Abstract:
[Domestic Policy Trends]
Vice chairman of the Standing Committee of the National People’s Congress on the network security Law enforcement inspection summary stressed the protection of personal informationClick to view the original article
Summary:On the morning of December 24, the thirty-first session of the 12th National People’s Congress (NPC) Standing Committee listened to the NPC Standing Committee law enforcement inspection team on the network security law, strengthen the network information protection decision implementation of the report, NPC Standing Committee vice Chairman Wang Shengjun on behalf of the law enforcement inspection team to the conference to make a report. Wang Shengjun said that the implementation of a number of systems for the protection of user personal information is not ideal, law enforcement inspection of the “ten thousand survey report” shows that more than half of the respondents think that “enterprises must express the collection of personal information, the purpose of use, methods and scope” implementation is not good or general; Nearly half of the respondents have encountered excessive collection of user information; Some 61.2 percent of them encountered “overlord clauses” that force companies to collect user information.
Comment on:In June 2017 promulgated the “network security Law” implementation of less than 3 months on the launch of law enforcement inspection, this is the first time in the NPC Standing Committee supervision work, reflects the government. In the future, the government will speed up legislation on personal information protection, clarify principles and procedures for network operators to collect user information, clarify obligations and responsibilities, and strengthen supervision, inspection and evaluation measures. After the introduction of relevant standards in 2018, supervision will become stricter and there is evidence to rely on.
[Domestic policy dynamics] The NPC Standing Committee proposed to comb the network security law enforcement system as soon as possible to clarify regulatory responsibilities
Click to view the original article
Click to view the original article
Summary:December 26, the thirty-first session of the 12th National People’s Congress (NPC) Standing Committee group deliberated the network security Law, the NPC Standing Committee on strengthening the network information protection decision enforcement inspection report. Some members of the Standing Committee suggested strengthening overall planning and coordination and straightening out the cybersecurity law enforcement system as soon as possible. Some members of the committee pointed out that the current network security supervision “unclear powers and responsibilities, each fight on its own, law enforcement prevarication, low efficiency and other problems have not been fully resolved, the law entrusted to the Internet and information departments to perform the overall coordination function is not smooth.” Among them, Xie Xuren suggested that we should improve the standardized law enforcement system to adapt to the characteristics of the network as soon as possible, improve the network law enforcement cooperation mechanism, strengthen the overall coordination of the Internet and information departments, clarify the rights and responsibilities of the departments, and form the coordination mechanism of the Internet, industry and information technology, public security and other departments.
Comment on:“Network Security Law” implementation so far, network information, industry information, public security and local supervision have a certain degree of law enforcement participation, reflecting the government attaches importance to network security. But in the actual law enforcement, a more perfect coordination mechanism and a clear division of responsibilities and rights play an important role in the implementation of the network security law, which is conducive to a more efficient and coordinated law enforcement inspection. For network operators, with clear law enforcement and supervision subjects, they can be more clearly aware of legal obligations and better cooperate with law enforcement.
[Industry Trends]
Analysis report on DDoS Attack Resources in China in 2017Click to view the original article
Analysis report on DDoS Attack Resources in China in 2017Click to view the original article
Summary:CNCERT has made an in-depth analysis of thousands of distributed denial of Service (DDoS) attacks on the Chinese mainland. This paper analyzes the network resources from which DDoS attacks are launched based on the Internet threat management. The attack resources mainly analyzed include: 1. 2. Broiler resources; 3. Reflect server resources; 4. Reflect the source router of attack traffic; 5. Forge the traffic source router across domains. 6. Forge the local traffic source router.
Comment on:One DDoS attack reported by CNCERT refers to a single DDoS attack by different attack resources against a fixed target within the experience attack cycle, and the attack cycle does not exceed 24 hours. If the same attack target is attacked by the same attack resource, but with an interval of 24 hours or more, the event is considered two attacks. In addition, DDoS attack resources and target addresses refer to their IP addresses, and their geographical locations are determined by their IP addresses. The report analyzes the number and frequency of each type of attack resources and traces the source of the foreign control terminal that initiates DDoS attacks, which is of great reference value for more accurate and efficient defense against DDoS attacks in the future.
To subscribe to
NEWS FROM THE LAB
One-click subscriptions
Get the latest information at one o ‘clock
Scan code to participate in global security information selection
Reader research and feedback
Scan code to join THE LAB reader spike group
(Authentication required)