The Policy of Information Security and Anti-Virus Activities in China

1
The Policy of Information Security and
Anti-Virus Activities in China

• Zhang Jian
• National Computer Virus Emergency Response Center
• Anti-Virus Products Testing and Certification
  Center
• 86-22-66211487
• Http//www.antivirus-China.org.cn
• Zj_at_antivirus-China.org.cn

2
Agenda

• The policy of information security in China
• Antivirus laws in China
• Responsibility of National Computer Virus
  Emergency Response Center(CVERC)
• Process of CVERC
• Introduction of China computer virus survey
• The actual state and trend of CVERC
• Punish crime that writes or distributes computer
  virus
• Problems faced by us now

3
Policy and regulator

• On june 2003, State Information Leadship Group
  reviewed and passed the comments regarding the
  strengthening of information security safeguard
  works in the groups third meeting
• The National network and Information Security
  Coordination Team is responsible for the
  comprehensive coordination works of national
  information security safeguard

4
Strategic Guidelines of NationalInformation
Security Safeguard

• Proactive Defense
• Comprehensive Precaution

5
Proactive defense

• Solve information security problems with the
  thinking of development, security amid
  development, and development based on security
• Implement the information security safeguard, on
  the basis of grading, classification and phase-in
• Strengthen early warning and emergency response,
  on the basis of secure defense
• Strengthen investigation and crack-down on
  illegal crimes
• Realize secure control of network and information
  system with necessary capabilities and means

6
Comprehensive Precaution

• Information security comprehensive precaution
  system is composed of protection, detection,
  response and early warning
• Various technologies and management measures be
  adopted in the areas of prevention, detection,
  emergency response and crack-down on crimes and
  the aspects of law, management, operation,
  technology, talent, etc.
• Improve the overall capability of defending
  information security through the joint efforts of
  the whole society

7
Antivirus laws in China

• Promulgation of Computer Information System
  Security Protection Ordinance of Peoples
  Republic of China in 1994
• Promulgation of new Criminal Law of Peoples
  Republic of China in 1997
• Promulgation of Rules of Computer Virus
  Protection and Disinfections Management by PSM
  of PRC in 2000

8
Definition of Computer Virus in China

• A set of codes programmed or inserted into
  computer programs, which is able to
  self-duplicate, harm the computer function,
  destruct data and affect the proper use of
  computer
• - Article 28 Computer Information System
  Security Protection Ordinance of PRC

9

• Deliberately program and distribute
  malicious codes like computer virus etc., with
  the result of affecting the proper running of
  computer system, leads to destructive consequence
  will be punished.
• - Criminal Law of Peoples Republic of China

10

• Promulgated according to Computer Information
  System Security Protection Ordinance
• No entities or individual are allowed to publish
  the false computer virus prevalence information
• Anti-Virus products testing and certification
  institutions should conduct timely analysis and
  confirmation of the submitted virus samples and
  report the result to Public Network Information
  Security Supervision Bureau
• Provide education and training to the computer
  information system operating personnel of each
  entities
• Use those computer virus protection products
  which obtained computer information security
  system product sales license
• -Rules of Computer Virus Protection and
  Disinfections management

11
Antivirus organization in China

• National Information Work Leading Committee is in
  charge of information security work in China
• Public Security Ministry and its branch are in
  charge of antivirus case in China
• CNCERT/CC is responsible for the coordination of
  activities among all Computer Emergency Response
  Teams within China concerning incidents in
  national public telecommunications infrastructure
  networks like the Internet.
• National Computer Virus Emergency Response Center
  that belongs to CNCERT is in charge of virus
  emergency response work in China
• Anti-Virus Products Testing and Certification
  Center is in charge of the certification work of
  anti-virus products

12
Responsibility of National Computer Virus
Emergency Response

• Set up the national computer virus monitoring
  network in China
• Detect and deal with the computer virus events,
  and submit the virus infection report to
  CNCERT and the department in charge of antivirus
• Provide solutions of the computer viruses for the
  users in China, instruct the user to establish
  and implement the antivirus countermeasure
• Provide technical support to related department
  for implementing the policies of treating
  computer viruses in China
• Provide rescue services for the computer users
  attacked by computer viruses in China
• According to the terms of law, coordinate with
  the Public Security Department to punish the
  criminal activities using computer viruses
• Implement technical collaboration and information
  exchange mechanism with local and international
  antivirus researching organizations
• Train antivirus technical and management
  practitioners in China
• Hold computer viruses prevalence situation survey
• Announce computer virus prediction

13
How to deal with new virus found by CVERC in
China

• - Virus Emergency Response Center will forward
  the virus sample to all anti-virus companies when
  detecting new viruses
• - Anti-virus companies should provide analysis
  report and virus samples after finding new
  viruses
• - Virus Emergency Response Center will provide
  the analysis report to CNCERT , and according to
  the risk level to suggest whether or not to issue
  virus outbreak announcement
• - Monitoring the new virus, if finding the
  information of virus writer, informing police of
  detection
• - Upgrading of software by each of anti-virus
  companies

14
Introduction of China computer virus survey

• From 2001 to 2004, hold the national wide
  prevalence situation survey in China for four
  times
• Hold antivirus conference two times, antivirus
  experts from USA, Japan, Korea, UK, Spain,
  Russia, Singapore, Philippine and Hongkong
  attended the conference for technical communion.

15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
(No Transcript)
19
(No Transcript)
20
The top 10 viruses in China
time No. (2001,5) (2002,5) (2003,5) (2004,5)
1 CIH Exploit Redlof Netsky
2 Funlove Nimda Spage Redlof
3 Binghe Binghe Nimda Homepage
4 W97M.marker JS.Seeker Trojan.QQKiller6.8.ser Unknown mail
5 MTX Happytime Klez Lovegate
6 Troj.erase Funlove Funlove Funlove
7 BO Klez JS.AppletAcx htadropper
8 YAI CIH Mail.virus Webimport
9 wyx Gop Script.exploit.htm.page activeXComponent
10 Troj.gdoor Troj.netthief Hack.crack.foxmail wyx

21
The actual state and trend of CVERC

• Set up computer virus monitor network
• Local and international antivirus vendors become
  the member of computer virus emergency response
  team.
• Computer users actively submit computer virus
  prevalence situation.
• Detect and solve computer virus incidents
• More than 3400 rescue emails and 3000 rescue
  phone calls processed in 2004
• For the 22 times of most emergent virus outbreak
  like Mydoom, Netsky and Sasser collaborate
  with computer virus emergency response team for
  providing virus analyzing, monitoring and
  solutions to computer users in China.
• Buildup special emergency response teams for
  important events and period during holidays
• Organize local and international antivirus
  vendors to set up Computer virus emergency
  response team for both the NPC and CPPCC
  sessions
• Monitor the computer virus activities during the
  period of holding National conference, ensure the
  computer security.

22
The actual state and trend of CVERC(Continued)

• Announce computer virus pre-caution
• Released 50 times of computer virus monitoring
  weekly news paper in 2004
• Released 52 times of computer virus forecast in
  2004
• Establish antivirus propagandize area
• Collaborate with CCTV for computer virus
  forecast program
• Collaborate with Xinhuanet for computer virus
  forecast
• Hold webcast program with Xinhuanet

23
Computer virus forecast on xinhuanet
24
Webcast of xinhuanet
25
The Headlline News of Xinhuanet
26
Enhance the technical communion
27
CEO of Microsoft Great China Area
28
Technical communion with TrendMicro
29

• According to the contribution for the development
  of AVAR in 2003, National Computer Virus
  Emergency Response Center was awarded as the best
  membership of AVAR 2003.

30

• Best membership of AVAR 2003

31

• Cooperate with Trend Micro Incorporated and set
  up TrendLab China for tracing international
  computer virus development trends.

32
Trend Lab China
33

• Detect virus PE_MINCER.A
• Detect virus Hedong
• Detect virus WORM_MYBA.A
• Discover and detect WORM_MUMU.A\

34
The problem faces us now

• -New users continuously increase while lacking of
• appropriate security knowledge and techniques
• - Lacking of a full effective computer virus
  protection and
• disinfections training course
• - Young people lack of legal knowledge regarding
  computer
• security
• -Lacking of Nation level computer monitoring and
  pre-caution system

35
Our Goal
36

• Effective punishment

Insuring Recovery
Celerity reaction
Timely Find
Active Prevention
37

• Thanks
• National Computer Virus Emergency Response Center
• Anti-Virus Products Testing and Certification
  Center
• Http//www.antivirus-China.org.cn
• Zj_at_antivirus-China.org.cn