In recent years, remarkable achievements have been made in the construction and implementation of cybersecurity in China. However, there are still many problems that need to be systematically studied and resolved. The author believes that the following eight aspects are the major problems faced by the current cybersecurity legality field and should be addressed. The relevant state departments attach great importance and urgently need to be resolved.
Law Enforcement Subjects of "Network Security Law" Need to Be Straightened Out
According to the provisions of the "Network Security Law," the State Administration of Internet Communications is responsible for coordinating and coordinating network security work and related supervision and management. The State Council department in charge of telecommunications, the public security department and other relevant agencies are responsible for the protection and supervision of network security within their respective responsibilities. Specifically, the administrative law enforcement departments of the cyber security law mainly include the State Cyber Information Office, the Ministry of Industry and Information Technology (hereinafter referred to as the “Ministry of Industry and Information Technology”), the Ministry of Public Security, the State Secrecy Bureau, the National Cryptography Administration, and various industry authorities. The most important law enforcement agencies are the State Cyber Information Office, the Ministry of Industry and Information Technology and the Ministry of Public Security.
It can be seen that the above-mentioned administrative law enforcement bodies have the phenomenon of unclear powers and responsibilities and cross-enforcement. As stated in the report of the Law Enforcement Inspection Group of the Standing Committee of the National People's Congress on the inspection of the implementation of the 'one law and one decision' in December 2017, ' Cybersecurity oversight 'Kowloon Water Control' phenomenon still exists.
Network security monitoring, early warning and emergency response capabilities of enterprises need to be improved
Currently, cyberattacks have become one of the main causes of corporate losses. The network attacks against corporate users have been diversified. In 2017, as many as 86% of the world’s companies had experienced at least one more network attack, and corporate network resources were stolen. For the first time, risk exceeded tangible assets. In addition to WannaCry's ransomware in 2017, corporate users also faced three major security threats: phishing email APT attacks, DNS hijacking, and software supply chain attacks. However, many companies’ cybersecurity emergency plans are currently focused on The elimination of obstacles in equipment and facilities needs to be strengthened in terms of how to enhance and strengthen the systems and capabilities of enterprises in responding to network attacks and information leakage and other cyberspace emergencies.
Infringement of citizens’ personal information is still severe
According to the “Management Survey Report of the Law Enforcement Inspection Team of the Standing Committee of the National People’s Congress”, the implementation of multiple systems for the protection of user’s personal information is not ideal: 52.1% of respondents believe that the law concerns “network service providers and other enterprises and institutions”. In the collection of business activities, the use of citizens’ personal electronic information must be expressly collected, and the purpose, mode and scope of use of the information are not well or generally implemented; 49.6% of the respondents have encountered excessive collection of user information. Among them, 18.3% of respondents often encountered excessive user information collection; 61.2% of them encountered relevant companies that used their own advantages to force collection and use user information. If they did not accept it, they could not use the product or receive services. 'Overlord Clause': 52.5% of people think that the effectiveness of law enforcement departments in protecting user information is normal or not good. Many people report that after discovering that their information has been leaked or misused, it is difficult to report and complaints are difficult. The difficulty of filing is relatively common. .
In 2017, the crime of infringing on citizens’ personal information was still in a high-risk situation. The criminal interests involved in the chain were long and the collusion between the gangs and the insiders led to gradual escalation and secrecy of the criminal tactics. The victimized groups had already covered all walks of life, and at all ages, it caused tremendous Property losses and mental panic have become public nuisances that seriously infringe on the rights of citizens. In particular, some network operators and other commercial organizations ignore the stipulations of the “Internet Security Law” on the protection of personal information and continue to illegally collect personal information. , use, processing, transmission, these behaviors have reached the stage of openness, normalization and systemization. Although many network operators need to obtain personal information of citizens for the purpose of performing their duties or providing services, these network operators Mastered a large amount of citizens' personal information, there are serious abuses and inadequate protection measures. Once leaked, it will cause adverse social impact and serious harmful consequences.
Industrial control system information security needs strengthening
In recent years, as China's manufacturing has advanced in an all-round way, industrial digitalization, networking, and intelligence have accelerated its development. China's industrial control security is facing increasing security loopholes, the accelerating penetration of security threats, and sophisticated new and challenging attack methods. However, China's industrial control system information The lack of specific legislation for security protection urgently requires strengthening and upgrading industrial enterprises' security capabilities in industrial control, promoting the development of the industrial information security industry, and accelerating the construction of an Internet governance system for the industrial security control system in China.
The relationship between internet financial risk and innovation remains to be clarified
At present, large-scale special rectification of Internet finance in all parts of the country has cast a shadow on the Internet finance sector. I believe that based on the improvement of the Internet finance sector, we should clarify the risks and innovations in Internet finance. The relationship between the various types of Internet finance special operations is not aimed at stifling Internet finance, but is aimed at reversing the situation in which certain forms of Internet finance deviate from the correct direction of innovation. It is necessary to curb the occurrence of Internet financial risk cases and raise the momentum of investors. Risk prevention awareness, establish and improve the long-term supervision mechanism that adapts to the characteristics of the development of Internet finance, achieve both norms and development, and both innovation and risk prevention, and ultimately achieve the purpose of promoting the healthy and sustainable development of Internet finance.
"Network Security Law" supporting provisions to be improved
Many provisions of the “Network Security Law” are only principles and regulations. The actual formation of China’s cyber security legal system depends on the gradual improvement of supporting laws, regulations, and related systems. For example, cyber security behavior standards, data concentration and sharing mechanisms, and data off Rules and standards, data sharing rules between enterprises, security of industrial digital control systems, openness of public data resources, technical specifications for electronic identity authentication, and coordination mechanisms for network security incident contingency plans, to publish network security information procedures to the community, among network operators Network security cooperation mechanisms, network control regulations, etc., still need to be clarified by relevant laws and regulations and related systems.
Juvenile network protection regulations need to be improved
In order to safeguard the cyberspace security of minors, protect the legal network rights of minors and promote the healthy growth of minors, on January 6, 2017, the State Council’s Office of Legal Affairs announced the Regulations on the Protection of Minors’ Network (Draft for Ratification)” ( The abbreviation: 'Draft for review', and publicly solicit opinions. The evaluation of the 'draft for review' in the 'prevention and intervention' of network products provided by network operators to society and minors poses a risk and negative impact, In particular, it is necessary to prevent and intervene in violations of unhealthy online games for minors.
Legislation in the digital economy lags behind
At present, 22% of global GDP is closely related to the digital economy that covers skills and capital. China's digital economy accounts for 30% of GDP. The digital economy should not only be understood as the digital industry itself, but includes two major areas: First, digital industrialization. The second is the digitization of the industry. In the field of digital industrialization, China has been at the forefront of the world, and related laws, regulations, and regulations have been introduced. However, in the field of industrial digitalization, security problems in the integration of traditional industries and digital technologies are still insufficient. How to use digital technology to transform and upgrade traditional industries, nurture and expand emerging industries, and urgently need to build a series of digital economic and legal systems that suit the development of new technologies, new industries, new formats, and new models.