Security Compliance protects the Digital Transformation of Enterprises-- looking at the Future Development trend of Security from the implementation of the measures for Network Security Review

Recently, thirteen departments, including the State Internet Information Office, jointly revised and promulgated the measures for Network Security Review (hereinafter referred to as the measures), which will come into force on February 15, 2022. Since its implementation on June 1, 2020, the original measures have played an extremely important role in ensuring the supply chain security of critical information infrastructure and maintaining national security.

The "measures" propose to include the impact of data processing activities carried out by network platform operators or the possible impact on national security into the network security review; at the same time, it is clear that network platform operators who have the personal information of more than 1 million users who go public abroad must apply for network security review to the Network Security Review Office.

With the promulgation and implementation of a series of relevant laws and regulations, such as the data Security Law and regulations on the Security Protection of critical Information Infrastructure, China has become more and more standardized and in line with international standards in the construction of network and information security. The implementation of the "measures" has played a positive role in implementing the requirements of laws and regulations such as the data Security Law, implementing security protection in every link and detail, and truly escorting the high-quality development of the economy.

New hands to ensure safety and compliance

Talking about the important significance of the implementation of the "measures" in promoting the digital transformation of enterprises and the implementation of corporate security, Lin Tao, senior architect of Green League Technology Group, said: "in the context of the development of digital economy, digital transformation is a definite direction for enterprises. In the process of transformation, enterprises should focus on procurement, data processing and other gates, and effectively do a good job in the protection of key information infrastructure. The measures further clarify the relevant mechanisms for protecting the security of critical information infrastructure, including work system, work flow and protection priorities, and point out the direction and path for security protection. "

In the process of implementing the "measures," enterprises should first strengthen their study and in-depth understanding of the "measures," especially key information infrastructure operators and network platform operators, and tighten the string of security protection in their minds. predict and assess risks more carefully, know where to find problems, and which links should be paid special attention to. Enterprises should take the initiative to cooperate with superior competent departments, actively fulfill their obligations, take the "measures" as the basis, check and fill gaps, and make the network security of enterprises impregnable.

Although the "method" itself is oriented to network security, if we really want to achieve the goal of ensuring enterprise network security in an all-round way, it is not a security department of the enterprise that can be competent, but a major event of the whole enterprise, which must be paid attention to strategically. It's a "number one" project. Lin Tao explained that the behavior reviewed by the measures is not only related to the security department of the enterprise, but also involves procurement, business, equipment operation and maintenance and other departments, which is linearly related. From the point of view of the key risks that the "measures" review focuses on, it is not completely controlled by the security department or any department, but from the enterprise's planning, business operation, asset management, and operational security, all links are included and interlinked; from the perspective of accountability, the person in charge of the enterprise must bear most of the responsibility.

In fact, the "measures" is a combination of substantive law and procedural law, which not only stipulates the seven categories of risks and main review objects that should be paid attention to, but also clearly defines the review procedures, cycles and other related issues. In short, the "measures" provide a strong starting point for improving the national network security review mechanism and effectively ensuring national security.

The top priority of "Guanji" security

The implementation of the measures has once again aroused the attention of all walks of life to the supply chain security of key information infrastructure.

As we all know, critical information infrastructure is not only the lifeblood of economic and social operation, but also the top priority of network security. Ensuring the security of the supply chain of critical information infrastructure is of great significance for protecting national security and the healthy development of economy and society.

At present, the security situation of key information infrastructure is very grim, with frequent incidents such as persistent threats, network blackmail, data theft and disclosure, which seriously endanger the stable operation of economy and society and the normal development of enterprise business. Therefore, the "measures" are also aimed at further strengthening the main responsibility of key information infrastructure operators, purchasing network products and services for key information infrastructure operators, and conducting necessary network security reviews of data processing activities carried out by network platform operators that affect or may affect national security.

From the perspective of supply chain security, on the supply side, that is, manufacturers that provide network products and services, they must constantly improve and upgrade in all aspects of product design, development, manufacturing, delivery, operation and maintenance, so as to plug security loopholes from the source of the product. On the demand side, that is, the purchasers, users, and managers of network products and services, they should further standardize all processes and links of procurement, use and management, for example, in the bidding stage of procurement, they should strictly follow the norms and relevant requirements, and be responsible for taking good care of every pass.

There is no doubt that software is an important part of network products and services, from the future development trend, its importance and proportion is getting higher and higher. Since last year, the security threat to the software supply chain has become more and more serious, from the SolarWinds was attacked by a national APT gang and implanted into the back door of the Trojan horse, affecting more than 18000 enterprise customers, including critical infrastructure in the United States, the military, the government, etc., to the global software supply chain risk exposed by Log4j2 vulnerabilities, every pile reminds us that in the face of basic component security vulnerabilities that may have a higher probability than COVID-19 virus. We must make preparations in advance to strengthen discovery, protection and disposal.

Lin Tao said that from a global point of view, supply chain security incidents are increasingly high and have a wide impact, and the supply chain management mechanism has become an important part of network security. The United States and other developed countries have devoted a lot of resources and energy to supply chain risk management, setting up special management agencies, formulating relevant laws and regulations, and so on. Our country also pays more and more attention to the related issues, and speeds up the relevant legislative work, and the effect appears gradually.

Green Alliance Science and Technology has long been concerned about the supply chain security of key information infrastructure, and regards the protection of the security of critical