第一部分 日益严峻的全球网络安全形势 7
一、网络威胁影响国家政治军事安全 7
(一)敏感信息泄漏影响政治安全 7
(二)网络攻击影响国家军事安全 7
(三)网络攻击规模将会不断加剧 8
二、网络的强依赖性导致灾难性后果 9
(一)对工业系统的攻击波及面广 9
(二)对金融系统的攻击日益严重 10
(三)核设施遭打击后果难以预测 11
(四)网络攻击造成社会运转瘫痪 12
三、网络攻击全方位威胁商业的发展 13
(一)大型关键企业是主要攻击点 13
(二)网络攻击窃取金融商业机密 15
(三)企业邮箱存在严重安全风险 16
四、网络安全关涉每一个体切身利益 19
(一)超半数网民通讯信息被泄漏 19
(二)网络诈骗侵害个体财产权益 21
(三)网络入侵危及个体生命安全 22
五、企业网络安全防护存在严重不足 24
(一)恐暴露问题而存在侥幸心理 25
(二)重自身损失而忽略社会责任 25
(三)动态防御应急缺乏相应意识 26
第二部分 WannaCry事件分析及其反思 31
一、WannaCry事件的背景及其影响 31
(一)WannaCry事件的发生背景 31
(二)WannaCry事件的空前影响 32
二、WannaCry技术分析及攻击流程 32
(一)“三位一体”新型网络病毒 33
(二)WannaCry的整体攻击流程 36
三、WannaCry与永恒之蓝关系分析 37
(一)永恒之蓝研发及泄漏的简介 37
(二)WannaCry攻击与永恒之蓝 39
(三)外国军用武器民用化的初次尝试 40
四、关于WannaCry事件的安全反思 42
(一)企业网络安全防护现存问题 42
(二)网络恐怖主义威胁逐渐显现 47
(三)网络攻击向各智能终端蔓延 48
(四)网络安全维护需国家和企业联动 49
五、WannaCry事件的法律视角分析 49
第三部分 未来网络安全热点及趋势预测 53
一、网络漏洞及其攻击威胁持续蔓延 53
(一)金融网站漏洞威胁更加复杂 53
(二)网站挂马攻击将会重新兴起 53
(三)劫持智能硬件致使隐患迭出 54
二、高级持续性威胁将会呈现新特点 55
(一)APT对基础设施的攻击日益活跃 55
(二)对特定个人移动端攻击增多 56
三、互联网应用环境安全愈加不可控 57
(一)未知威胁挑战传统检测方法 57
(二)安全事件挑战企业响应能力 58
(三)应用环境安全越来越不可控 58
(四)关键信息基础设施防护不足 60
第四部分 维护网络安全的国际行为准则 64
一、公共权力主体的行为准则 64
(一)有责任和权力维护本国网络安全 65
(二)加强漏洞管理从而减少网络威胁 66
(三)妥善应对APT攻击相关网络犯罪 67
(四)支持军民融合发展促进社会协作 68
(五)通过国内立法进行网络武器管控 69
(六)应就网络武器管控达成国际条约 70
(七)建立网络武器泄露外交通报机制 71
二、网络运营主体的行为准则 72
(一)提供安全的网络服务和运行环境 72
(二)确保网络数据和个人信息的安全 73
(三)对供应链及其员工加强网络安全教育 74
(四)以积极的态度参与网络安全建设 74
(五)建立数据驱动协同联动防御体系 76
(六)建立有效网络安全应急响应体系 77
三、网络安全企业的行为准则 78
(一)规范网络安全漏洞挖掘行为 78
(二)保障网络用户个人信息安全 79
(三)参与网络安全信息共享活动 79
(四)应对网络安全重大突发事件 80
四、网络用户主体的行为准则 81
(一)加强网络安全意识,抵御网络安全威胁 81
(二)承担依法用网责任,履行文明上网义务 82
(三)利用投诉举报机制,发挥社会监督作用 83
第五部分 维护网络空间安全的中国行动 87
一、维护网络安全法律路径 87
(一)确立科学的网络安全立法思路 87
(二)强调预防对网络安全维护的重要性 89
(三)通过法律解释合理化法律适用 89
二、加强网络安全支持力度 90
(一)通过政治决策强调网络安全重要性 90
(二)立法保障信息共享和人才培养 91
(三)提高网络安全保障的财政投入 94
三、着力培养网络安全人才 95
(一)网络安全人才培养纳入国家战略 95
(二)建立世界一流网络安全学院 96
(三)增强网络安全教育的实践性 97
四、落实网络安全保障义务 98
(一)更新服务提供者的安全理念 98
(二)强化对网络主体行为的管理 98
(三)建立网络安全责任追究机制 99
PART Ⅰ THE INCREASINGLY SERIOUS GLOBAL NETWORK SECURITY SITUATIONS 109
1.CYBER THREATS IMPACT NATIONAL POLITICAL AND MILITARY SECURITY 109
(1) LEAKAGE OF SENSITIVE INFORMATION IMPACTS THE POLITICAL SECURITY 109
(2) THE ATTACKS OF CYBER AFFECTS NATIONAL MILITARY SECURITY 110
(3) THE SCALE OF CYBER ATTACKS WILL BE INCREASING 110
2.THE HEAVY DEPENDENCY ON THE INTERNET BRINGS ABOUT CATASTROPHIC CONSEQUENCES 111
(1) THE ATTACKS ON THE INDUSTRIAL SYSTEM HAVE A WIDE COVERAGE 112
(2) THE ATTACKS ON FINANCIAL SYSTEM ARE MORE AND MORE SERIOUS 113
(3) IT IS DIFFICULT TO PREDICT THE CONSEQUENCES OF ATTACKS TO NUCLEAR FACILITIES 114
(4) CYBER ATTACKS CAUSE PARALYSIS TO SOCIAL OPERATION 116
3.CYBER ATTACKS COMPREHENSIVELY THREATEN THE BUSINESS DEVELOPMENT 118
(1) LARGE KEY ENTERPRISES ARE THE MAIN ATTACKED POINTS 118
(2) THE ATTACKS OF CYBER STEAL FINANCIAL BUSINESS SECRETS 120
(3) THERE IS A SERIOUS SECURITY RISK IN ENTERPRISE MAILBOX 121
4.CYBER SECURITY IS RELATED TO EACH INDIVIDUAL’S VITAL INTERESTS 126
(1) MORE THAN HALF OF INTERNET USERS’ COMMUNICATION INFORMATION IS LEAKED 126
(2) CYBER FRAUD INFRINGES INDIVIDUAL PROPERTY RIGHTS AND INTERESTS 128
(3) CYBER INTRUSION ENDANGERS INDIVIDUAL LIFE SECURITY 130
5.THE ENTERPRISE CYBER SECURITY PROTECTION EXISTS SERIOUS INSUFFICIENCE 132
(1) FEAR OF EXPOSURE PROBLEMS AND HAVE FLUKE MIND 132
(2) FOCUSING ON THEIR OWN LOSSES AND IGNORING SOCIAL RESPONSIBILITY 133
(3) LACK OF CORRESPONDING AWARENESS OF DYNAMIC DEFENSE AND EMERGENCY RESPONSE 134
PART Ⅱ WANNACRY INCIDENT ANALYSIS AND ITS REFLECTION 134
1.THE BACKGROUND OF WANNACRY INCIDENT AND ITS EFFECTS 139
(1) THE BACKGROUND OF WANNACRY INCIDENT 139
(2) THE UNPRECEDENTED EFFECT OF THE WANNACRY INCIDENT 140
2.WANNACRY TECHNICAL ANALYSIS AND ATTACK PROCESS 141
(1) “TRINITY” NEW INTERNET VIRUS 141
(2) WANNACRY’ S OVERALL ATTACK PROCESS 145
3.ANALYSIS OF THE RELATIONSHIP BETWEEN WANNACRY AND THE ETERNAL BLUE 146
(1) BRIEF INTRODUCTION TO ETERNAL BLUE R & D AND LEAKAGE 146
(2) WANNACRY ATTACK AND THE ETERNAL BLUE 148
(3) THE INITIAL ATTEMPT OF CIVILIAN USE OF MILITARY WEAPONS 150
4.SECURITY REFLECTION ON WANNACRY INCIDENT 152
(1) EXISTING PROBLEMS OF ENTERPRISE CYBER SECURITY PROTECTION 152
(2) THE THREAT OF CYBER TERRORISM IS EMERGING 159
(3) CYBER ATTACKS SPREAD TO THE INTELLIGENT TERMINALS 160
(4) CYBER SECURITY MAINTENANCE NEEDS NATIONAL AND ENTERPRISE LINKAGE 161
5.ANALYSIS OF WANNACRY INCIDENT FROM LEGAL PERSPECTIVE 162
PART Ⅲ THE FUTURE CYBER SECURITY HOT SPOTS AND TREND FORECAST 167
1.THE NETWORK VULNERABILITIES AND THEIR THREAT OF ATTACK CONTINUES TO SPREAD 167
(1) FINANCIAL SITES’ VULNERABILITY THREATS ARE MORE COMPLEX 167
(2) EMBEDDING TROJAN IN SITE WILL BE RE-EMERGING 168
(3) HIJACK SMART HARDWARE TO CAUSE HIDDEN DANGER 169
2.THE HIGH-LEVEL SUSTAINABLE THREAT WILL SHOW NEW FEATURES 170
(1) ATTACKS ON INFRASTRUCTURE ARE BECOMING INCREASINGLY ACTIVE 170
(2) ATTACKS ON SPECIFIC INDIVIDUAL MOBILE TERMINALS INCREASE 171
3.INTERNET APPLICATION ENVIRONMENT SECURITY IS INCREASINGLY UNCONTROLLABLE 173
(1) UNKNOWN THREATS CHALLENGE TRADITIONAL DETECTION METHODS 173
(2) SECURITY INCIDENTS CHALLENGE ENTERPRISE RESPONSE CAPABILITIES 174
(3) THE APPLICATION ENVIRONMENT SECURITY IS MORE AND MORE UNCONTROLLABLE 175
(4) LACK OF PROTECTION FOR CRITICAL INFORMATION INFRASTRUCTURE 177
PART Ⅳ INTERNATIONAL CODE OF CONDUCT FOR CYBER SECURITY MAINTENANCE 183
1.THE CODE OF CONDUCT FOR PUBLIC POWER SUBJECTS 183
(1) HAVE THE RESPONSIBILITY AND POWER TO MAINTAIN THEIR OWN COUNTRY’S CYBER SECURITY 184
(2) STRENGTHEN VULNERABILITY MANAGEMENT TO REDUCE CYBER THREATS 186
(3) PROPERLY DEAL WITH CYBER CRIMES RELATED TO APT ATTACKS 187
(4) SUPPORT MILITARY AND CIVILIAN INTEGRATED DEVELOPMENT AND PROMOTE SOCIAL COOPEIRATION 189
(5) CONTROL CYBER WEAPONS THROUGH DOMESTIC LEGISLATION 190
(6) INTERNATIONAL TREATIES ON CYBER WEAPON CONTROL SHOULD BE REACHED 192
(7) ESTABLISH A DIPLOMATIC REPORTING MECHANISM FOR THE DISCLOSURE OF CYBER WEAPONS 194
2.NETWORK OPERATORS’ CODE OF CONDUCT 195
(1) PROVIDE A SECURE NETWORK SERVICE AND OPERATING ENVIRONMENT 195
(2) ENSURE THE SECURITY OF NETWORK DATA AND PERSONAL INFORMATION 196
(3) STRENGTHEN THE CYBER SECURITY EDUCATION FOR SUPPLY CHAIN AND ITS STAFF 198
(4) TAKE A POSITIVE ATTITUDE TO PARTICIPATE IN CYBER SECURITY CONSTRUCTION 198
(5) ESTABLISH A DATA-DRIVEN COLLABORATIVE DEFENSE SYSTEM 201
(6) ESTABLISH AN EFFECTIVE CYBER SECURITY EMERGENCY RESPONSE SYSTEM 202
3.CYBER SECURITY ENTERPRISES’ CODE OF CONDUCT 204
(1) REGULATE THE CYBER SECURITY VULNERABILITY EXCAVATING BEHAVIOR 204
(2) PROTECT THE NETWORK USERS’ PERSONAL INFORMATION SECURITY 205
(3) PARTICIPATE IN CYBER SECURITY INFORMATION SHARING ACTIVITIES 206
(4) DEAL WITH SUDDEN MAJOR CYBER SECURITY INCIDENTS 207
4.NETWORK USERS’ CODE OF CONDUCT 208
(1) STRENGTHEN THE AWARENESS OF CYBER SECURITY, RESIST THE THREAT OF CYBER SECURITY 208
(2) BEAR THE RESPONSIBILITY OF USING THE INTERNET ACCORDING TO LAW, PERFORM THE OBLIGATION OF GOING ON-LINE WITH CIVILITY 209
(3) TAKE USE OF COMPLAINTS AND REPORTING MECHANISM,PLAY A ROLE OF SOCIAL SUPERVISION 210
PART Ⅴ CHINA’ S ACTIONS TO MAINTAIN CYBERSPACE SECURITY 215
1.LEGAL PATH FOR THE MAINTENANCE OF CYBER SECURITY 215
(1) ESTABLISH A SCIENTIFIC CYBER SECURITY LEGISLATION IDEAS 215
(2) STRESS THE IMPORTANCE OF PREVENTION TO CYBER SECURITY 218
(3) RATIONALIZE LAW APPLICATION THROUGH LEGAL INTERPRETATION 219
2.STRENGTHEN CYBER SECURITY SUPPORT 220
(1) STRESS THE IMPORTANCE OF CYBER SECURITY THROUGH POLITICAL DECISION-MAKING 220
(2) PROTECT INFORMATION SHARING AND PERSONNEL TRAINING BY LEGISLATION 221
(3) IMPROVE THE FINANCIAL INPUT IN PROTECTION OF CYBER SECURITY 226
3.FOCUS ON TRAINING CYBER SECURITY TALENTS 227
(1) INCORPORATE TRAINING OF CYBER SECURITY TALENTS INTO THE NATIONAL STRATEGY 227
(2) ESTABLISH A WORLD FIRST-CLASS CYBER SECURITY INSTITUTE 229
(3) ENHANCE THE PRACTICALITY OF CYBER SECURITY EDUCATION 230
4.IMPLEMENT OBLIGATIONS OF MATAINING CYBER SECURITY 231
(1) UPDATE THE SERVICE PROVIDER‘S SECURITY CONCEPTION 231
(2) STRENGTHEN THE MANAGEMENT OF THE BEHAVIOR OF CYBER SUBJECTS 232
(3) ESTABLISH CYBER SECURITY ACCOUNTABILITY MECHANISM 232