On December 8, the Cyberspace Administration of China drafted the Administrative Measures for Cybersecurity Incident Reporting (Draft for Comments) (hereinafter referred to as the "Draft") to solicit public comments. The Draft Opinion clarifies that, in accordance with the Guidelines for the Classification of Cybersecurity Incidents, if it is a large, major or particularly major cybersecurity incident, it shall be reported within one hour.
Recently, Tencent, Alibaba, Didi and other major manufacturers have successively crashed their systems, which has aroused public attention to cybersecurity incidents and made people truly feel the impact of Internet services on people's daily lives.
On the evening of December 3, the news of Tencent's "collapse" attracted attention. According to **report, Tencent**APP has failures such as the homepage cannot load content and paid VIP users can't see members**.
Starting on the evening of November 27, the Didi app began to malfunction, and services including online car-hailing and bike-sharing could not be used normally, which lasted until noon on November 28. Didi's long-term "collapse" with a wide coverage this time made many office workers late for work, and "full attendance is gone" has also rushed to the hot search.
Previously, on November 12, the news of "Alibaba Cloud disk collapsed" once rushed to the hot search on Weibo. Subsequently, ** collapsed again, Xianyu collapsed, DingTalk collapsed and other topics rushed to the hot search one after another. This incident also made the industry aware of the importance of the security and stability of cloud services.
Not only in China, but also some well-known foreign Internet companies have recently experienced downtime and other problems. For example, on November 8, OpenAI's ChatGPT (chatbot service software) and API (application programming interface) were unavailable, with a downtime of more than 12 hours.
Nowadays, people's clothing, food, housing, transportation, shopping, entertainment, medical treatment, etc. are deeply bound to various apps, and the Internet has become an indispensable part of life like infrastructure such as water, electricity and gas.
The increasing impact of Internet services, in turn, also shows that the losses and harms caused by their "collapse" are getting bigger and bigger, which has higher requirements for Internet service providers, especially large manufacturers: on the one hand, it is necessary to increase investment in security to avoid the occurrence of network security incidents;On the other hand, after the occurrence of a network security incident, it is necessary to take reasonable and necessary protective measures, take the initiative to report in accordance with regulations, and at the same time handle it in accordance with the relevant procedures of the plan, and do its best to reduce the impact of the incident.
Wang Liejun, a cyber security incident response expert and head of the threat intelligence center of Qianxin, pointed out that the longer the network security incident is delayed, the greater the harmfulness tends to be, and the subsequent fault recovery and elimination of the impact are more difficult. Therefore, the timeliness requirements for cybersecurity incident reporting are very high.
To this end, the Draft Opinion proposes that operators should promptly activate emergency response plans to deal with cybersecurity incidents in the event of a cybersecurity incident. According to the "Guidelines for the Classification of Cybersecurity Incidents", where it is a large, major, or particularly major cybersecurity incident, it shall be reported within 1 hour. At the same time, the Draft Opinion also clarifies that if an operator reports a network security incident late, omitted, falsely or conceals it, causing major harmful consequences, the operator and the relevant responsible persons shall be severely punished in accordance with the law.
In order to accurately assess the impact of a cybersecurity incident, and provide strong support for the overall coordination of subsequent response and disposal, traceability analysis, and fault recovery, the content of the report is crucial. To this end, Article 5 of the Draft Opinion clearly stipulates that the operator shall report the incident in accordance with the Cybersecurity Incident Information Report Form, including at least the name of the entity where the incident occurred and the basic information of the facilities, systems and platforms on which the incident occurredWhen, where, what type of incident was discovered, what type of incident it caused, and what impact and harm it caused;Preliminary analysis of the causes of the incident;Clues needed for the next steps and further countermeasures, etc.
In Wang Liejun's view, the "Draft Opinions" advocates and encourages relevant units to report network security incidents in a timely, complete and accurate manner, and for network security incidents that are late, omitted, falsely reported or concealed, causing major harmful consequences, they should be punished in accordance with relevant laws, which is of great significance for reporting after the occurrence of network security incidents, and can reduce the actual harm caused by network security incidents to a large extent.