛招收人才、重用人才。要强化网络安全技术创新,建立实施重大任务“揭榜挂帅”机制,着力突破制约网络安全发展的核心技术。要加强网络安全产业统筹规划和整体布局,完善支持网络安全企业发展的政策措施,增加网络安全投人,加强网络产品管理,促进和规范网络安全服务市场健康发展,减轻企业负担,激发创新活力,培育扶持一批具有国际竞争力的网络安全企业。
Strengthen the entire Party’s and society’s cybersecurity awareness and skills. Not recognizing the risk is the biggest risk, you must put risk prevention in a prominent position and truly build a “firewall” of cybersecurity in your mind. We must adhere to the principle that cybersecurity is for the people and cybersecurity depends on the people, carry out cybersecurity publicity and education by group, level, and field, guide the whole society to master basic cybersecurity skills, develop good safety habits, jointly safeguard the cybersecurity rights and interests of netizens, and build a cybersecurity atmosphere in which everyone participates, everyone is responsible, and everyone shares.
加强全党全社会网络安全意识和技能培养。没有意识到风险是最大的风险,必须把防风险摆在突出位置,在头脑中真正筑起网络安全的“防火墙”。要坚持网络安全人民、网络安全靠人民,分群体、分层次、分领域开展网络安全宣传教育,引导全社会掌握基本网络安全技能、养成良好安全习惯,共同维护网民网络安全权益,构建网络安全人人参与、人人有责、人人共享的浓厚氛围。
Accelerate the establishment of cybersecurity standards. The root of the Internet is technical protocols, and the root of technical protocols is standards. Whoever sets the standards has the right to speak5; whoever controls the standards has the commanding heights. In the final analysis, the cybersecurity game is about the right to set standards and the right to set rules. It is necessary to conduct in-depth research on the security standards, technical standards, and governance standards of cyberspace, propose more standards that reflect China’s views and demonstrate international morality, and actively participate in the formulation of international standards and rules for cyberspace.
加快网络安全标准建设。互联网的根子是技术协议,技术协议的根子是标准。谁制定标准,谁就拥有话语权;谁掌握标准,谁就占领制高点。网络安全博弈归根到底争的是标准制定权、规则主导权。要深入研究网络空间的安全标准、技术标准、治理标准,提出更多体现中国主张、彰显国际道义的标准,积极参与网络空间国际标准和规则的制定。