The state net information department and the relevant departments in accordance with the law to fulfill the network information security supervision and management responsibilities, found that the laws and administrative regulations prohibit the release or transmission of information, shall require network operators to stop transmission, take measures to eliminate and other disposal measures, and save the relevant records; for the people of China *** and the country outside of the above information, shall notify the relevant organizations to take technical measures and other necessary measures to Blocking transmission. The State establishes a system for monitoring and early warning of network security and information notification. The state net information department shall coordinate the relevant departments to strengthen the collection, analysis and notification of network security information, in accordance with the provisions of the unified release of network security monitoring and early warning information.
1, network
Network refers to the computer or other information terminals and related equipment in accordance with certain rules and procedures for information collection, storage, transmission, exchange, processing system.
2, network security
Network security refers to the network security by taking the necessary measures to prevent attacks on the network, intrusion, interference, destruction and illegal use and accidents, so that the network is in a stable and reliable operation, as well as to protect the integrity of network data, confidentiality, availability of the ability.
From this concept, network security, including traditional network security, data security, is a wider range of network security, more focused on network operation security, information security.
3, network operators
Network operators are network owners, managers and network service providers.
Network operators is a very important concept in network security law, is the key obligation subject or core obligation subject, appeared 31 times. For example, several major telecom carriers, BAT and other enterprises, as well as network law enforcement departments in state agencies all belong to the category of network operators. Meanwhile, critical information infrastructure is also a kind of network operator.
The Cybersecurity Law removes the provision in the draft that "includes basic telecom operators, network information service providers, and operators of important information systems", probably considering that the concept of "network operator" only provides the internal meaning of the concept of "network operator" in the rapid development of the Internet nowadays. It seems to be a smarter and more timely approach to define the concept of "network operator" only in terms of its connotation and adopt an open description of its extension. It should be noted that whether an enterprise is recognized as a "network operator" depends mainly on whether the enterprise has become the owner and manager of the network information system, and whether the business of the enterprise provides various kinds of network services, especially Internet information services.
4. Network Data
Network data refers to all kinds of electronic data collected, stored, transmitted, processed and generated through the network.
5. Personal Information
Personal information refers to all kinds of information recorded electronically or otherwise that can identify the personal identity of a natural person individually or in combination with other information, including, but not limited to, the natural person's name, date of birth, identity document number, personal biometric information, address, telephone number and so on.
From the definition, it can be seen that personal information in the network security law focuses on the information of the natural person, and there is no clear definition of the information of the virtual person, such as user names, passwords, IP, MAC, time spent on the Internet, cookies and other information. Personal information is different from personal data and personal privacy, and information about the health, crime, private and other activities of natural persons is not mentioned in the cybersecurity law.
6. Critical Information Infrastructure
The state needs to protect important industries and fields such as public **** communication and information services, energy, transportation, water conservancy, finance, public **** services, e-government, and other critical information infrastructure that may seriously jeopardize national security, the state's economy and people's livelihoods, and the interests of the public **** in the event of sabotage, loss of functionality, or data leakage .
The Strategy for Cyberspace Security further specifies that the basic information networks for public **** communication, radio and television transmission and other services, the important information systems in the fields of energy, finance, transportation, education, scientific research, water conservancy, industrial manufacturing, medical and health care, social security, public utilities and other state organs, and the important Internet application systems (e.g., Alibaba, Tencent, and Baidu) are part of national critical information infrastructures, and that the 14 major industries and fields are national critical information infrastructures. The field belongs to the national critical information infrastructure.
Regulations on the Security Protection of Critical Information Infrastructure (Exposure Draft) defines the scope of critical information infrastructure more specifically. The network facilities and information systems operated and managed by the following units shall be included in the scope of critical information infrastructure protection in the event of damage, loss of functionality, or data leakage, which may seriously jeopardize national security, national livelihood, and public **** interests:
(a) government agencies and energy, finance, transportation, water conservancy, health care, education, social security, environmental protection, and public utility industry
(ii) telecommunication networks, radio and television networks, the Internet and other information networks, as well as the provision of cloud computing, big data and other large-scale public **** information network services units;
(iii) national defense science and industry, large-scale equipment, chemical industry, food and drug and other industry sectors such as scientific research and production units;
(iv) radio stations, television stations, news agencies and other news units;
(v) other key units.
Legal basis:
Article 49 of the Network Security Law of the People's Republic of China (PRC): Network operators shall establish a system for complaints and reports on network information security, publicize information on the manner of complaints and reports, and promptly accept and handle complaints and reports on network information security.
Network operators shall cooperate with the supervision and inspection implemented by the net information department and relevant departments in accordance with the law.