The Policy of Information Security and Anti-Virus Activities in China: The Policy of Information Security and Anti-Virus Activities in China Zhang Jian National Computer Virus Emergency Response Center Anti-Virus Products Testing and Certification Center 86-22-66211487 Http://www.antivirus-China.org.cn Zj@antivirus-China.org.cn


Agenda: Agenda The policy of information security in China Antivirus laws in China Responsibility of National Computer Virus Emergency Response Center(CVERC) Process of CVERC Introduction of China computer virus survey The actual state and trend of CVERC Punish crime that writes or distributes computer virus Problems faced by us now


Policy and regulator: Policy and regulator On june 2003, State Information Leadship Group reviewed and passed “the comments regarding the strengthening of information security safeguard works” in the group’s third meeting The National network and Information Security Coordination Team is responsible for the comprehensive coordination works of national information security safeguard


Strategic Guidelines of NationalInformation Security Safeguard : Strategic Guidelines of National Information Security Safeguard Proactive Defense Comprehensive Precaution


Proactive defense: Proactive defense Solve information security problems with the thinking of development, security amid development, and development based on security Implement the information security safeguard, on the basis of grading, classification and phase-in Strengthen early warning and emergency response, on the basis of secure defense Strengthen investigation and crack-down on illegal crimes Realize secure control of network and information system with necessary capabilities and means


Comprehensive Precaution: Comprehensive Precaution Information security comprehensive precaution system is composed of protection, detection, response and early warning Various technologies and management measures be adopted in the areas of prevention, detection, emergency response and crack-down on crimes and the aspects of law, management, operation, technology, talent, etc. Improve the overall capability of defending information security through the joint efforts of the whole society


Antivirus laws in China : Antivirus laws in China Promulgation of “Computer Information System Security Protection Ordinance of People’s Republic of China” in 1994 Promulgation of new “Criminal Law of People’s Republic of China” in 1997 Promulgation of “Rules of Computer Virus Protection and Disinfections Management” by PSM of PRC in 2000


Definition of Computer Virus in China: Definition of Computer Virus in China A set of codes programmed or inserted into computer programs, which is able to self-duplicate, harm the computer function, destruct data and affect the proper use of computer - Article 28 “Computer Information System Security Protection Ordinance of PRC”


Slide9: “Deliberately program and distribute malicious codes like computer virus etc., with the result of affecting the proper running of computer system, leads to destructive consequence ” will be punished. - “Criminal Law of People’s Republic of China”


Slide10: Promulgated according to “Computer Information System Security Protection Ordinance” No entities or individual are allowed to publish the false computer virus prevalence information Anti-Virus products testing and certification institutions should conduct timely analysis and confirmation of the submitted virus samples and report the result to Public Network Information Security Supervision Bureau Provide education and training to the computer information system operating personnel of each entities Use those computer virus protection products which obtained computer information security system product sales license -“Rules of Computer Virus Protection and Disinfections management ”


Antivirus organization in China : Antivirus organization in China National Information Work Leading Committee is in charge of information security work in China Public Security Ministry and its branch are in charge of antivirus case in China CNCERT/CC is responsible for the coordination of activities among all Computer Emergency Response Teams within China concerning incidents in national public telecommunications infrastructure networks like the Internet. National Computer Virus Emergency Response Center that belongs to CNCERT is in charge of virus emergency response work in China Anti-Virus Products Testing and Certification Center is in charge of the certification work of anti-virus products


Responsibility of National Computer Virus Emergency Response : Responsibility of National Computer Virus Emergency Response Set up the national computer virus monitoring network in China Detect and deal with the computer virus events, and submit the virus infection report to CNCERT and the department in charge of antivirus Provide solutions of the computer viruses for the users in China, instruct the user to establish and implement the antivirus countermeasure Provide technical support to related department for implementing the policies of treating computer viruses in China Provide rescue services for the computer users attacked by computer viruses in China According to the terms of law, coordinate with the Public Security Department to punish the criminal activities using computer viruses Implement technical collaboration and information exchange mechanism with local and international antivirus researching organizations Train antivirus technical and management practitioners in China Hold computer viruses prevalence situation survey Announce computer virus prediction


How to deal with new virus found by CVERC in China : How to deal with new virus found by CVERC in China - Virus Emergency Response Center will forward the virus sample to all anti-virus companies when detecting new viruses; - Anti-virus companies should provide analysis report and virus samples after finding new viruses; - Virus Emergency Response Center will provide the analysis report to CNCERT , and according to the risk level to suggest whether or not to issue virus outbreak announcement - Monitoring the new virus, if finding the information of virus writer, informing police of detection - Upgrading of software by each of anti-virus companies;


Slide14: From 2001 to 2004, hold the national wide prevalence situation survey in China for four times Hold antivirus conference two times, antivirus experts from USA, Japan, Korea, UK, Spain, Russia, Singapore, Philippine and Hongkong attended the conference for technical communion. Introduction of China computer virus survey


The top 10 viruses in China: The top 10 viruses in China


The actual state and trend of CVERC: The actual state and trend of CVERC Set up computer virus monitor network Local and international antivirus vendors become the member of computer virus emergency response team. Computer users actively submit computer virus prevalence situation. Detect and solve computer virus incidents More than 3400 rescue emails and 3000 rescue phone calls processed in 2004 For the 22 times of most emergent virus outbreak like “Mydoom”, “Netsky” and “Sasser” collaborate with computer virus emergency response team for providing virus analyzing, monitoring and solutions to computer users in China. Buildup special emergency response teams for important events and period during holidays Organize local and international antivirus vendors to set up “Computer virus emergency response team for both the NPC and CPPCC sessions” Monitor the computer virus activities during the period of holding National conference, ensure the computer security.


The actual state and trend of CVERC（Continued）: The actual state and trend of CVERC（Continued） Announce computer virus pre-caution Released 50 times of computer virus monitoring weekly news paper in 2004 Released 52 times of computer virus forecast in 2004 Establish antivirus propagandize area Collaborate with CCTV for computer virus forecast program Collaborate with Xinhuanet for computer virus forecast Hold webcast program with Xinhuanet


Slide23: Computer virus forecast on xinhuanet


Webcast of xinhuanet: Webcast of xinhuanet


The Headlline News of Xinhuanet: The Headlline News of Xinhuanet


Enhance the technical communion: Enhance the technical communion


CEO of Microsoft Great China Area: CEO of Microsoft Great China Area


Technical communion with TrendMicro: Technical communion with TrendMicro


Slide29: According to the contribution for the development of AVAR in 2003, National Computer Virus Emergency Response Center was awarded as the best membership of AVAR 2003.


Slide30: Best membership of AVAR 2003


Slide31: Cooperate with Trend Micro Incorporated and set up TrendLab China for tracing international computer virus development trends.


Slide32: Trend Lab China


Slide33: Detect virus PE_MINCER.A Detect virus “Hedong” Detect virus “WORM_MYBA.A ” Discover and detect “WORM_MUMU.A”\


The problem faces us now: The problem faces us now -New users continuously increase while lacking of appropriate security knowledge and techniques; - Lacking of a full effective computer virus protection and disinfections training course - Young people lack of legal knowledge regarding computer security -Lacking of Nation level computer monitoring and pre-caution system


Our Goal: Our Goal


Slide36: Effective punishment Insuring Recovery Celerity reaction Active Prevention Timely Find


Slide37: Thanks National Computer Virus Emergency Response Center Anti-Virus Products Testing and Certification Center Http://www.antivirus-China.org.cn Zj@antivirus-China.org.cn