With the in-depth advancement of digitization, networking and intelligence, the impact of network security on the overall national security, economic and social operation, and people's production and life has become more and more prominent. How will network security develop in the future?

During the recent 2022 West Lake Discussion on Sword and Cyber ​​Security Conference with the theme of "Building a Safe and Trustworthy Digital World", a security event hosted by the China Cyberspace Research Institute and undertaken by "China Netcom" magazine, Guangming.com, and Anheng Information At the Trend Forum, people in the industry joined hands to look forward to "The Future of Cyber ​​Security".

New ideas for dealing with cyber risks

  "Network security is an eternal proposition. Security and trustworthiness are dynamic and parallel. Implementing trusted authentication to achieve expected computing goals is equivalent to the human body ensuring health by enhancing immunity. Therefore, it is necessary to speed up security and trustworthy products. Promote the application to build a security system." said Shen Changxiang, academician of the Chinese Academy of Engineering.

  "In the digital age, 'digital security + digital trust' has become an important proposition. As we step into the digital world in an all-round way, future trust issues will face even greater challenges. How to generate new value by building trust is an issue we need to think deeply about. ” Fan Yuan, chairman of Anheng Information, believes that more attention should be paid to the importance of data security, and digital assets will become the “blood” running through digital government, digital society, digital economy, and digital culture in the future.

  Li Fenghua, director and researcher of the Seventh Engineering Department of the Institute of Information Engineering, Chinese Academy of Sciences, believes that at present, frequent cross-border, cross-system, and cross-ecosystem interaction of user data has become the norm. The existing privacy protection solutions cannot provide systematic protection, and it is urgent to establish and improve The theoretical system of privacy protection.

  In response to the development and application of "autonomous, safe and controllable industrial software", Lan Yuqing, a professor at the School of Software, Beihang University, believes that industrial software is the "brain" and "nerve" of industrial manufacturing. Factors such as the imperfect talent evaluation mechanism and the lack of manufacturing talents have resulted in most of them being monopolized by foreign countries.

"It is recommended to gradually promote the construction of disciplines, personnel training, and the establishment of an industry-university-research mechanism, and make efforts from multiple aspects to solve the shortcomings of core industrial software."

New technology protects network security

  At present, new technologies and applications such as artificial intelligence, blockchain, 5G/6G, satellite Internet, and intelligent networked vehicles are blooming, bringing new security risks and promoting the continuous updating of protection technologies.

  From the perspective of security trends, privacy computing has attracted much attention in recent years as an important underlying technology.

Fan Yuan introduced that privacy computing technology performs model calculation on multi-party data in the way of "original data is not out of domain" and "data availability is invisible", so that the value of data can be effectively circulated, and the circulation of data elements can be effectively guaranteed to be safe, credible, controllable, and reliable. Manageable and traceable.

  Li Fenghua said that in the ubiquitous interconnected environment, digital resources have been widely explored.

But at the same time, the ubiquitous collection of terminal apps and AI big data processing are all challenges faced by private data.

"We must focus on solving the dynamic measurement and quantitative indicators of privacy perception, establish an evaluation indicator system and evaluation automation, and focus on auditing and determining infringements and tracing their origins; we must also correctly distinguish the technical connotations of privacy computing, data security and privacy protection. Do blind packaging."

  How to ensure public system security in the 5G convergence scenario?

"The hacking technology in the 5G era is constantly iterating, and advanced 'cyber weapons' continue to attack key information infrastructure and military facilities." Zhang Ni, director and researcher of the Sixth Research Institute of China Electronics Information Industry Group Co., Ltd. believes that we must attack 5G The development of integrated risk control is sorted out, and the key technology of integrated safety and collaborative protection of industrial control system is broken through by building an in-depth defense and security disposal system for industrial control systems in 5G integration scenarios.

  Regarding the current botnets that appear frequently, Xu Jian, a senior engineer at the National Computer Network Emergency Technology Processing and Coordination Center, mentioned that the botnet profit methods include DDoS attacks (distributed denial of service attacks), mining, and spam.

For security agencies, anomaly monitoring technology models should be established in multiple stages such as vulnerability exploitation, installation and implantation, and attack implementation, based on the characteristics of botnet propagation, to discover known and unknown botnet propagation chains.

Looking forward to the new trend of network development from a new perspective

  Based on the current new trends in network security, what new trends will emerge in the future?

The reporter noticed that the round-table dialogue session of this forum was also very interesting. With the theme of "Exploring 2050, Security Dialogue in the Future Digital World", we imagined the future development based on the present.

  Currently, there are different opinions about the Metaverse.

What security issues will the metaverse breed in the future?

"The native security risks associated with new communication technologies such as 6G, the new generation of Internet (Web 3.0), AR/VR/MR, game engines and other technologies will all be copied into the Metaverse." Computer and Cyberspace Security at Communication University of China Lin Weiguo, dean of the college, said.

Zhai Lidong, a researcher at the Institute of Information Engineering, Chinese Academy of Sciences, also believes that the essence of network security is confrontation, which may be manifested as the confrontation between humans and AI in the metaverse; blockchain security in digital security will also be an urgent concern. question.

  In addition, Li Xiaoyong, dean of the School of Cyberspace Security at Beijing University of Posts and Telecommunications, mentioned that in addition to basic security such as information protection in the Metaverse, it should also be noted that the scale of equipment and data in the Metaverse will be larger and integrated. The trend is more obvious, and how to do a good job in security protection will become a new proposition.

At the same time, it is also necessary to examine the metaverse virtual environment that is different from the real society from the perspective of governance and legislation.

  What new technologies are expected to impact the cybersecurity industry in the future?

Lin Weiguo said that both the security industry and the underlying authentication scenarios rely on cryptography, and quantum computing technology will be a new topic in the field of cryptography.

Therefore, it is necessary to master quantum computing technology with independent property rights, strengthen the research on cryptographic algorithms that resist quantum attacks, and resist "quantum hegemony".

  "We need to abandon the idea of ​​defense following attacks, let defenders have the capabilities of attackers, and examine the existing security architecture from the perspective of attackers. This will be an effective way to narrow the gap between attacks and defenses. The separation of offense and defense requires the integration of offense and defense capabilities," said Jin Fei, founder and CEO of Beijing Yunke Anxin Technology Co., Ltd.

  On the basis of focusing on technology, Li Xiaoyong also emphasized the role of people.

"It is also necessary to fully consider the human factor in network security, and strengthen human defense while technical defense." Li Xiaoyong said that "inner ghosts" may bypass the firewall, and are very familiar with the internal environment, data, and resources, which will cause greater damage. destroy.

"In the future, we must pay attention to the management and control of network security insider threats." Li Xiaoyong said.

(Guangming.com reporter Li Zhengwei, Yao Kunsen, Kong Fanxin)