[iwar] FW: *ICN - China: Leftist journal urges building Internet information security system


From: Robert W. Miller
From: snooker@iex.net
To: iwar@egroups.com

Wed, 29 Nov 2000 11:56:53 -0700


fc  Wed Nov 29 11:00:15 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Wed, 29 Nov 2000 11:00:15 -0800 (PST)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Wed Nov 29 19:00:08 2000)
X-From_: snooker@iex.net  Wed Nov 29 12:59:16 2000
Received: from hm.egroups.com (hm.egroups.com [208.50.99.198]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id MAA08222 for ; Wed, 29 Nov 2000 12:59:08 -0600
X-eGroups-Return: sentto-279987-776-975524352-fc=all.net@returns.onelist.com
Received: from [10.1.4.54] by hm.egroups.com with NNFMP; 29 Nov 2000 18:59:13 -0000
X-Sender: snooker@iex.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-6_3_1_2); 29 Nov 2000 18:59:12 -0000
Received: (qmail 10985 invoked from network); 29 Nov 2000 18:57:26 -0000
Received: from unknown (10.1.10.26) by l8.egroups.com with QMQP; 29 Nov 2000 18:57:26 -0000
Received: from unknown (HELO mail.iex.net) (192.156.196.5) by mta1 with SMTP; 29 Nov 2000 18:57:26 -0000
Received: from h2o4me (p46-s8.cos1-ras.iex.net [209.151.65.142]) by mail.iex.net (8.9.1/8.9.1) with SMTP id LAA13172 for ; Wed, 29 Nov 2000 11:56:56 -0700 (MST)
To: 
Message-ID: 
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Importance: Normal
From: "Robert W. Miller" 
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Wed, 29 Nov 2000 11:56:53 -0700
Reply-To: iwar@egroups.com
Subject: [iwar] FW: *ICN - China: Leftist journal urges building Internet information security system
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

China: Leftist journal urges building Internet information security system

China must raise Internet security awareness to combat superstition,
rumours, slander, pornography and hackers that threaten national security.
'Qiushi' magazine warned that "information pollution" and lax controls were
becoming a serious problem in government departments and enterprises. The
magazine said China must develop an information security system, which is
independent of foreign control. The Internet must be used as an "active
defence" and propaganda tool for the party.


Text of article by He Dejin, member of the Chinese Academy of Engineering
and head of the State 863 Project Special Expert Group, entitled: "Raise
network security awareness and build information protection systems";
published by Chinese magazine 'Qiushi' on 1st November. Subheadings as
published


The world is experiencing an information revolution. The wave of computer
networking is unstoppable. Particularly the explosive growth of the Internet
is changing economic, social, and cultural structures and their operation
methods and people's ways of thinking. Previous industrial revolutions
cannot be compared to the current information revolution both in breadth and
depth. At a time when the world is locked in a fierce competition in the
area of overall national strength and under a situation where the
international situation changes all the time, the more a country is strong
in controlling information resources the more it can seize strategic
initiative. If a country loses control over information and is unable to
protect information, it will be very hard for it to control its destiny, and
there will be no state sovereignty to speak of.


1. All should pay close attention to network security


The basic characteristic of the Internet lies in its extensive global
connectivity. Such extensive connectivity gives excellent play to the role
of information resources. It is exactly because of such extensive
connectivity that gives rise to many insecure factors.


For instance, the Internet as a platform for finance, securities, and
businesses has become a hotbed for computer crimes. More alarmingly, some
could take advantage of networks' chained and multiplying effect to create
massive social chaos and endanger a state's economic security. As a forum,
the Internet has become a subversive tool for superpower. As a new media,
such negative effects as information pollution and abuse on the Net have
become more and more serious. Superstition, rumours, slanders, pornography
and other information garbage abound on the Net and corrupting the people's
minds. As a battlefield for information wars, hostile countries, regions,
and rivals can attack each other's information systems and steal secrets via
the Internet. Some even brag that it is now possible to occupy an enemy's
towns without firing a single shot.


This February, some ten noted web sites in the United States were attacked
by hackers, resulting in the lowering of the operation efficiency of the
World Wide Web by 20 per cent in just several days' time. An estimate shows
that the economic losses caused by hackers on the US major web sites were
over 1.2bn dollars, and companies that were victims of hackers reported 1bn
dollars of market value losses and 100m dollars worth of sales and
advertisement revenue losses in the first three days of the attack. This is
a message. It warns us to make full mental and technical preparations for
sudden and untoward outbreak of network incidents. At the same time, it
strikes home the fact that information security is a major issue that has a
bearing on the state's security and that information security and protection
capabilities are major parts of the comprehensive national strength,
economic competitive strength, and of survival and development capabilities;
hence the need to raise them !
to the level of state and nation
al interests and to pay attention to it as a major basic state policy.


The United States got a head start in computer networking and has been
taking the lead in the process of global information development. From the
age of host servers to microcomputers and from the age of local area
networks to the Internet, they have put forward different standards on
information security. Proceeding from the innate frailty of the network
technology and from the innate uncertainty of information, they put forward
the idea that network security is not only a sort of security measures but
also a security process and that there is not only a need to adopt passive
protective measures but also to make active adaptation. On this basis, the
United States has in recent years comprehensively promoted the concept of
"information protection systems" in the military and society. The concept
includes the whole process of network security, namely border defence,
intrusion detection, security response and restoration from destruction; it
comprehensively incorporates major co!
ntents of network security, name
ly appraisal, security, integrity, usability, irreversibility,
accountability, and restorability; it puts forward several major areas of
information security, namely key infrastructure's network security
(including telecommunications, gas pipelines, traffic, water supply,
finance); contents' information security (including anti-versus, electronic
mail security and e-mail filtering of harmful contents); and electronic
commerce's information security.


The US "information protection system" concept is worthy of borrowing, but
due to its over-emphasis on considering and solving problems from a
technical perspective, the United States still could not deal with hackers
this February. As network security has to deal with another problem whose
level is higher than that of technical protection and of social management,
it should be society's overall integrated structure, a general sum-up of
legal and ethical standards, of management, technology, and human knowledge,
wisdom, and strategies. It should be built on a secured technical platform,
characterized by composite forces formed by various departments; it is not a
simple duplication of various departments' functions, but an organized whole
under a unified leadership.


The Internet is a very complicated and enormous system formed by users and
networks. People, as the main body, are the basic driving force behind
network development and the last line of defence of information security.
Therefore, a network security mechanism must orient itself towards clients,
protect personal information (privacy and intellectual property right), and
safeguard users' network application (for instance, identification
recognition, secrecy of correspondence). At the same time, users bear a
social responsibility towards dissemination and reception of the contents of
information on the Net, need to voluntarily block the dissemination of false
information, and should uphold the idea that "it is everyone's
responsibility to maintain network security." A survey shows that 80 per
cent of network security incidents were not originated from external hackers
but from internal personnel. Testifying before a recent US Senate hearing, a
well-known hacker stated that he too!
k advantage of the carelessness
and lack of security awareness among people in the organizations to succeed
in 90 per cent of his hacking attempts. Seen from this, it can be said that
the weakest link in the defence line of the current network security is the
people and that the surest guarantee for network security is also people.


Stressing the human factor is our party's excellent tradition. We can do a
better job than the West in this area. To that end, we should strive to move
our ideological and political work onto the Net and inspire the masses'
awareness for security. Erroneous thinking like "there is no sovereignty on
the network world" and "there is no government on the Net" needs to be
corrected. It is necessary to popularize network security and technology
knowledge, to conduct lively education and carry out training with real
cases, with emphasis on information security education among youngsters.


Neglect of network security is a serious problem at government organs and
enterprises. There are many causes, but the most important reason remains
the problem of ideological understanding. As the security awareness of major
responsibility persons of a unit is of a decisive significance to the
overall network security, leading cadres should relate network security
awareness with political awareness, responsibility consciousness, security
awareness, and with legal awareness. At the same time, there is a need to
incorporate a unit's network security into a security management structure
characterized by all assuming responsibility, by different levels of leaders
assuming responsibilities, and by the assumption of overall responsibility
by top leader of a unit.


2. Strive to take initiative in the development of global information
network


Since the virtual, proliferation, and intrusion quality of information is
very strong and as network technological control is an infrastructure
project, all governments have without exception standardized and
systematized this work, worked out laws and regulations on network control,
information resource management, prevention against hackers , crackdown on
computer crime , and on prevention of information leaks and rendered
technical support. The problem is that many countries find it hard to
implement such a comprehensive approach; instead, there is a lack of
concentration of efforts, the passing of bucks, the duplication of
functions, and low efficiency. One knows that China holds a unique advantage
in that it has a unified party leadership. If the Chinese Communist Party
Central Committee makes a decision, the entire party and the whole nation
can forge unity and make concerted action, pool social resources, make
unified coordination, and seize initiative.


Seizing initiative is a policy and strategy related issue. China is at the
initial stage of information building. Faced not only with the immense
pressure posed by developed countries' advantage in information, China also
basically needs to import network technologies and equipment. How can
initiative under such a situation be seized? From long revolutionary years
and of construction, our party has accumulated rich experiences of defeating
stronger forces by weaker ones, of turning defence into offence, and of
transforming adverse factors into favourable ones. Comrade Mao Zedong and
Comrade Deng Xiaoping had made a succinct sum-up about this. Taking into
consideration China's network security's reality, we should stress well the
following principles:


1. There is a need to adopt "two-handed approach." Faced with the tide of
computer networking in the world, we should, on the one hand, make positive
participation in and accelerate the process of enhancing our information
strength, and on the other hand, be good at protecting ourselves under the
network environment, so that we can reap good points, avoid pitfalls, and
turn adversity into our advantage. As network security problems emerge in
the course of network development, we are required to, after all, rely on
the development method to solve problems. Without development, there is no
security to speak of. But we must be tough and not be soft in the area of
security or we will not be able to guarantee development and land ourselves
in a passive position.


2. It is necessary to "make cool-headed observation and deal with problems
in a calm manner." Only with objective and cool-headed judgment over the
network security situation can we expect to seize initiative. Although peace
and development is the main theme of the times, hegemonism still exists and
still has room for development in the area of information security. We must
raise vigilance against real threat and potential dangers (computer
software's "backdoors" and information leaks over the Net) with regard to
information security. Even in times of peace, we still have to think of
dangers. At the same time, serious appraisal must be made on the security of
existing information system and on the information system now under
construction, so that we have a full grasp of the problems and set time
limit to solve them. In addition, we need to be prepared for the development
of the next generation of networks in foreign countries.


3. "Place the basic work on greater risks." Though threat to network
security is an objective existence, network security risks can be controlled
and avoided. This calls on us not to be afraid of risks and to make good
preparations for working out good countermeasures. There is a need to ensure
that key operations are not interrupted and that a network's basic survival
capability is intact in the event of subjecting to major risks like
intrusion and of damage done to system.


4. "Active defence." The strategic thinking of Comrade Mao Zedong and
Comrade Deng Xiaoping strikes home the fact that passive defence will only
make us passive and be subjected to attack and pure reliance on plugging
existing system loopholes will not help us basically solve the information
network security problems. Therefore, technologically, we need to create a
flexible and mobile security structure that is strong in adaptability. As
for contents, we should greatly enhance positive propaganda on the Net,
carry forward our party's excellent tradition in public opinion work, make
full use of this country's unique and rich information resources, strive to
run well a number of web sites that can attract people, that are combative,
that target specific groups, that provide timely information, that are loved
by the people, and wage active campaigns over the Net.


5. "Independence and autonomy, and advocate self-reliance." Because of the
universal nature of the network, it is necessary to try to relate to
international conventions on information security and to achieve
international coordination. But we should never rely on foreign countries to
solve this country's information security problems; instead, we should take
an independent and autonomous development path. We should ensure autonomous
rights on network management, network control, and network policy
formulation under any conditions, develop key products and key technologies
with own intellectual property rights, and realize industrialization as
quickly as possible. With independent information security technology and
industry, we can then basically shake off a passive situation where it is
difficult for secured use and effective control of imported information
system.


6. "Study new situations and solve new problems." Network is a brand new
thing whose ways of service and channels of application are endless.
Traditional concepts, simple security mechanism and crude security
management can no longer be adapted to changes. If we stick to old
established ways, we will only make ourselves passive. Therefore, there is a
need to study from developed countries' practices and to strive to exercise
macro control and to enliven micro management.


3. Concentrate efforts on doing several major things in information security
area


High technology's security means are basics and guarantee to solve network
security problems. We need to seize opportunities, give play to potential
advantages, and to strive to realize breakthrough development in some new
growth points of network security.


1. On the front of information security and of high-tech research, there is
a need to quickly possess an independent information security protection
capability, capability to detect hidden dangers, capability to monitor and
issue early warning on intrusion and abuses, ability to make emergency
handling and capability to engage in information confrontation.


2. It is necessary to enhance basic theoretical research into information
security via cooperation between natural and social sciences. Earnest study
and results are needed in issues related to the innate nature,
characteristics, and contradictions of the Internet, in issues related to
network behaviours, characteristics, and cultural environment, and in issues
related to network's evolution and survival, so that we will be well-placed
to take initiative in the areas of network security in a comprehensive
manner and in strategic sense.


3. There is a need to combine the state-guidance and market mechanism. We
should be determined to bring about the basic localization of our major
information security products in several years' time. This requires the
state's promotion, guidance, and necessary investment. We need to seek
industrialization as fast as possible through application demonstration
projects, industrialization bases, project centres, and other forms. It is
also necessary to fully mobilize the initiative of all parties including
that of small and medium-sized enterprises via security orientation marked
by government procurement and via market mechanism.


4. We need to step up building information security infrastructure including
network control centre, appraisal and certification centre, emergency
handling centre, virus prevention centre, digital certification centre and
accelerate formulating security's technical standards. Once the
above-mentioned facilities and standards are in place we will be provided
with a security shield and with a weapon to deal with technological
hegemonism.


All in all, as long as we constantly enhance the party's leadership, give
play to the superiority of socialist system, raise citizens' awareness for
network security, strengthen legal system building, fully mobilize the
creativity of the broad mass of technicians and scientists, establish a
complete theoretical structure that is in line with China's reality and
build a basic structural support for this country's information and network
security, and promote the high-speed development of China's information
security sector, we will surely build confidence in taking initiative to
ensure security in the course of developing China's information security
sector.

11/29/2000
BBC Monitoring
Source: 'Qiushi', Beijing, in Chinese 1 Nov 00 pp 54-56/BBC Monitoring/(c)
BBC

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cybercrime Reports:  http://www.infowar.com/ccr/ccr1.shtml
CCR@infowar.com
Internet Crime Watch: http://www.infowar.com/iwatch/iwatch.shtml
ICN@infowar.com


Det. Robert W. Miller
Colorado Internet Crimes Against
Children Task Force
Pueblo High Tech. Crime Unit
Pueblo County Sheriff's Office
320 S. Joe Martinez Blvd.
Pueblo West, CO. 81007
Tel (719)583-4736
FAX (719)583-4732
mailto:snooker@iex.net
mailto:cicactf@iex.net
http://www.co.pueblo.co.us/sheriff/
PGP key available at: http://pgpkeys.mit.edu:11371/
search on snooker@iex.net

Internet Crime News ( ICN) is brought to you by Infowar.Com Ltd.
Please feel free to pass this on as long as all information and header
remains intact.
Please forward your comments or posts to ICN@infowar.com.
Subscribe and Remove instructions appear at the end of this email.

Moderator: Paulo Felix
The moderator can be directly contacted by e-mailing to: felix406@wxs.nl
Mr. Felix is First Officer, Open Source Unit, EUROPOL, The Hague,
Netherlands and moderates this list pro bono.

Infowar.Com Ltd.  11125 Park Blvd. MS 104-215, Seminole, FL  33772-4700
727-556-0833 Voice  727-556-0834  FAX
Need Further Info?  Write betty@infowar.com
Visit the Security Store @ Infowar.com
http://www.infowar.com/store/index.shtml
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------------------------------------------
To unsubscribe send an email to icnlist@infowar.com
with "Unsubscribe" in the first line of the message.




-------------------------- eGroups Sponsor -------------------------~-~>
eGroups eLerts
It's Easy. It's Fun. Best of All, it's Free!
http://click.egroups.com/1/9698/1/_/595019/_/975524353/
---------------------------------------------------------------------_->

------------------
http://all.net/