my country's 5G data security protection supply is insufficient, and "four steps" drive industry development

2022.05.06
my country's 5G data security protection supply is insufficient, and "four steps" drive industry development

A few days ago, China Mobile Communications Group Co., Ltd., China Academy of Information and Communications Technology, China Communications Society and Huawei Technologies Co., Ltd. jointly released the "5G Data Security Protection White Paper".

The white paper pointed out that my country's 5G and data security are both in the process of development, and the data security-related industries have insufficient supply for 5G data security protection, and put forward four suggestions for 5G data security protection.

On the one hand, my country's 5G network is still in the development and introduction period. The current industrial development policy mainly focuses on network construction and ecological demonstration. The 5G policy documents issued by various provinces and municipalities in my country include development plans, action plans, implementation plans, and base station planning and construction support policies. It is mainly committed to promoting 5G network construction, application demonstration and industrial development.

On the other hand, the development of the domestic data security technology industry is in the ascendant, the data security products, solutions and service systems are not yet mature, there are problems such as weak data security guarantee foundation, single data security product types and solutions, etc., data security technology products for 5G applications The level of protection needs to be improved.

In addition, while 5G industry alliance enterprises are open and shared, they are also under pressure to ensure subsequent investment in data security, including related infrastructure deployment and service operation costs.

In order to further promote the development of 5G data security, the "White Paper" puts forward four development suggestions and prospects:

1. Clarify the protection idea of ​​paying equal attention to 5G data security and development

The first is to unify the thinking to raise awareness, and adhere to the development idea of ​​promoting and regulating simultaneously. Implement the spirit of the Fifth Plenary Session of the 19th CPC Central Committee, and take into account 5G security and development. The development of 5G networks and applications is still in the period of construction and promotion. The relevant policy documents issued by the Party Central Committee and local governments are mainly to encourage and support application innovation. Most fields have not yet formed an industry application model that can be reused and promoted. In this context, it is recommended that 5G data security governance should adopt an inclusive and prudent strategy. While continuing to promote 5G network construction and industrial applications, it is recommended to improve the data security protection system and solve security problems during development.

The second is to implement data security throughout the entire process of network planning, construction and application development. Grasp the time window of the introduction period of 5G network construction and application development, and simultaneously implement data security management measures while network deployment and application advancement. Combined with the deployment of 5G and data security related work in the information and communication industry, establish and improve system specifications such as classification and classification of 5G data assets, important data catalogs, authority management, cooperation management, and security assessment. Strengthen the security protection of 5G industry application data, sort out a list of data assets based on typical 5G application scenarios and data characteristics, and clarify data security management measures for all parties.

2. Improve 5G data security laws, regulations and supervision methods

First, the promulgation of the "Data Security Law" marks that data security construction and supervision have entered a new era with laws to abide by and laws to abide by, but the laws and regulations related to 5G data security are still incomplete. It is suggested that on the basis of the 5G network security implementation guidelines, combined with the characteristics of 5G applications in different fields, we should further improve the cross-industry and cross-domain data security rules, and propose relevant data security protection requirements for 5G network deployment and application products in their respective fields.

The second is to establish a differentiated data security protection mechanism. Relying on network data security compliance assessment and other relevant working mechanisms, aiming at the core links involved in the data flow of 5G converged application types, urge data stakeholders to sort out and identify business data, and clarify the type of data involved, the degree of importance, the flow path and the attribution of responsibility , establish a data security protection mechanism that conforms to the application type, and strengthen data security risk assessment and problem handling.

The third is to carry out 5G fusion application data security testing and certification. Relying on industry associations and third-party institutions, mobilize vertical industry application parties, operators, third-party application developers and scientific research institutions and other forces to focus on typical applications such as "5G + Smart City", "5G + Industrial Internet", "5G + Smart Energy" Fields and scene types, jointly discuss data security risks and countermeasures, explore and carry out 5G converged application data security certification, and gradually improve the standardization and standardization of data security in various application fields.

3. Promote the development of 5G data security standards and technical research

The first is to strengthen the layout of the international standard system for 5G data security. Strengthen the work related to the international standardization of 5G data security, follow up the work of international standards organizations in a timely manner, and open up research on new technologies such as 5G and 6G data security in advance, so as to enhance my country's right to speak in the field of 5G international standardization.

The second is to promote the development of data security standards for 5G converged applications. Improve the cooperation mechanism with vertical industries, and jointly promote the security standardization of 5G converged applications in combination with typical risks in each link of data security protection in medical, transportation, industrial and other industries and the different requirements for data classification and classification in various industries.

The third is to strengthen 5G data security technology research. Driven by key projects and subject research, encourage enterprises to strengthen the research and development of data security technologies such as vulnerability mining, data protection, intrusion prevention, and traceability, and enhance the ability of independent innovation of data security technologies. By establishing talent training bases and formulating talent training plans, strengthen 5G data security and high-end integrated talent pool and team training.

4. Accelerate the co-construction and international collaboration of 5G data security ecosystem

The first is to build a supply support system for 5G data security products. Accelerate the cultivation of data security-related technology industries, carry out demonstration pilots and promotions of data security products and services, actively establish and participate in open source communities, encourage the establishment, funding, and participation in open source community projects, and promote data sharing and collaborative services between the communications industry and vertical industries. , through the innovation of investment, financing and management models and other mechanisms, promote the connection and cooperation of industry, academia and research, shorten the development cycle of data security technology innovation to commercialization, give full play to my country's 5G data scale advantages as soon as possible, and accelerate the formation of a data security industry ecology.

Second, on the basis of the "Global Data Security Initiative", strengthen communication and exchanges on 5G data security with ASEAN, G20, BRICS, APEC and the Belt and Road and other relevant countries and regions, and pay full attention to all parties' concerns about 5G The legitimate concern of data security issues, adhering to the concept of extensive consultation, joint contribution and shared benefits, and coordinating more countries with similar positions and propositions to jointly promote the construction of a 5G data security governance system.

The third is to organize enterprises, universities, research institutions, etc. to conduct in-depth research on 5G technology application scenarios and 5G industrial ecological data security protection based on the scale and development advantages of 5G data in my country, and to carry out international exchanges and cooperation on data security and personal information protection and related rules and standards. Promote the international mutual recognition of personal information protection rules in line with the purposes of the UN Charter, and enhance the international influence of the data space through the spillover effect of the rules.