How can telecom operators build a new generation of network and information security system?

[[177570]]

The rapid development of mobile Internet and the implementation of cloud computing, big data, and the Internet of Things have brought unprecedented challenges to network and information security. At present, my country is paying more and more attention to network and information security, and ensuring network and information security has become the cornerstone of a series of strategies such as "Network Power" and "Internet +". Against this background, government departments are actively promoting the implementation of relevant policies, and all parties in the industry chain, represented by telecom operators, are also using technology as a starting point to help improve my country's network and information security level.

With the advent of the "Internet +" era, network and information security threats and risks are becoming increasingly prominent. my country has elevated network and information security to the height of national security strategy. General Secretary Xi Jinping further emphasized at the symposium on network security and informatization held on April 19, 2016 that "network security and informatization are complementary to each other", "security and development must be promoted simultaneously", and "accelerate the construction of a security guarantee system for critical information infrastructure".

The connotation and extension of network and information security of telecom operators have changed greatly, and they are facing unprecedented challenges and threats. At the same time, due to the wide range of involvement, rapid changes, endless emergence of new technologies and new businesses, and weak foundations, network and information security work is still in a passive emergency response stage. Jiangsu Post and Telecommunications Planning and Design Institute believes that telecom operators can start from the four levels of mission, object, capability, and foundation to solve the four major issues of why, who to protect, how to do it, and how to ensure it, and build a network and information security system framework that truly meets the characteristics of telecom operators.

Shouldering three major missions

Implementing the strategies of the Party and the country

Faced with the complex and severe cyber security situation, dozens of countries have issued cyber security strategies, and my country also attaches great importance to it. On November 12, 2013, the "Central National Security Commission of the Communist Party of China" was established, clarifying that information security is an important part of the national security system. On February 27, 2014, the Central Leading Group for Cyber ​​Security and Informatization was established. The leading group focuses on national security and long-term development, coordinates major issues of cyber security and informatization in various fields, and studies and formulates cyber security and informatization development strategies, macro plans and major policies. The Fifth Plenary Session of the 18th CPC Central Committee and the Outline of the 13th Five-Year Plan have made arrangements for the implementation of the strategy of building a strong cyber power. Telecom operators, as builders, providers and operators of large-scale state-owned basic telecommunications facilities, build and operate information and communication network facilities, which are the nerve centers of economic and social operations. The network carries important information of the country, enterprises and users, and is also a target that may be attacked. Telecom operators must earnestly implement the national policy requirements on network and information security and do a good job in network and information security protection.

Protect and promote business development

Telecom operators are the main force of informatization. The networks they operate are an important foundation for the informatization of enterprises and even the country and society, as well as the normal development of the Internet. With the deepening of the Internetization and strategic transformation of operators, emerging businesses are developing rapidly, the scale of various types of users is growing, the network platform is more open, and the amount of data is exploding. The network and information security risks and challenges they face are becoming more prominent. Network and information security incidents such as user information leakage, information data interception, and pornographic and violent content are emerging in an endless stream, resulting in business offline, website closure and other consequences that seriously affect the business development of enterprises. Network and information security are urgently needed to protect enterprises.

At the same time, telecom operators can also take advantage of the current society's unprecedented attention to network and information security, turn pressure into motivation, turn crisis into opportunity, transform the company's network and information security capabilities into external security services and products, form new market competitive advantages, and promote corporate development.

Fulfilling corporate social responsibility

Just as many new technologies are "double-edged swords", the Internet is no exception. The rapidly developing Internet is increasingly becoming a new space for people to study, work and live. While bringing us convenience, negative phenomena such as online fraud, false advertising, pornography and violence have also followed. As a large state-owned enterprise, telecom operators should take the lead in fulfilling their social responsibilities, adhere to the balance of economic and social benefits, and shoulder social and moral responsibilities in the process of business operations, ensure network and information security, and create a clear and healthy cyberspace.

Networks and information are corporate assets with extremely important value, and their security must be guaranteed. Therefore, from the perspective of objects, the security system built by telecom operators mainly includes two aspects: one is network security, and the other is information security.

Network security refers to the fact that the network's hardware, software and systems are not damaged by network attacks, illegal intrusions, etc., and the network operates continuously and reliably without interruption of services. Network security mainly includes host security, operating system security, database security, configuration security, physical environment security, etc. Information security refers to the security of the services, data, content, user information and their interactions carried by the network, which are not illegally tampered with or leaked during the entire operation process, and have integrity, confidentiality, availability and legal compliance.

How can telecom operators build a new generation of network and information security system?

Network security focuses on the security of the network environment, monitors and controls abnormal and abusive behaviors, is the foundation of information security, and is an important means of protecting information security. Information security focuses on the security of information generation, storage, transmission, and processing, and is the value embodiment and work goal of network security. The two interact and complement each other.

Improve four major capabilities

Reliable protection capability

Protection capability refers to the means and measures taken to enable the enterprise's network and information systems to have the ability to prevent and resist various known threats to network and information security. In view of the openness of the Internet and the short board effect of security, social entities in an open cyberspace environment need to carry out necessary protection for their own networks and information, take various management and technical measures in advance, reliably prevent potential threats, and ensure the confidentiality, integrity, availability, non-repudiation and reliability of networks and information.

Accurate perception

Perception capability refers to the ability to take measures to enable network and information systems to monitor, analyze and predict various known or unknown, potential and actual threats to network and information security. Conduct security monitoring of networks and information, issue warnings and explanations for existing events, and discover them in a timely manner. At the same time, collect and sort out asset data, configuration data, vulnerability data, internal and external threat data, and event data, and then summarize the characteristics on this basis, analyze the meaning behind these security events, and find meaningful indicators and parameters. Finally, predict future trends and changes based on the changes in these indicators, and what impact these changes will have on the enterprise, and also put forward response suggestions.

Fast processing capability

Disposal capability refers to the ability to take measures and methods to enable the network and information system to respond to various emergencies in a timely manner, handle the attacks suffered by the network and information system, and restore the basic services of the network and information system. Disposal capability includes the establishment of an emergency response system. Enterprises must follow the principle of combining "peace and war" and actively prepare emergency plans and drills, reporting systems, and safeguards for network and information security incidents so that they can respond in a timely manner when incidents occur, effectively handle attack incidents, prevent further deterioration of the situation, and ensure recovery of faults caused by attacks, thereby minimizing losses.

Accurate traceability

Tracing capability refers to the ability to take measures to determine the identity or location information of network attackers and their intermediate media. Identity information includes the attacker's name, account number or similar information related to it; location information includes its geographical location or virtual address, such as IP address, MAC address, etc. The tracing process can also provide other auxiliary information, such as attack path and attack sequence. Managers can use tracing technology to locate the real source of attack, so as to adopt a variety of security strategies and means to suppress it from the source and prevent network attacks from causing greater damage. They can also record the attack process and provide necessary information support for judicial evidence collection.

Through tracing, we can determine the source of the attack and formulate and implement targeted defense strategies; take measures such as interception and isolation to reduce damage and ensure the smooth and healthy operation of the network; record the attack process, provide a basis and means when security problems arise, and be auditable; at the same time, accurate tracing capabilities will have a great deterrent effect on network attackers or potential attackers.

Improve the four major systems

Complete regulatory system

The network and information security work of telecom operators is still in its infancy, and the rules and regulations are not yet perfect, lacking structured, hierarchical, and scalable standards that can be implemented. Combining domestic and international standards and the characteristics of telecom operators, a top-down four-layer security management specification system model can be constructed from the two dimensions of management and technology.

• The first level is the general outline, which covers the scope, principles, objectives and strategies of network and information security work and has overall guiding significance.
• The second level is the decomposition of the general outline, focusing on management systems and technical specifications, which has a practical guiding role in safety work.
• The third layer is the specific rules, processes and specifications that are uniformly formulated according to different types of networks and application environments.
• The fourth layer is the operational level, which combines the actual situation of each department of the enterprise and the specific network and application systems to formulate detailed operating procedures and configuration methods.

Smooth implementation system

Since the network and information security work of an enterprise includes many disciplines such as computer science, network technology, communication technology, cryptography technology, information security technology, etc., and involves the construction, maintenance and management support of the back-end network of telecommunications operators, as well as various aspects such as front-end marketing, the security protection of a certain type of information and the handling of security incidents often require multi-professional cooperation and coordination of multiple departments. Therefore, network and information security requires a smooth implementation system that includes work mechanisms and work processes, clearly defines the division of labor and responsibilities of the leading, centralized, and operating departments, and embeds network and information security management into each link of the enterprise's production process to ensure that the enterprise's network and information security work is coordinated and promoted vertically and horizontally and implemented smoothly.

Effective supervision system

Telecom operators' current network and information security work has problems such as weak security awareness, compromised work execution, and inadequate rectification and implementation. In order to ensure that network and information security work is not distorted or compromised, an effective supervision system is needed. Supervision measures mainly include inspection and supervision, assessment and rewards and punishments, management and technical audits, and risk assessments.

Strong protection system

The effective implementation of management and technology ultimately depends on various related resource guarantees and requires a strong guarantee system to support it. The guarantee measures mainly include organizational structure, staffing, education and training, security awareness promotion, management information support means, asset management, information reporting, special communications, and network and information security during important periods.