Title: The Policy of Information Security and Anti-Virus Activities in China
1The Policy of Information Security and
Anti-Virus Activities in China
- Zhang Jian
- National Computer Virus Emergency Response Center
- Anti-Virus Products Testing and Certification
Center - 86-22-66211487
- Http//www.antivirus-China.org.cn
- Zj_at_antivirus-China.org.cn
2Agenda
- The policy of information security in China
- Antivirus laws in China
- Responsibility of National Computer Virus
Emergency Response Center(CVERC) - Process of CVERC
- Introduction of China computer virus survey
- The actual state and trend of CVERC
- Punish crime that writes or distributes computer
virus - Problems faced by us now
-
3Policy and regulator
- On june 2003, State Information Leadship Group
reviewed and passed the comments regarding the
strengthening of information security safeguard
works in the groups third meeting - The National network and Information Security
Coordination Team is responsible for the
comprehensive coordination works of national
information security safeguard
4Strategic Guidelines of NationalInformation
Security Safeguard
- Proactive Defense
- Comprehensive Precaution
5Proactive defense
- Solve information security problems with the
thinking of development, security amid
development, and development based on security - Implement the information security safeguard, on
the basis of grading, classification and phase-in - Strengthen early warning and emergency response,
on the basis of secure defense - Strengthen investigation and crack-down on
illegal crimes - Realize secure control of network and information
system with necessary capabilities and means
6Comprehensive Precaution
- Information security comprehensive precaution
system is composed of protection, detection,
response and early warning - Various technologies and management measures be
adopted in the areas of prevention, detection,
emergency response and crack-down on crimes and
the aspects of law, management, operation,
technology, talent, etc. - Improve the overall capability of defending
information security through the joint efforts of
the whole society
7Antivirus laws in China
- Promulgation of Computer Information System
Security Protection Ordinance of Peoples
Republic of China in 1994 - Promulgation of new Criminal Law of Peoples
Republic of China in 1997 - Promulgation of Rules of Computer Virus
Protection and Disinfections Management by PSM
of PRC in 2000
8Definition of Computer Virus in China
- A set of codes programmed or inserted into
computer programs, which is able to
self-duplicate, harm the computer function,
destruct data and affect the proper use of
computer - - Article 28 Computer Information System
Security Protection Ordinance of PRC
9- Deliberately program and distribute
malicious codes like computer virus etc., with
the result of affecting the proper running of
computer system, leads to destructive consequence
will be punished. - - Criminal Law of Peoples Republic of China
10- Promulgated according to Computer Information
System Security Protection Ordinance - No entities or individual are allowed to publish
the false computer virus prevalence information - Anti-Virus products testing and certification
institutions should conduct timely analysis and
confirmation of the submitted virus samples and
report the result to Public Network Information
Security Supervision Bureau - Provide education and training to the computer
information system operating personnel of each
entities - Use those computer virus protection products
which obtained computer information security
system product sales license - -Rules of Computer Virus Protection and
Disinfections management
11Antivirus organization in China
- National Information Work Leading Committee is in
charge of information security work in China - Public Security Ministry and its branch are in
charge of antivirus case in China - CNCERT/CC is responsible for the coordination of
activities among all Computer Emergency Response
Teams within China concerning incidents in
national public telecommunications infrastructure
networks like the Internet. - National Computer Virus Emergency Response Center
that belongs to CNCERT is in charge of virus
emergency response work in China - Anti-Virus Products Testing and Certification
Center is in charge of the certification work of
anti-virus products
12Responsibility of National Computer Virus
Emergency Response
- Set up the national computer virus monitoring
network in China - Detect and deal with the computer virus events,
and submit the virus infection report to
CNCERT and the department in charge of antivirus - Provide solutions of the computer viruses for the
users in China, instruct the user to establish
and implement the antivirus countermeasure - Provide technical support to related department
for implementing the policies of treating
computer viruses in China - Provide rescue services for the computer users
attacked by computer viruses in China - According to the terms of law, coordinate with
the Public Security Department to punish the
criminal activities using computer viruses - Implement technical collaboration and information
exchange mechanism with local and international
antivirus researching organizations - Train antivirus technical and management
practitioners in China - Hold computer viruses prevalence situation survey
- Announce computer virus prediction
13 How to deal with new virus found by CVERC in
China
- - Virus Emergency Response Center will forward
the virus sample to all anti-virus companies when
detecting new viruses - - Anti-virus companies should provide analysis
report and virus samples after finding new
viruses - - Virus Emergency Response Center will provide
the analysis report to CNCERT , and according to
the risk level to suggest whether or not to issue
virus outbreak announcement - - Monitoring the new virus, if finding the
information of virus writer, informing police of
detection - - Upgrading of software by each of anti-virus
companies
14Introduction of China computer virus survey
- From 2001 to 2004, hold the national wide
prevalence situation survey in China for four
times - Hold antivirus conference two times, antivirus
experts from USA, Japan, Korea, UK, Spain,
Russia, Singapore, Philippine and Hongkong
attended the conference for technical communion.
15(No Transcript)
16(No Transcript)
17(No Transcript)
18(No Transcript)
19(No Transcript)
20The top 10 viruses in China
time No. (2001,5) (2002,5) (2003,5) (2004,5)
1 CIH Exploit Redlof Netsky
2 Funlove Nimda Spage Redlof
3 Binghe Binghe Nimda Homepage
4 W97M.marker JS.Seeker Trojan.QQKiller6.8.ser Unknown mail
5 MTX Happytime Klez Lovegate
6 Troj.erase Funlove Funlove Funlove
7 BO Klez JS.AppletAcx htadropper
8 YAI CIH Mail.virus Webimport
9 wyx Gop Script.exploit.htm.page activeXComponent
10 Troj.gdoor Troj.netthief Hack.crack.foxmail wyx
21 The actual state and trend of CVERC
- Set up computer virus monitor network
- Local and international antivirus vendors become
the member of computer virus emergency response
team. - Computer users actively submit computer virus
prevalence situation. - Detect and solve computer virus incidents
- More than 3400 rescue emails and 3000 rescue
phone calls processed in 2004 - For the 22 times of most emergent virus outbreak
like Mydoom, Netsky and Sasser collaborate
with computer virus emergency response team for
providing virus analyzing, monitoring and
solutions to computer users in China. - Buildup special emergency response teams for
important events and period during holidays - Organize local and international antivirus
vendors to set up Computer virus emergency
response team for both the NPC and CPPCC
sessions - Monitor the computer virus activities during the
period of holding National conference, ensure the
computer security.
22The actual state and trend of CVERC(Continued)
- Announce computer virus pre-caution
- Released 50 times of computer virus monitoring
weekly news paper in 2004 - Released 52 times of computer virus forecast in
2004 - Establish antivirus propagandize area
- Collaborate with CCTV for computer virus
forecast program - Collaborate with Xinhuanet for computer virus
forecast - Hold webcast program with Xinhuanet
23 Computer virus forecast on xinhuanet
24Webcast of xinhuanet
25The Headlline News of Xinhuanet
26Enhance the technical communion
27CEO of Microsoft Great China Area
28Technical communion with TrendMicro
29- According to the contribution for the development
of AVAR in 2003, National Computer Virus
Emergency Response Center was awarded as the best
membership of AVAR 2003.
30- Best membership of AVAR 2003
31- Cooperate with Trend Micro Incorporated and set
up TrendLab China for tracing international
computer virus development trends.
32Trend Lab China
33- Detect virus PE_MINCER.A
- Detect virus Hedong
- Detect virus WORM_MYBA.A
- Discover and detect WORM_MUMU.A\
34The problem faces us now
- -New users continuously increase while lacking of
- appropriate security knowledge and techniques
- - Lacking of a full effective computer virus
protection and - disinfections training course
- - Young people lack of legal knowledge regarding
computer - security
- -Lacking of Nation level computer monitoring and
pre-caution system
35Our Goal
36 Insuring Recovery
Celerity reaction
Timely Find
Active Prevention
37- Thanks
- National Computer Virus Emergency Response Center
- Anti-Virus Products Testing and Certification
Center - Http//www.antivirus-China.org.cn
- Zj_at_antivirus-China.org.cn