In response to the complex international situation in the field of global data security, China proposed the “Global Data Security Initiative” (hereinafter referred to as the “Initiative”) on September 8, 2020, to provide a blueprint for data security governance. The “Initiative” expects to work with all parties to strengthen the coordinated development of data security, personal privacy and national security through a series of practical measures, urge countries to pay more attention to network security and data security construction, and promote the development and cooperation of the global digital economy industry. In the context of economic globalization, data sharing, circulation and trading are the general trend. How to ensure data security and use data security to promote the healthy and sustainable development of the global digital economy is worth thinking about.
1. The connotation and extension of data and data security are changing In the era of digital economy, data, as a new means of production, is considered a factor of production and new gold, and its importance is self-evident. Moreover, flow and sharing become new features of data. Data security work has gradually changed from a “system”-centered approach to a “data”-centered approach, and global legal policies have also shifted to focus on personal information and privacy protection, expanding to comprehensive data security governance.
Changes in application scenarios have spawned new data security technologies. Traditional technologies, such as encryption, access control, database security audit, database firewall, and data leakage prevention, can only play a partial security protection role and cannot meet the security requirements of new application scenarios such as data circulation, sharing, and transactions. To this end, Secure Multi-Party Computation, Data Masking, Differential Privacy, Homomorphic Encryption, Federated Learning, Zero-knowledge proof (Zero- Knowledge Proof) and other new technologies have been proposed and widely studied. Although a large amount of research on these technologies has been accumulated in the academic field, their practicality and efficiency in real-world scenarios remain to be resolved. At present, there is still a considerable distance from the widespread popularization and implementation of these technologies.
The higher the value contained in the data, the more vulnerable it is to hacker attacks, and the attack methods are more complex and diverse. In the past few years, various data security incidents have occurred frequently, such as the leakage of the private data of hundreds of millions of guests in a hotel. The constant ransomware attacks have caused more and more serious harm. These profit-seeking and ever-changing data security threats have caused great harm to the digital economic order, which requires strong security protection methods and continuous security operations to effectively resist them.
2. Data security has become the most urgent and fundamental security issue in the digital economy era. In the digital economy era, the amount of global data generated by the wide application of technologies such as big data, cloud computing, artificial intelligence, and the Internet of Things has grown exponentially. Data has become an important factor of production and a basic strategic resource, and its value has become increasingly prominent. At the same time, global data security risks are increasing day by day. Issues such as data security and privacy protection, risks of data storage, use and cross-border flow pose new challenges to the data security governance capabilities of various countries.
(1) Big data technology brings changes to data security protection
The “4V characteristics” of big data, that is, large data volume (volume), various data types (variety), fast processing speed (velocity) and low value density (value), subvert the traditional data management methods and make traditional data security. Technology cannot effectively deal with emerging security issues in big data application scenarios. From a technical perspective, the development of technologies such as web crawlers, machine learning, and artificial intelligence has made the collection and analysis of personal privacy data more and more convenient. The leakage of personal privacy and important national information has gradually become a very serious global problem. From the perspective of consciousness, whether it is organizations such as various enterprises and institutions, or individual citizens, the emphasis on data assets is far less than the emphasis on physical assets. It can be said that the serious lack of data security awareness has resulted in a weak awareness of data asset protection, low vigilance against various risks and hidden dangers, insufficient use of security technology, and emphasis on security technology development and management system upgrades. Insufficient, these all make the data security governance capacity seriously insufficient.
(2) Data asset problems affect various security subjects
As an important asset, data has an important impact on national security, national defense security, social security and personal safety. Cyber attacks against big data do not stop at commercial theft, but take important corporate assets, important national secrets, and important infrastructure as the primary targets, with the hope of interfering in politics, manipulating public opinion, subverting political power, and even destroying or paralyzing electricity and transportation. , energy and other key infrastructure, interrupting industrial production and affecting the military situation.
In addition, the correlation analysis of open mass data may also lead to the leakage of commercial secrets and even national strategically important data resources. The open circulation of data can increase the commercial value and social value of data resources. However, the integration and opening of big data will also make the data ownership relationship more complicated, and legal risks such as user data abuse may occur in all aspects of open circulation.
(3) The background of organized cyber attacks is strong and difficult to detect
Malicious cyberattacks with organized backgrounds are one of the main causes of data breaches and a major risk to global data security. Due to the impact of the new crown pneumonia epidemic, the remote working model has increased the possibility of data being maliciously attacked. Most of these attackers are organized and organized criminal gangs, and even hacker teams and cyber warfare units with national backgrounds. A large number of APT attacks, ransomware attacks, etc., are launched by forces with the background of the country. These national-level cyber attackers use big data technology to expand the attack effect, launch large-scale botnet attacks, and amplify the attack effect by controlling key nodes. The low value density of big data allows hackers to hide attacks in big data, making it difficult for security analysis tools to achieve mining and analysis effectiveness.
(4) Security challenges brought by data sharing and circulation
In the application scenario of the digital economy era, data will frequently flow across systems, organizations and even across borders, especially in the data sharing process. Traditional data access control technologies cannot solve the problems of cross-organizational data authorization management and data flow tracking. , it is difficult to monitor and audit the data processing activities of data recipients in real time only by written contracts or agreements, which can easily lead to the risk of data leakage and data abuse. The fear of distributing and using data due to security fears will make many departments try not to share data that may be related to public safety, social stability and public interests, try not to share it if they can, try not to disclose it if it can, or even engage in “One size fits all” affects the performance of data utility. In addition, the cross-border flow of international data may lead to problems such as leakage, abuse and misuse of user data, and may also bring challenges to enterprises and countries in terms of technology management, asset management and organizational management. Moreover, the carrying media of cross-border data are diverse, present in various forms, and have a wide range of applications, as well as differences in the policies and laws of the countries where the data is located, resulting in ambiguous rights of data owners and users, and data abuse in the application and development of data. and other risks.
(5) Data security has become an international and holistic issue
Some countries take geopolitics and ideology first, develop their own digital offensive and defensive capabilities in the name of digital security, and disrupt the rules of the global digital economy. Actively suppress non-domestic digital economy companies in a unilateral way, undermining the security of global supply chains. Moreover, these countries illegally obtain user data from other countries through the “long-arm jurisdiction” system.
In addition, global laws on data security may impact the enforcement effectiveness of national law enforcement agencies. For example, due to the long-arm jurisdiction principle of the GDPR, many companies are included in its jurisdiction, and the regulation substantially expands the influence of EU regulators on Chinese companies.
3. Countermeasures and Suggestions for Strengthening Data Security Governance
In view of the above-mentioned data security status, existing problems and challenges, we should comprehensively deal with regulations and standards, technology platforms, industrial development, capacity building, solutions and international cooperation.
(1) It is urgent to improve data security standards and implementation rules
my country attaches great importance to data security, and many laws, policies and standards have been released or approved successively. On July 3, 2020, the “Data Security Law (Draft)” was publicly solicited for comments, and it clarified that data security governance methods should be adopted to provide legal support for data security governance practices. Higher-level laws such as the Cybersecurity Law, the Data Security Law (Draft), and the Personal Information Protection Law (Draft) provide general data security principles and basic methods. Next, various industries and fields and enterprise organizations need to formulate management, technical standards and implementation rules including personal information, important data, data cross-border and other aspects according to their actual situation and security needs, and the content covers the data of the full life cycle of data. Security requirements, including classification and grading, de-identification, risk assessment, etc., guide the specific practice of data security governance, so that data security governance measures are put in place, and there are laws and regulations to follow. The work in this area urgently requires close coordination among all parties involved in government, industry, academia, research and use to accelerate the formulation of relevant standards and regulations and regulations.
(2) Establishing a data security service, supervision and audit platform with government credibility It is necessary to establish an authoritative big data platform with government credibility to provide specialized data security services, supervision and auditing services. For example, establish a personal information big data platform, and take security measures such as encryption, anonymization, access control, and data desensitization to securely provide data for applications or organizations that need to use personal information; when various application platform service providers need to use When collecting personal information, only an application can be made to the personal information big data platform, which changes the use mode of personal information from the current multi-point access mode to a centralized access mode, providing practical security for personal information protection. At the supervision level, through such an authoritative big data platform, a national-level data security supervision and audit system can be established, which supports the traceability and security audit of data circulation paths, and realizes the confirmation of data sovereignty.
(3) Guide the innovative layout of the data security industry with policies
Through the combination of policy guidance, project support, and demand traction, enterprises are guided to strengthen the innovative research and development of data security protection products and solutions. It is recommended that ministries, commissions and local governments of the state, when setting up scientific research and industrialization projects and application demonstration projects, focus on supporting data classification and classification, data sharing security monitoring, fine-grained data resource access control, shared data desensitization and de-identification, cross-domain multiple Model network identity authentication, data marking and traceability, data security threat monitoring and other technologies research and development, achievement transformation and application demonstration. Moreover, it is necessary to develop the data security assessment, training, and certification industry to provide enterprises or organizations with data security capability maturity assessment support, especially in the relevant policies for the development and utilization of big data, to clarify the data security capabilities required to collect and process different data Maturity level requirements, and include relevant enterprises or organizations in the assessment scope.
(4) Make data security the competitiveness of an organization
In the field of data security, by establishing a scientific governance model, the type and scale of data that an organization can handle is linked to its data security capability level. For example, the health and medical industry urgently needs to use big data technology to greatly improve the technical and business level, and this kind of data is highly sensitive, so industry authorities can stipulate which organizations can process what type of data, or what size data can be processed of organizations must demonstrate that they meet the appropriate data security competency level requirements. In this way, before an organization wants to use health and medical data to conduct research or expand its business, it needs to have corresponding data security capabilities. Therefore, a business with higher data security capabilities means a greater opportunity to process more types and volumes of data, rather than increasing costs. Through such a governance method, enterprises or organizations can be guided to actively improve their data security capabilities, so as to achieve a positive link between business competitiveness and security, thereby driving the development level of the entire data security industry to gradually improve.
(5) Create a data security solution from the two dimensions of compliance and operation. Create a data security solution driven by the “compliance + operation” two-wheel drive. On the one hand, according to the relevant standards of network security and data security, through the big data platform or security component that supports the security guarantee of the whole data life cycle, it is used for big data and digital economy application scenarios, especially the cross-system, cross-organization, and cross-border sharing of data. , circulation and transaction application scenarios, providing complete data security assurance capabilities from the dimension of compliance.
On the other hand, through the localized empowerment of big data security analysis capabilities, with security operations or security service centers as the carrier, from the operational dimension to resist continuously changing advanced security threats, especially security threats against data, and greatly reduce data security threats. Security risk of theft.
(6) Data Security Governance from a Global Perspective Needs to Promote Multilateralism Under the wave of the global digital economy, data security issues know no borders, and no country can stay out of it and be alone. Countries need to participate in and discuss a set of universal rules, manage differences with an open and inclusive attitude, continuously enhance mutual trust, establish an international cooperation mechanism for data security governance, and create a level playing field for the development of the global digital economy. my country can actively lead and participate in policies, regulations, standards and technologies, and build and expand its own data circulation “circle of friends”. Only through consultation, co-construction and sharing among countries is the correct way to solve global data security problems. .
The Links: NL10276BC28-03 BSM75GB60DLC ALLIGBT.COM
0 Comments for “Looking at data security from the “Global Data Security Initiative””