织密数据安全网,护航数字经济发展

  数据安全面临三大挑战:一是数据安全面临着越来越复杂的网络环境。万物互联之下,节点越来越多。二是互联网反追溯的难度正在加大。三是各国数据安全立法的进度参差不齐,给跨国犯罪提供了土壤。

  ◎本报记者 何星辉

  日前,国务院印发《“十四五”数字经济发展规划》,以“健全完善数字经济治理、着力强化数字经济安全体系”为保障手段,构建形成推动数字经济健康发展的“四梁八柱”。

  近年来,随着数字经济的崛起,数据安全风险和威胁也随之蔓延、扩散甚至叠加。

  数据安全牵一发而动全身,只有筑牢数据安全基石,才能护航数字经济高质量发展。

  我们拿什么来保护数据安全?

  基层数据安全体系建设有待提升

  “十三五”时期,我国深入实施数字经济发展战略,不断完善数字基础设施,加快培育新业态新模式,在数字产业化和产业数字化方面均取得积极成效。数据显示,2020年,我国数字经济核心产业增加值占GDP比重达到7.8%,数字经济为经济社会持续健康发展提供了强大动力。

  随着新一轮科技革命和产业变革的到来,发展数字经济已经成为大势所趋。

  国务院印发的《“十四五”数字经济发展规划》,对“十四五”时期我国数字经济发展作出了整体性部署。其中提出,到2025年,数字经济迈向全面扩展期,数字经济核心产业增加值占GDP比重达到10%。同时明确着力强化数字经济安全体系,有效防范各类风险。

  "The regulatory level is paying more and more attention to the top-level strategic design and overall strategic policy. This plan proposes to focus on strengthening the digital economy security system, emphasizing the need to enhance network security protection capabilities, improve the level of data security assurance, and effectively prevent various risks. Starting from the level of rule of law and refinement, it will provide a stronger legal guarantee and policy basis for my country's digital transformation and the healthy development of the digital economy." Zhu Keli, the founding president of the National Research Institute of New Economics and the chief researcher of the New Economy Think Tank, believes that from the current domestic On the whole, with the advancement of digital industrialization and industrial digitization, digital development from business and market to government affairs and society is accelerating in an all-round way, and data has increasingly become a key production factor for the digital economy.

In this context, strengthening data governance, ensuring data security, and building a security barrier for the sustainable and healthy development of the digital economy are the objective needs to ensure data security.

  Pan Helin, member of the Information and Communication Economics Expert Committee of the Ministry of Industry and Information Technology and Executive Dean of the Digital Economy Research Institute of Zhongnan University of Economics and Law, believes that the domestic data security legislative system has been gradually improved, but there is still much room for improvement in the construction of the grass-roots data security system. Lack of network security protection capabilities, on the other hand, lack of data security assurance capabilities.

"So we must start from the perspective of data security and put forward requirements for the construction of future data security protection capabilities and guarantee capabilities." Pan Helin said.

  Data security faces three challenges

  According to media reports, a few days ago, the computer management system of the stored value card at the cashier of a supermarket in Wenzhou City, Zhejiang Province was attacked by the "Bitcoin ransomware virus", and it has been out of use for more than half a month.

Police have been involved in the investigation.

  In recent years, encrypted assets led by Bitcoin have developed rapidly around the world. It is worth vigilant that more and more criminals use encrypted assets to carry out new types of cyber crimes, and the types of crimes are increasingly diversified.

The use of encrypted assets in new types of cybercrimes has led to many difficulties for investigators in solving cases. On the one hand, encrypted assets are anonymous, the identity of the transaction address owner is difficult to determine, and assets can be easily transacted and realized across borders, which greatly increases the On the other hand, case investigators lack investigation tools for encrypted assets, which makes investigation, evidence collection, and traceability difficult, and the case handling cycle often lasts for a long time.

  This poses new challenges to data security.

  Zhu Keli said that in recent years, my country's data security governance has shown a trend of standardization, rule of law, and refinement. Laws and regulations including the Data Security Law, the Critical Information Infrastructure Security Protection Regulation, and the Personal Information Protection Law have been implemented one after another. By establishing a data security management system in accordance with regulations, and clarifying the subjects of data responsibility, the security foundation has been continuously consolidated.

  However, the data security situation is still grim.

According to Pan and Lin, data security faces three major challenges.

First, data security is facing an increasingly complex network environment.

With the interconnection of all things, there are more and more nodes, and data security is not only a problem of the Internet. In the future, due to the access of the industrial Internet and the consumer Internet, it will be more deeply related to all aspects of people's lives.

Second, the difficulty of anti-tracing on the Internet is increasing.

Technologies such as encryption make it more difficult to trace Internet crimes.

Third, the progress of data security legislation in various countries is uneven, which provides soil for transnational crimes.

  Pan Helin believes that it is necessary to establish a sound system and mechanism by improving data security protection to keep risks out of the network.

  Strengthening data security requires multiple strategies

  The "White Paper on China's Cyber ​​Security Industry" released by the China Academy of Information and Communications Technology shows that the size of my country's cyber security industry will reach 172.93 billion yuan in 2020, an increase of 10.6% over 2019, and the market will recover rapidly in 2021. About 15.8%.

  The higher the level of digitization, the greater the security risk.

The newly prosperous metaverse has pushed the risks of virtual and reality to the extreme.

  On January 26, Zhou Hongyi, the founder of 360 Group, issued an internal letter to all staff, announcing that 360 will start the first year of digital security in 2022 and fully transform into a digital security company.

Zhou Hongyi said that the Internet has entered the second half, and the digital economy has become a national strategy. Governments at all levels and traditional enterprises will become the protagonists of digitalization. All industries are worth reproducing with digital technology, and all enterprises will also be digital enterprises.

  Zhou Hongyi believes that the security industry should be redefined, and network security must be upgraded to digital security, in order to assist the industrial digitalization strategy, to match the development of the national digital economy, and to escort the digital civilization of mankind.

  In this regard, Zhu Keli said that the challenges facing data security, from a technical point of view, mainly come from the increased data leakage risk of large-scale centralized storage of data, the possible data abuse risk caused by the open sharing of massive data, the security operation risk of data assets and artificial intelligence. security threats, etc.

From a regulatory point of view, we are faced with how to balance and handle the relationship between security and development.

On the one hand, data security supervision is the only way for the healthy and high-quality development of the digital economy. On the other hand, it will increase the cost of corporate compliance in the short term, and even lead to the risk of local reshuffles in the industry.

Since the connection and nesting of relevant laws are not clearly differentiated, risks such as "duplicate management" and "long-arm jurisdiction" that may arise in reality are also inevitable.

  "To systematically meet and resolve these challenges, it is necessary to make overall use of market mechanisms, regulatory wisdom and social forces, seek the greatest common divisor of security and development in multi-party coordination, and form a data security governance model of multiple co-construction and co-governance, so that Cybersecurity truly escorts the digital economy," Zhu Keli said.

  Zhu Keli believes that to strengthen data security, multiple strategies and multi-pronged approaches are needed.

First of all, it is necessary to strengthen the security barriers technically, continuously strengthen the firewall, and continue to strengthen the research and development, promotion and application of basic protection technology, the construction and implementation of basic protection technology systems, and the security protection of key information infrastructure.

Secondly, it is necessary to carry out risk assessment and safety certification activities for the safe flow of data, urge industry enterprises to do a good job of self-discipline, and build a "science and technology for good" rules and ethics system that matches the construction of a scientific and technological country.

In addition, it is necessary to use safe and reliable products and services as much as possible, improve the security and reliability of key infrastructure equipment, and improve the emergency handling and risk identification capabilities of major network security incidents.

  "In this process, not only technology upgrades are required, but also legal escort is required. At the supervision level, we must focus on data classification and classification, clarify data collection, transmission, storage, use, opening and other links, and ensure the scope, boundaries, responsible subjects and specifics of network security. requirements, and effectively strengthen the protection of information involving national interests, public security, commercial secrets, personal privacy, and military scientific research and production." Zhu Keli believes that "ecological co-governance" is very important.

Nowadays, data security is no longer a matter of a single enterprise or a certain field. Only by cooperating among various institutions and fields can weave a "protective net" for data security.

However, on the one hand, data security standards are still lacking systematic, and on the other hand, policies and regulations in specific fields need to be formulated urgently.