China's "Measures for Cyber Security Review" (hereinafter referred to as the "Review Measures") was released on April 13, 2020,Effective on June 1 of the same year。Previous is the "Measures for the Safety Review Measures for Network Products and Services (Trial)" that was implemented from 2017。From trial to molding,Practice and exploration in the past three years,Finally abandoned、Concentration、Submitted in new rules。July 2021,The Central Cyber Information Office again released the "Cyber Security Review Methods (Draft for Revised Draft Consultation)",The focus of this revision is the relevant content of the "Data Security Law" on data security review,But it is undeniable that,The core concern of the "Review Measures" is still the supply chain security of key information infrastructure。
The core matters solved by the "Examination Measures" are: product or service for security issues that may bring in key information infrastructure。In other words,The reason why it is initiated for review,It is because of specific key information infrastructure operators because of purchasing specific network products and services,It may cause "vulnerability" to key information infrastructure,instead of the internal safety of the product or service。The latter is mainly by the 22nd、Twenty -three and 36 and its supporting systems solved。Along this basic logic,You can master all aspects of the review system established by the "Review Measures" in China。
Bet365 lotto review
In the "Review Measures",The goal of security review is "In order to ensure the security of the supply chain of key information infrastructure,Maintain National Security ",The risks that focus on product and service in terms of supply chain security will be reviewed。Therefore,The target of the censorship is always a specific product or service purchased by the key information infrastructure operators。For this,"Examination Measures" also clarifies the scope of product or service,Article 21 stipulates: "The network products and services mentioned in these Measures mainly refer to core network equipment、High -performance computer and server、Large -capacity storage equipment、Large database and application software、Network Security Equipment、Cloud computing service,and other online products and services that have important influence on key information infrastructure。"" The censorship of key information infrastructure suppliers,"Examination Measures" mainly examines its "compliance with Chinese law、Administrative Regulations、Department of Regulations "。
summary,China's review objects are clear,The censorship object is mainly based on specific products or services,Supplementary supplier。Review of the supplier,Can't be independent of the specific products or services it provided。Therefore,China does not actively initiate an independent review or risk assessment of a certain supplier。
Evaluation elements specific
First,The core of the "Review Measures" is to examine "specific products or services+specific use scenarios"。This reflects an advanced understanding of safety,That is, "network security is relative rather than absolute"。Similarly,Bet365 lotto review The safety of products and services is also relative。An Innspur,to a large extent rely on the main body of the product and service、Use the purpose、How to use and the reliability of product supply channels,There is no absolute measure to measure safety、Constant benchmark。Therefore,"Review Measures" key review and purchase、After using specific products and services,Whether it will cause the following two aspects。One,Key information infrastructure is illegally controlled、Donation or destruction,and important data were stolen、Discovery、Risk of damage (Article 9); Two,Product and service supply interruption of the harm of the continuity of key information infrastructure business (Article 10 Item 2)。
Next,"Examination Measures" Article 10 (3) Review "product and service safety、Openness、Transparency、Diversity of Source "。It can be roughly understood: security means that the product and service itself is invaded、Destruction、Destruction、Tampered、Handling and other risks; openness refers to the compatibility of products and services、Mutual operating problems; transparency refers to the working principle within the product and service、Can the mechanism be understood by network operators、Intervention or control; the diversity of the source refers to avoiding excessive dependence issues。
Last,"Review Measures" Article 10 (3) Review "The reliability of supply channels and because of politics、Diplomacy、Trade and other factors for the review of the risk of supply interruption ",In essence, it is further reviewing the factors that may cause supply interruption。For example,Microsoft stops the security update service of the XP operating system,For Bet365 lotto review the security risks of the information system of the party and government agencies that use the XP system;,The United States controls the control capabilities of the global supply chain through export control measures,A chip purchased for a specific key information foundation,Is the potential effect of continuous supply。
Visible,There are no country factors in China's risk considerations。The attention of network security review is always in specific products and services,and the product or service for specific key information infrastructure,The fragile problem that may be introduced。It can be said,Cyber security review is mainly a technical、Objective assessment。
review by the operator's initiative
In the "Review Measures",The main requirements for reviewing the startup are "Operators purchasing network products and services,The national security risk that the product and service may be brought after are put into use。Impact may affect national security,Try to apply for network security review to the network security review office "。The main body of the review and declaration is clearly the "key information infrastructure operator" as a purchaser。and,The purchaser actively "predict the national security risk that the product or service may bring" and decide whether to apply for review,Become one of its legal obligations。The purchaser should take the initiative to manage the supply chain risk through legal work,For example, stipulated in Article 7: "Purchasing documents、Agreement and other requirements for products and service providers cooperate with network security review,Including the adverse conditions of the provision of products and services illegally obtain user data、illegal control and manipulation bet365 best casino games user equipment,No reasonable reasons do not interrupt product supply or necessary technical support services, etc. "。
Combining the above law's obligation,You can see the role positioning of the "Review Measures" to the purchaser: Since the specific products and services are the purchaser's independent selection,The purchaser should become the subject of responsibility (that is, the so -called principle of consistent power and responsibility),Therefore, the purchaser should be within the scope that can be within its ability,Active management and reducing supply chain security risks。other,China's institutional arrangement has greatly respected key information infrastructure operators combined with the risk judgment and business decision -making of its own operating scenarios,Avoid the government without differences、Large -scale intervention in the company's daily procurement behavior。In other words,Only when a certain product or service is used in a certain scene,The safety risk caused by the operator's ability range,The network security review mechanism will start。This regulation,In turn, avoid public power to actively intervene in the supply market of online products and services,Active the risk of suppliers、Evaluation of supplier diversity,Avoid the supply of network products and services as a high plan、High -controlled market,So as to lose market vitality and innovation motivation。
Examine the conclusion of prudential
The core of the "Review Measures" is to inspect "specific products or services+specific use scenarios"。Therefore,The conclusion of the review is whether the specific product or service can be used in a specific scene。In other words,Even if a single network security review is not passed,It Bet365 lotto review does not necessarily cause the product or service to not pass the network security review initiated by other key information infrastructure operators。Under the guidance of the above thinking,In order to avoid the overall impression of unsafe in a certain product or service outside the market,Results of network security review,In most cases, only "to notify the operator in writing conclusions in writing" (Article 12),It will not be made public to other operators or all sectors of society。The reason why there will be such a conclusion,Or because of the "review Measures" review, the target of the review is always a specific product or service purchased by operators of key information infrastructure。Therefore, even if a single censorship is not passed,It will not cause the supplier's entire product or service to be rejected by all key information infrastructure operators,Cause "one censorship cannot pass,Full of Losses "situation。
In short,China's network security censorship does not take the risk status of the supplier as a logical starting point for security,I will not "talk about things",It will not cause the effect of "label"。Single censorship does not pass only means that specific key information infrastructure operators should not use specific products or services in a certain scene or link,It will not affect all products or services under the supplier at the same time,Avoid the effect of "joint damage"。The design of the relevant system also respected the autonomous safety decision of the operator,Reverse motivating operators to improve the level of safety。This is conducive to maintaining the diversity of network products and service supply markets,Encourage network operators from different countries to compete and continue to innovate each other,Provides a steady stream Bet365 lotto review of motivation for the sustainable development of the supply market。
(The author is a professor at the School of Law of Beijing University of Technology)
Friendship link: Official website of the Chinese Academy of Social Sciences |
Website filing number: Jinggong.com An Bei 11010502030146 Ministry of Industry and Information Technology:
All rights reserved by China Social Sciences Magazine shall not be reprinted and used without permission
General Editor Email: zzszbj@126.com This website contact information: 010-85886809 Address: 11-12, Building 1, Building 1, No. 15, Guanghua Road, Chaoyang District, Beijing: 100026
>