Dec 2016, Volume 18 Issue 6
    

  • Select all
  • Original article
    Research on Cyberspace Sovereignty
    Fang Binxing, Zou Peng, Zhu Shibing
    2016, 18(6): 1-7. https://doi.org/10.15302/J-SSCAE-2016.06.001
    Download PDF
    Cyberspace sovereignty, also known as cyber sovereignty, is the extension of national sovereignty to the platform of information and communication technology systems. This article defines cyberspace and cyber sovereignty, argues against several erroneous points of view that deny cyber sovereignty, and discusses the existence of cyber sovereignty.
  • Original article
    Research on the Issue of a Cyber Sovereignty Guarantee
    Zou Peng, He Jun, Zou Hongxia, Liu Yunjie
    2016, 18(6): 8-12. https://doi.org/10.15302/J-SSCAE-2016.06.002
    Download PDF
    As cyberspace carries more and more national, public, and private interests, the issue of a cyber sovereignty guarantee has attracted great attention around the world. From the perspective of China’s cyber sovereignty situation, this paper analyzes the main problems related to China’s cyber sovereignty guarantee, including the implications of the cyber rights of independence, equality, self-defense, and jurisdiction. Corresponding countermeasures and suggestions are also provided. The purpose of this paper is to promote the establishment of cyber sovereignty, enhance China’s discourse right on international cyberspace governance rules, and enhance the ability to safeguard national cyberspace security interests.
  • Original article
    Research on the International Strategy for National Cyberspace Security
    Fang Binxing, Du Aning, Zhang Xi, Wang Zhongru
    2016, 18(6): 13-16. https://doi.org/10.15302/J-SSCAE-2016.06.003
    Download PDF
    Cyberspace security has been a crucial part in national security and is more and more important in the development of economy and society. Based on the current situation of international cyberspace security, this article analyzes the opportunities and challenges that China is confronted with, and study China’s international cyberspace security strategy suitable for its own value and national interest. We then propose the objectives, principles and tasks of the strategy.
  • Original article
    Monitoring, Analysis, and Management of Network Public Opinion: Status and Challenges
    Yang Shanlin, Zhou Bin, Jia Yan, Huang Jiuming
    2016, 18(6): 17-22. https://doi.org/10.15302/J-SSCAE-2016.06.004
    Download PDF
    From the perspectives of management and sociology, computer science, and information technology, this paper summarizes the research on domestic and international network public opinion monitoring, analysis, and management, followed by a brief introduction of major industrial applications in China. Based on this, the author discusses the future development of network public opinion in the face of challenges and opportunities in the era of big data.
  • Original article
    A Study on the Policies and Regulations of Cyber Electronic Identity Management
    Zou Xiang, Hu Chuanping, Fang Binxing, Chen Bing
    2016, 18(6): 23-27. https://doi.org/10.15302/J-SSCAE-2016.06.005
    Download PDF
    This paper analyzes and describes the policies, laws, and regulations of cyber electronic identity management in major countries, regions in foreign countries, and China. It discusses the development of China’s cyber identity management, and outlines the 13th Five-Year Plan’s policies and regulations for cyber electronic identity management in China, including the development of ideas and constructive suggestions, the strengthening of cyberspace identity management, and the construction of a cyberspace identity management system. In this way, we hope to provide a reference for policy changes in the development of China’s cyber identity management regulations during the 13th Five-Year Plan period.
  • Original article
    Improvement of the Cybersecurity Legal System in China
    Li Yuxiao, Wu Hequan, Xie Yongjiang, Jiang Shuli, Cui Congcong, Mi Tienan
    2016, 18(6): 28-33. https://doi.org/10.15302/J-SSCAE-2016.06.006
    Download PDF
    Though the legislation of cybersecurity has witnessed some growth since the 18th National Congress of the Communist Party of China, there remains a significant gap between the construction of cybersecurity laws and the development of cybersecurity and informatization as well as the requirements of the public. Furthermore, there are problems related to legislation, enforcement, administration, and law-abiding consciousness. Some people, at home and abroad, question China’s cybersecurity legislative efforts. Based on the analysis of current cybersecurity laws, the author suggests that the enactment of cybersecurity legislation must be expedited, especially with respect to cybersecurity law, e-commerce law, Internet information service administration law, personal information protection law, e-government law, information and communication network law, and cyber society administration law. Furthermore, the author suggests that these laws should be supported by matching regulations and enforcement mechanisms. Through these measures, China could establish a significantly improved legal system for cybersecurity.
  • Original article
    The Obligation of Decryption Assistance by the Internet Service Providers: Suggestions on the Amendment of Article 27 of the Cybersecurity Law (the Second Review of Draft)
    Cui Congcong, Li Yuxiao, Han Song
    2016, 18(6): 34-38. https://doi.org/10.15302/J-SSCAE-2016.06.007
    Download PDF
    The obligation of decryption assistance by the Internet service providers reflects the conflict between public powers (such as investigatory power) and private rights (such as the right of communication privacy and the right of privacy). Data under encryption by users should be gathered by the Internet service providers on the basis of the principle of controllability and traceability, the principle of proportionality, and the principle of necessity. Providers should fulfill the obligations of decryption assistance supervised by strict procedure. Thus, the overall utility of social governance control, the tranquility of private life, and the business interests of Internet service providers can be maximized. Severe violations of private rights and disorderly situations due to governmental failure can be avoided if these suggestions are carried out.
  • Original article
    Research on a Cybersecurity Review System with Suggestions
    Chen Xiaohua, He Dequan, Wang Hailong, Shang Yanmin, Xu Kefu
    2016, 18(6): 39-43. https://doi.org/10.15302/J-SSCAE-2016.06.008
    Download PDF
    Cybersecurity is a part of national security. The rules and regulations for security testing and evaluation are established in policies regarding national security review systems or cyberspace management. This paper focuses on current international systems related to cybersecurity reviews, and analyzes foreign governments’ practices in information technology (IT) product and service security evaluations, critical information infrastructure (CII) security evaluation and management, information and communication technology (ICT) supply chain security and background security investigation. Based on this information and analysis, the authors research how to establish a China’s cybersecurity review system in the areas of law and regulation, organization framework, operation mode, review approach, and supporting technology.
  • Original article
    Certification for Cyberspace Security Professionals in China
    Zhang Hongli, Yu Haining, Fang Binxing, Qin Yuhai, Yu Xiangzhan, Chu Chengyuan
    2016, 18(6): 44-48. https://doi.org/10.15302/J-SSCAE-2016.06.009
    Download PDF
    Professional certification and vocational training are important aspects of cyberspace security talent cultivation, as they allow talent to grow rapidly while continuously improving the technical level and practical ability of existing employees. First, this paper surveys the current conditions of professional certification and vocational training. The authors then analyze the main problems of cyberspace security professional certification and vocational training. Finally, the authors propose a system of professional certification and vocational training.
  • Original article
    Cyberspace Security Competition and Talent Management
    Yu Xiangzhan, Zhang Hongli, Yu Haining, Tian Zhihong, Zhai Jianhong, Pan Zhuting
    2016, 18(6): 49-52. https://doi.org/10.15302/J-SSCAE-2016.06.010
    Download PDF
    Competition between talented people, who are commonly referred to as talents, is fundamental to international cyberspace security, and the discovery and tracking of talents is one of its key links. First, the authors investigate the development status of domestic and international cyberspace security competitions. Next, the authors analyze the main problems of cyberspace security competition in discovering and tracking talents. Finally, they propose a long-term policy to discover and track talents based on cyberspace competitions.
  • Original article
    The Strategy of TC 3.0: A Revolutionary Evolution in Trusted Computing
    Shen Changxiang, Zhang Dawei, Liu Jiqiang, Ye Heng, Qiu Shuo
    2016, 18(6): 53-57. https://doi.org/10.15302/J-SSCAE-2016.06.011
    Download PDF
    This paper introduces the status, problems, and future strategies of traditional defense systems, and analyzes issues in current protection structures and a revolutionary evolution in trusted computing (TC), and proposes the strategy of TC 3.0, which is an active defense architecture based on active immunity. Furthermore, this paper provides an example of TC 3.0 in cloud computing environment and some advice to enforce active defense.
  • Original article
    TC Assurance Architecture for Cybersecurity Infrastructure Based on Active Defense
    Zhang Dawei, Shen Changxiang, Liu Jiqiang, Zhang Feifei, Li Lun, Cheng Lichen
    2016, 18(6): 58-61. https://doi.org/10.15302/J-SSCAE-2016.06.012
    Download PDF
    This paper introduces the status, problems, and future strategies of the cyberspace security infrastructure system, and proposes that cyberspace security infrastructure must be based on active defense. Therefore, this paper proposes several suggestions for a trusted technology insurance system, which include the following: In order to build a trusted technology insurance system, independent innovation in active defense must be the breaking point; key information security systems must be developed by local institutions; independent innovation must be increased; research, product development, and active defense applications must be promoted; the development of trusted computing standards must be promoted; and experimental demonstrations must be carried out.
  • Original article
    A Review of the Basic Theory of Mimic Defense
    Si Xueming, Wang Wei, Zeng Junjie, Yang Benchao, Li Guangsong, Yuan Chao, Zhang Fan
    2016, 18(6): 62-68. https://doi.org/10.15302/J-SSCAE-2016.06.013
    Download PDF
    With the development of the Internet, cyberspace security issues have become a major concern related to national security. This paper first introduces some classic network defense technology. Next, it introduces the technology of mimic defense, including mimic defense systems, related scientific problems, and the theoretical framework of mimicry defense. The effectiveness of a mimic defense system is also analyzed in comparison with a traditional network defense technology. Finally, some problems worthy of study are presented regarding the basic theory of mimic defense.
  • Original article
    Mimic Defense Technology
    Luo Xingguo, Tong Qing, Zhang Zheng, Wu Jiangxing
    2016, 18(6): 69-73. https://doi.org/10.15302/J-SSCAE-2016.06.014
    Download PDF
    Cyberspace security is in an unbalanced state, in which it is easy to attack and difficult to defend. Active defense technology is a new direction in cyberspace security research, which is attracting increasing attention. This paper summarizes the development of active defense via the introduction of intrusion-tolerant technology and moving target defense technology. Furthermore, the theory, implementation, and testing of mimic defense are introduced. Based on a comparison of mimic defense with intrusion tolerance and moving target defense, the research direction and the key points of cybersecurity rebalancing strategy are proposed to provide a reference for the development of national cybersecurity.
  • Original article
    Applying a Combination of Mimic Defense and Software Diversity in the Software Security Industry
    Pang Jianmin, Zhang Yujia, Zhang Zheng, Wu Jiangxing
    2016, 18(6): 74-78. https://doi.org/10.15302/J-SSCAE-2016.06.015
    Download PDF
    With the development of the Internet, the process of computer software globalization continues to advance. A lot of identical software is installed on tens of thousands of computers. This makes widespread exploitation of software vulnerabilities easy and attractive for an attacker because the same attack vector will probably successfully affect numerous targets. Traditional software security methods can only be used to repair the vulnerabilities. Although software-diversity technology can remove the threat momentarily, it cannot eliminate the risk caused by vulnerabilities. This paper proposes a scheme of combining software diversity and mimic defense in the software security industry to eliminate the threat.
  • Original article
    Emergency and Response for Cyberspace Security
    Yu Quan, Yang Lifeng, Gao Guijun, Kou Ziming, Zhai Lidong
    2016, 18(6): 79-82. https://doi.org/10.15302/J-SSCAE-2016.06.016
    Download PDF
    Based on the current situation and main problems with cyberspace security in China, this paper proposes that cyberspace security should shift its focus from an emergency-based approach to response-based approach. Some transformation strategies are proposed, including three aspects: cyberspace security monitoring capacity, cyberspace security guarantee capacity, and talent construction capacity.
  • Original article
    Current Cybersecurity Situation and Emergency Response of Cybersecurity
    Liu Xinran, Li Baisong, Chang Anqi, Lu Hui, Tian Zhihong
    2016, 18(6): 83-88. https://doi.org/10.15302/J-SSCAE-2016.06.017
    Download PDF
    Based on the current situation and the emergence of recent cybersecurity threats, this article presents cybersecurity features to tackle such threats. Updated attack methods, enhanced attack technology, and an expanded attack scope have changed emergency management. The core technology and security assurance in the existing emergency management mechanisms are relatively backward. Learning from conventional emergency response systems for improving the current emergency technical measures becomes a significant part of cybersecurity. In this paper, the authors propose a multilinkage elimination method that can mobilize system strength and protect the system and mechanism against cybersecurity threats
  • Original article
    A Review of the Major Viewpoints on Cyber Sovereignty Around the World
    Zhu Shibing, Zhang Xuebo, Wang Yu, Liu Yunjie
    2016, 18(6): 89-93. https://doi.org/10.15302/J-SSCAE-2016.06.018
    Download PDF
    Cyberspace, while bringing us great convenience, poses some new problems and challenges. Cyber sovereignty, in particular, constitutes the basic principle for solving the conflicts of national interest aroused in the process of cyberspace development. In this paper, a review and an analysis of three typical viewpoints on cyber sovereignty around the world are provided; namely, advocating for cyber sovereignty, opposing it, or being indifferent to it. An overview of the attitudes of important international organizations and major countries toward cyber sovereignty is also provided. The purpose of this paper is to provide an objective description of the current status of cyber sovereignty.
  • Original article
    Trends in and Management of Bad Cyberspace Information Around the World
    Jia Yan, Li Aiping, Li Yuxiao, Li Shudong, Tian Zhihong, Han Yi, Shi Jinqiao, Lin Bin
    2016, 18(6): 94-98. https://doi.org/10.15302/J-SSCAE-2016.06.019
    Download PDF
    In view of the need to manage all kinds of bad information (including information pertaining to terrorism, rumors, fraud, violence, pornography, and subversion) in cyberspace, this paper summarizes the management of bad cyberspace information around the world. This paper first introduces the definition and classifies bad information, proposes laws and regulations for bad information supervision, and expounds on what countries legislate. Second, starting with network data monitoring, information filtering, and the confrontation of public opinion, this paper introduces the techniques and means of Internet governance pertaining to bad information. Finally, this paper describes recent global internal Internet governance special actions.
  • Original article
    Development and Application of Cyber Electronic Identity Management in Global Regions
    Hu Chuanping, Chen Bing, Fang Binxing, Zou Xiang
    2016, 18(6): 99-103. https://doi.org/10.15302/J-SSCAE-2016.06.020
    Download PDF
    This study analyzes and elaborates the latest developments in and typical applications of cyber electronic identity management in major global regions, including China. In addition, it also presents a 13th Five-Year Plan for cyber electronic identity management in China, detailing the development of ideas and constructive suggestions that aim to strengthen China’s cyberspace identity management and support the construction of this system. Such a system can help regulate the behavior of Internet users, fight against cyber crime, build cyber power, safeguard national security and cyberspace sovereignty, and protect the privacy of Internet users. Furthermore, this study can serve as a reference for the development of China’s cyberspace identity management while the 13th Five-Year Plan is implemented.
  • Original article
    Research on International ICT Supply Chain Security Management with Suggestions
    Ni Guangnan, Chen Xiaohua, Shang Yanmin, Wang Hailong, Xu Kefu
    2016, 18(6): 104-109. https://doi.org/10.15302/J-SSCAE-2016.06.021
    Download PDF
    Considering the reliance of a nation’s critical infrastructure and key resources on information and communication technology (ICT), identifying and controlling the ICT supply chain risk has become important for protecting national security. As the forerunner of ICT supply chain management, the United States is rich in terms of its experience in enhancing the strategic position of the ICT supply chain, undertaking risk management, ensuring security of its software and hardware, and supervising its procurement. In addition, the European Union and Russia specifically strengthen the security management of the ICT supply chain. Based on the above research, this study provides certain suggestions on China’s security management of the ICT supply chain.
  • Original article
    Upgrade and Organized Innovation of China’s NC Generation Products: Using the NC Generation Innovation Project in Quanzhou City as A Case Study
    Wei Feng, Zhou Yuan, Xue Lan
    2016, 18(6): 110-116. https://doi.org/10.15302/J-SSCAE-2016.06.022
    Download PDF
    The Numerical Control (NC) Generation Innovation Project aims to apply NC technology to the mechanical products of all industries to update and upgrade the overall installed base of manufacturing equipment, thus promoting upgrading of the industrial base. This paper takes the update and upgrade of NC equipment in Quanzhou city as a case study. Focusing on practical experience with the NC Generation Innovation Project within the framework of innovation governance, it discusses a new generation of “organized innovation” generated by the collaboration of multiple innovation participants. Through analysis and on the basis of strong demand pull from the user market and effective technology push from R&D agencies, the NC Generation Innovation Project, by playing a “skillful deflection” role, has enabled the government to kick-start extensive market resource investment with a small amount of policy resources, to mobilize the enthusiasm of multiple innovation participants such as enterprises, R&D institutions, intermediaries, and financial institutions and to organize many manufacturing enterprises in different industries. Using the principles of the market economy, these enterprises overcame all kinds of obstacles, actively accepting key generic technology. The result is a successful example of promoting generic technology diffusion in manufacturing industries. At the same time, this project has found existing insufficiencies in the course of summarizing the existing successful experience and has provided a decision-making basis for advancing of a broad-based manufacturing industry upgrade.