Issue 005 | August 2019
Hear the Voice voice of Beijing, and build security into our DNA
Israel Top 10 Most Promising Cybersecurity Startups Israel以色列十大最具潜力网络安全初创公司 Top 10 Most Promising Cybersecurity Startups 以色列十大最具潜力网络安全初创公司
Israel? Cybertech Tel Aviv Tel Aviv? Cybertech Why Tel Aviv? WhyWhy Israel? Why Cybertech
为什么选择以色列?为什么选择Cybertech Tel Aviv 为什么选择以色列?为什么选择
Information and Trust are Your Currencies 信息和信任就是你的财富
BEIJING CYBER SECURITY CONFERENCE (BCS) AN INTRODUCTION TO OUR PARTNERS An innova ve and high-level conference Beijing Cyber Security conference (BCS) is a world-class cybersecurity conference, organized by the original team of the Internet Security Conference (ISC), to launch on August 21-23, 2019 at Beijing Na onal Conven on Center. In April of 2019, 360 Total Security withdrew its stock share to its 360 Enterprise Security, led the change of its name as Beijing Qi An Xin Technology Co Ltd, and its ISC brand name was kept by 360. However the original team owning the core content of conference has stayed within the Qian Xin Technology Co., meaning the 2019 Beijing Cybersecurity Conference can be er service our customers with the same level of clients services. Many years of accumulated enterprises data, thousands of previous visitors database, and accumulated highprofile industry clients/partners rela onships will be the most advantages possessed. The event will be launched at a good star ng point and high standard for Beijing Cyber Security (BCS) conference in 2019.
The state-level by the central enterprise China Electronics China electronics, directly managed by the central government and the largest state-owned central IT enterprise, will join in the Beijing Cybersecurity Conference (BCS) as a part of the organizing commi ee. Its par cipa on will mo vate central enterprises, public listed companies, large central enterprises and government agencies to get involved. Its established authority and penetra ng influence among the governmental and enterprise companies will be an addi onal asset to the success of the BCS event. Beijing is the center of our na on and one major metropolitan city in the world, thus a conference starts with “Beijing” is second to none. BCS is a security conference represen ng China, listening/reaching out to the world. It is also a security conference that applies to the strategy of building a strong cyber governance na on and promote the transforma on of digitalized economy. Its mission is to develop a “Davos” alike forum for the global cyber security community.
A world-class conference significant in depth-and-breadth “Without cyber security, there will be no na onal security”. The safety of the cyber space has been elevated to the level of na onal strategy. From the global security perspec ve, we believe the need to evolve this conference from “Internet security” to a much deep and comprehensive “network, cyber security”. From a large and mul -dimensional angel, a full range of protec on is necessary for na onal network security, enterprise network security and personal network. Therefore, we define this security conference to be an upgrade version of ISC, with a new iden ty as Beijing Cyber Security (BCS) conference.
Beijing Cyber Security (BCS) introduc on Beijing Cyber Security Conference will be held at the Beijing Na onal Conven on Center on August 21-23, 2019. The conference is going to hold 3 interna onal summits and 20 forums, a rac ng industry experts from around global, countries such as United States, Israel, Russia, Netherlands, United Na ons, and European Union. Thousands of honored guests from more than 20 different countries and regions along with the Belt and Road Ins tutes will be present. The keynotes sessions will cover a wide range of topics, such as na onal security strategy, latest industry trends, advanced cyber technology and solu ons, to be delivered by top scholars, industry leaders, experienced technical experts. The par cipa ng companies will range from large enterprises such as Petro China, Sinopec, State Grid,, China Electronics, Alibaba, Tencent, and Baidu, to academia and ins tu ons such as Chinese Academy of Sciences and Chinese Academy of Engineering,
We an cipate an overall of 50,000 par cipants during the three days of the event. Come and join us for this large scaled and must-a end industry event! 2
www.qianxin.com
Issue: 005; August 2019
卷首语
世界无限大,也繁耀复杂。这里有太多的微妙,
太多不理解,太多神奇。神奇这些自制自律的运
行。这些历代累积衍化生成的自控,有效的防范,那就是我们自身抵御外界攻击的免疫。这使我联 想,网络的安全是否也可以衍生这种自身生成的内制自控? 我们生活在网络的大数据新时代,关联紧密,一个无限网, 一个虚拟的场景。现实和虚拟的互 动,越来越紧密,界限也越来越模糊。这种转变带来前所未有的效率及生活的便捷,但也随之带来了 复杂的安全隐患。 布鲁斯说,我们生活在一个强大的计算机系统之中。手里拿的,眼里看的,路上行的,生活上用 的,都离不开这个强大的计算功能系统。安全有了新的涵意,成为影响我们生命和财富的必要。 思科的布拉德说,是什么叫首席安全官彻夜不眠,是众多隐患的未知。应急响应中心的首席董事 克里期说,隐患无所不在,时刻会发生,防御的关键在于你是否要有所准备,不断训练提高你的应对 能力,防患于未然。不打无准备之仗。如果你没有准备,就是准备失败。 不论是个人,企业,还是国家,都会在不同的层面上建设安全机制。随着网络时代的发展,数据 经济的转型,安全在新的维度产生了新的涵意和场景。哈佛大学法律教授吉尼说,各国依靠网络空间 收集国家情报,提高企业竞争力,改善经济和全体公民生活质量,因此降低网络风险对一个国家的繁 荣至关重要。但网络空间各方利益和责任的相互交织,带来了相互予盾和挑战。 观潮网络空间论坛主席,退役将军,郝叶力部长,提出“三视角”理论,国家,国际,国民,三 者利益,责任,聚焦共视。运用多维思考的的方法破解网络空间的难题。 我们由此创办这一期,“亚洲网络”分享许多行业专家的见解,及行业的最新动态。希望给您带 来更多收益。
孙玉萍
Issue: 005; August 2019
3
LET'S GET
SOCIAL! Let CYBER SPACE ASIA and CyberAsia help you improve your social network: global trade events, monthly print magazine, weekly email marke ng, video promo on, and daily social media posts.
4
Issue: 005; August 2019
Publisher’s note
Dear Readers, With good reason, we often are amazed by our human body’s complexity and delicate immune mechanisms in place to protect from outside attacks. We are left to wonder how this built-in mechanism has evolved, and how we can take this evolutionary approach into building our cyber defense. We live in a digital time of continuous innovative technologies, worlds divided between the virtual and the physical presence, and the increasing integration of the two. New and revolutionary technologies have brought conveniences and efficiencies to our lives, while simultaneously presenting threats in security. As the “evangelical” of cybersecurity, Bruce Schniner, has said: We live in a world of physically capable computers. Computer security is no longer about data. It’s about life and property. Most industry insiders would agree with this. Bret Hartman, CTO of CISCO, told us what that what keeps him awake at night are the “unknowns” and that security has become more of a continuous journey, rather than a destination. Chris Gibson, Executive Director of the Forum of Incident Response and Security Teams (FIRST), poignantly pointed out that “no preparation is preparation to fail.” In other words, you need to exercise your muscles to deal with the threats, as these unknown threats are unavoidable. In our new digital era, security carries new meanings and importance within the various social structures, such as nations, enterprises, and private citizens. Cyber strategy becomes critical, for example, for nations in building their capabilities to protect infrastructure and motivate economy to enhance the quality of life, said Ginny Greiman, Senior Advisor and Chair at the Centre for Strategic Cyberspace and International Studies (CSCIS). The question becomes, how to govern and comply with international “norms” by nations for a peaceful global cyber community? Retired General Hao, President of Guanchao Cyber Forum, puts forth a three-perspective theory, looking at the issues from three different angels in order to seek common ground and negotiate differences. In conclusion, we put together this issue of CyberAsia to share the industry’s latest trends and thoughts. I hope you enjoy reading and come away armed with new knowledge and “muscle” to help you along your cybersecurity journey.. Happy reading and stay cool in the hot summer. Ms. Sunny Sun Publisher
Issue: 005; August 2019
5
目录
Table of Contents 行业趋势 五大威胁网钓排第一 2019上半年安全回顾
8
CEO风采
是什么 让CISO 彻夜难眠? 对话思科全球安全业务首席技术官 Bret Hartman 大数据“核心数据” 安全综合治理的实践与构想
40
10
Chris Gibson FIRST 事件响应和安全团队论坛执行董事
没有准备就是准备失败
12
孙以强 北京嘀嘀无限科技发展有限公司 安全产品专家
身份验证的安全性
15
网络创新 & 初创企业
29
中国网络安全100强 Gene Yoo, Resecurity CEO
网络战略
捕捉PB级数据,打击暗网犯罪
33
Virginia A. Greiman 战略网络空间+国际研究中心(CSCIS)高级顾问
国家网络战略 在网络空间安全中的作用
18
2019年最具潜力的10家以色列 网络安全初创公司
34
郝叶力 中国国际战略学会国家创新与发展战略研究会
三视角下网络主权的对立统一
从国家总体安全观到5G产业安全战略
6
21 26
网络大会 为什么选择以色列? 为什么选择Cybertech Tel Aviv
38 Issue: 005; August 2019
Industry Trends Chris Gibson, Executive Director, Forum of Incident Response and Security Teams (FIRST)
Failing to Prepare is Prepara on to Fail Cylance Lists 5 Top Threats in 2019
43 46
Bret Hartman
Cyber Strategy Virginia A. Greiman Senior Advisor, Centre for Strategic Cyberspace + International Studies (CSCIS)
The Role of Na onal Cyber Strategies in Cyberspace Security
CEO Corner
Vice President and Chief Technology Officer, Security Business Group Cisco Systems, Inc.
67
47
General Hao Yeli (retired) President of Guanchao Cyber Forum
Cyber Governance’s Unity and Opposi on: A View of Three Dimensional 51 Perspec ve Theory
CISCO’s TALOS - an elite group of security experts devoted to providing superior
70
Qi Xiang Dong, Qi An Xin Technology Company
Global Cybersecurity, Listen to the Voice of Beijing
72
Cyber Innova on & Cyber Start-Ups Forbes Cited the Top 10 Cybersecurity Companies to Watch Top 100 Cyber Security of China
53 56
Notable Early Stage U.S, Cybersecurity Rounds In 2019
59
Israel Top 10 Most Promising Cybersecurity Startups
60
Cyber Event Sunny Sun
Informa on and Trust are Your Currencies
74
Why Israel? Why Cybertech Tel Aviv?
78
Gene Yoo, Resecurity CEO
Indexing the Dark Web by 2020
Issue: 005; August 2019
65
7
行业趋势
五大威胁 网钓排第一 2019上半年 安全回顾 当下在网络 当下在网络黑市上不断有新式网络钓鱼工具包出现并 被贩卖。可以预 被贩卖。可以预期 被贩卖 可以预 被贩卖。可以预期未来一段时间,更高级、更易用的网络 钓鱼工具包 钓鱼工具包还会出现。而随着此类工具包的泛滥, 网络 网络钓 钓 网络钓鱼将成为一种更危险的攻击手法。
远程访问攻击抬头 远程攻击越来越多,而且越来越 复杂。2018年远程访问攻击的主要类型 之一是以加密货币所有者为目标的密码 进入2019年各种安全漏洞依旧 全 层出不穷,仅前三个月披露的安全 期增 漏洞就达到了5501个,较2018年同期增 络攻击 长了1%,而基于各类漏洞发动的网络攻击 钓鱼威胁更 在上半年里也持续增长,其中网络钓鱼威胁更 甚,位列第一。下面我们将最为迫切的五大网络攻击 威胁汇总出来,供各企业在网络防护中参考。
高级钓鱼工具包将现 如今每1秒都有4个新的恶意软件样本被创建出来。 而由于钓鱼攻击的效率,其仍然是最成功的攻击手段之 一,因为大多数钓鱼网站只在线4到5个小时。并且网钓
劫 劫持。另一种常见的远程攻击则威胁到 边 边缘的终端设备。 根据威胁情报数据库,远程访 问攻击是网络中最常见的攻击手段 之 。骇客瞄准 之一。骇客瞄准计算机、智能手 机、IP摄像 机、IP摄像头和NAS(网络 连接存 连接存储)设备,因为 这些工具通常都需 要 要打开端口并将其 转发到外部网络 或互联网。
会被误认为是一种低风险的攻击类型。有统计显示,报 告遭到网络钓鱼攻击的用户仅占17%。有鉴于此,只有 65%的URL被认为是可信的,这就给在线用户和任何企业都 带来了压力。
8
Issue: 005; August 2019
智能手机成攻击跳板
AI被用于攻击
在针对智能手机的攻
现在众多行业开始使用机器学习
击中,都与不安全的浏览(
(ML)和人工智能(AI)来实现流程自动
如网络钓鱼、鱼叉式网络
化,并提高整体性能。网络犯罪者自然也不
钓鱼、恶意软件等)有关。
例外,将AI用于攻击。这就出现了一种新局
据RSA统计,有超过60%的
面:越来越多的网络安全公司开始实施AI驱动
在线欺诈是通过移动平台完成 动 的,80%的移动欺诈是通过移动
的 的算法来防止威胁,但骇客也在利用AI将攻击 变得更加有效。
成的。 APP而不是移动Web浏览器完成的。 保存在智 智能 用户通常会将所有信息保存在智能
鉴于AI系统的自动化、可扩展性,加 之匿名并且廉价,都助长了攻击者的应用 气焰。比如, 气焰。比如,骇客使用各种逃避方
手机上,这一情况增加了设备丢失或被盗时的安
法来避免 法来避免被发现,而AI会有助
全风险。此外,由于大多数人使用手机来管理金
于优 于优化这一过程。AI还可
融业务,或在家庭网络之外处理敏感数据,因此智
以 以帮助创建能够通过常
能手机已成为各类威胁的新跳板。
规安全过滤设备的内
物联网设备弱点频曝
容,例如电子邮件,
据Gartner预测,到2020年底消费物联网
这些AI撰写的邮件与
(IOT)行业预计将增长到70多亿台设备。然而大
人类写的邮件几乎无
批消费者并不认为物联网设备存在漏洞,因为其中
差。 另外,虽然社会
大量的设备并没有用户界面,这就降低了用户的警戒
工 工程是最流行的黑客技
心。但实际上,这些物理网设备却在不停地收集或管
术之 术之一,但要正确实施却
理用户的数据。
需要很 很多 需要很多时间。而AI不仅可以
更主要的是,这些物联网设备不仅收集有价
帮助收集信息 息 帮助收集信息,还可以通过写电子邮
为攻击者发起 值的用户数据,它们也可能成为攻击者发起
件或打电话给潜在的受害者进行确认。应
攻击的帮 分布式拒绝服务(DDOS)攻击的帮 了避 凶。这是由于物联网设备商为了避 物 免增加制造和维护费用,在物 联网设备的设计上并不完善,
该说,随着AI驱动技术的演进,在网络攻 击中利用AI将成为一种更加流行和危险的趋 势 势。
常常忽视安全防护所致。
结束语
根据最新的威胁情报数 据显示,在物联网设备经历
掌握最新的网络威胁态势是改进企业网
的所有攻击类型中,46%是
络安全流程,以及抵御恶意攻击的第一步。
远程访问尝试,39%会用于检
在 在2019上半年度,上述5大威胁需要引发各企
设 测行为模式。随着家庭连接设
业 业的重点关注了。
可能 备的指数级增长,这些威胁可能 会进一步增加。 文章来源:中关村在线 郑伟
Issue: 005; August 2019
9
行业趋势
大数据“核心数据”安全综合治理 的实践与构想 深圳昂楷科技有限公司 安全威胁渗透在数据生产、采集、处理和共享等大数据产业
摘要:
链的各个环节,风险成因复杂交织,既有外部攻击,也有内 部泄露;既有技术漏洞,也有管理缺陷;既有新技术新模式 触发的新风险,也有传统安全问题的持续触发,故对大数据进 行安全防护变得更为重要。 总的来说大数据安全基本来说分三点,其一,是对大数据 平台传输、存储、运算等资源和功能的安全保障,包括传输交换 安 安全、存储安全、计算安全、平台管理安全以及基础设施安全。 其 其二,是对数据本体的保护,如采用脱敏或加密技术对数据进行 保 保护,根据数据分类,对数据提供不同等级的保护。其三,是对流 动 动中的数据进行安全保护。数据的流动不仅仅是物理层的载体传
随
着社会信息化以及互联网的发展,数据呈现出爆发式
输,更在于数据在不同组织、部门和业务之间的流动带来的风险。
增长,“大数据”也成为IT、DT领域关注的热点,并
数据的核心价值在于流动过程中参与分析与运算带来的增值,而非
逐渐渗透到国家治理、经济运行、社会生活等各个领
仅仅已有的信息价值,数据流动中带来的许多风险很难只在载体这
域,为人们提供了前所未有的机遇,同时大数据也面临着威胁和安 全问题,成为业界关注的核心。
一、大数据安全面临的难题和挑战 大数据在数量规模、处理方式、应用理念等方面都呈现出与
个维度看到或解决。 当前大数据安全面临的难题和挑战主要是以下四方面:1.大 数据因其蕴藏的巨大价值和集中化的存储管理模式,使其更易成为 网络攻击的显著目标。大数据不仅意味着海量的数据,也意味着更 复杂、更敏感的数据,这些数据会吸引更多的潜在攻击者。
传统数据不同的新特征,有着体量大、结构多样、时效强等的特
2.大数据共享交换,会带来数据滥用、权属不明确、安全监
点,并且随着数据量不断增大,数据的价值不断显现,但是大数据
管责任不清晰等风险。大数据应用过程中,数据会被多种角色用户
10
Issue: 005; August 2019
所接触,大数据的共享交换、交易流通过程中,会出现数据拥有者
控制与数据安全的实际需求,加强了内部运维操作行为监管,避免
与管理者不同、数据所有权和使用权分离的情况,从而会带来数据
核心资产数据损失,全面保障数据安全。
滥用、权属不明确、安全监管责任不清晰等安全风险,将严重损害 数据所有者的权益。
这些都是实际应用案例中的大胆实践,实践出真知,大数据 所面临的安全和挑战需采用综合的治理方案。
3.开放的分布式计算等大数据新技术和架构使得其边界变得模
三、大数据安全未来发展建议
糊,传统基于边界的安全保护措施不再有效。同时新形势下的高级 持续性威胁(APT)、分布式拒绝服务攻击(DDoS)、基于机器
大数据平台数据量大、业务高发并且承载很多关键业务,需
学习的数据挖掘和隐私发现等新型攻击手段出现,也使得传统的防
要高可靠性、高性能作保障,需要处理好业务、安全之间的平衡关
御、检测等安全控制措施暴露出严重不足。
系,需先从数据全生命周期视角,从行业应用视角,看清楚业务运
4.Hadoop架构下的hbase、hive等大数据技术以及 Mongodb、Spark等大数据平台,这些平台和技术在设计之初,大部
行的数据安全需求、问题,然后构建可管、可控的安全能力,总的 要求是抓住核心数据安全问题。
分考虑是在可信的内部网络使用,对大数据应用用户的身份鉴别、
结合实际案例应用,同时在符合政策法规如等保2.0、DSMM
授权访问、密钥服务以及安全审计等方面考虑较少。即使有些软件
安全评估下,接下来将聚焦于大数据本身面临的安全威胁,从大数
做了改进,如增加了Kerberos身份鉴别机制,但整体安全保障能力
据平台安全、数据安全和敏感信息安全三个方面展开分析,确定大
仍然比较薄弱。同时,大数据应用中多采用第三方开源组件,对这
数据安全需求。
些组件缺乏严格的测试管理和安全认证,使得大数据应用对软件漏 洞和恶意后门的防范能力不足。
二、难题与挑战之下的实践 针对上述大数据面临的挑战,不少政企厂商都积极寻找适宜 的安全解决方案。
安全是发展的前提,必须全面提高大数据安全技术保障能 力,进而构建贯穿大数据的综合防御体系,(一)是建立覆盖数据 收集、传输、存储、处理、共享、销毁全生命周期的安全防护体 系, 可综合利用数据库审计、数据脱敏、数据库漏扫、数据库状态 监控、数据加密、分类分级、水印等技术,与系统现有网络信息安 全技术设施相结合,形成整体完善的数据安全防护体系。
例如某省公安网安总队网综平台需要对各种上网数据进行分
(二)是通过“精准可视、安全可控”的理念,可以采用以
析监控,该平台采用了Hadoop大数据技术框架,有近千台服务器
数据安全综合治理平台为核心的解决方案来提升大数据平台本身的
集群、系统有多种数据库类型:Hbase、Solr、mysql、MongoDB,有
安全防御能力,引入用户和组件的身份认证、细粒度的访问控制、
结构化和非结构化数据,需要实现数据全生命周期的安全管理。在
数据操作安全审计、数据脱敏等隐私保护机制,从机制上防止数据
此种情况下,由于该网综平台的数据高度集中且敏感,需严密防护
的未授权访问和泄露,同时增加大数据平台组件配置和运行过程中
对数据的滥用、误用和泄露;同时接触系统的人员复杂,数据交互
隐含的安全问题的关注,加强对平台紧急安全事件的响应能力。
复杂,需对数据的采集、清洗、存储、使用,传输、共享、销毁,
(三)是实现从被动防御到主动检测的转变,借助大数据分
全生命周期进行监控防护。后通过部署大数据安全监管平台、数据
析引擎、人工智能等技术,实现自动化威胁识别、风险阻断和攻击
库审计系统、数据库堡垒实现了数据全生命周期的安全管理,又可
溯源,从源头上提升大数据安全防御水平,提升对未知威胁的防御
满足多样化的数据安全需求,减少重复建设,同时实现了全面监控
能力和防御效率。
各种访问方式,如hue操作、Hive工具等;PB数量级下全面审计, 不漏审、不误审。
四、结语
此外大数据加快了数据价值的挖掘与应用,与此同时伴随着
本文围绕大数据的整个生命周期,阐述了大数据安全面临的
数据信息价值以及可访问性提升,使得数据库面对来自内部和外部
挑战,及高价值核心数据的安全防护,从大数据平台安全、数据安
的安全风险大大增加,现有数据库类型多而杂,有结构化和非结构
全、敏感信息安全几个维度综合考虑大数据安全防护,从数据全生
化数据,需要实现数据全生命周期的安全管理。在此难题之下某省
命周期的视角分析数据流动、共享的业务场景,提取出数据安全的
国家安全厅采用数据库审计与运维审计组合方案,两者相互弥补,
关键需求,并构建核心数据的安全综合治理方案。
数据库审计发现问题,且通过堡垒机中断对数据库的连接操作。
随着对大数据的广泛关注,有关大数据安全的研究和实践也
整个方案弥补了该国安厅的安全防御能力的短板,对核心数据的访
已逐步展开,包括科研机构、政府组织、企事业单位、安全厂商等
问操作事前规划预防,事中实时监视、违规行为响应,事后合规报
在内的各方力量,正在积极推动与大数据安全相关的标准制定和产
告、事故追踪溯源。通过一整套的安全解决方案,满足了内部管理
品研发,为大数据的大规模应用奠定更加安全和坚实的基础。
Issue: 005; August 2019
11
行业趋势
没有准备就是准备失败 Chris Gibson FIRST 事件响应 和安全团队论 坛执行董事
框架就是最常用的模型之一(还有其他的框架模型)。NIST 衡量五个领域的成熟度 - 识别、保护、检测、响应和恢复。 只有在这五个领域都具备能力和成熟度的组织才能 真正准备好并能够应对复杂的网络攻击。 许多组织发展计算机安全事件响应团队(CSIRTs) 来响应安全事件。这些团队遵循广泛理解的方法,为事件 做准备,检测、分类和分析事件,努力去遏制和修复问 题,最后执行通常包括事后分析的事件后活动。即使你的 企业规模很小,无法对其进行专门的投入,你也可以做一 些事情让组织能更有弹性地应对突发事件。
为安全事件做准备 制定一个明确的事件负责人。在响应过程中,需要 跨多个团队进行协调,包括安全、IT、工程、运营、法 律、人力资源和公共关系。在大多数情况下,技术响应工 作不会全部由一个团队来进行。但是,可以通过在组织内 部明确一个权威来负责定义将要遵循的流程,并着重在事 件发生前规划这些团队间的合作,从而使组织受益。 论防御水平如何,一个组织很有可能在其
管理信息差。提前指定一个沟通负责人,该负责人
生命周期的某个阶段面临某种类型的网络
需与事件负责人密切合作,并努力满足整个组织的第三方
安全事件。在毕马威2018年全球CEO展望
信息请求。在事件发生期间,将会有大量的信息请求,要
中,一群具有代表性的高级领导者将网络安全威胁列为他
有一个小团队实际调查和开发可交付成果。有一个经常被
无
们企业未来增长的第二大风险。许多来自世界各地的政府 网络安全战略强调了这一点,在这些国家中,网络安全威 胁被认为是对国家安全和繁荣的重大威胁。然而,许多历 史漏洞表明安全事件是可以避免的。而且如果管理得当, 一个组织对安全事件的积极响应可以向合作伙伴和客户表 明该组织非常重视安全问题。 企业领导者可以在网络安全方面进行广泛的安全投 资,包括预防、检测以及事件响应。但在每个领域确定合 适的投资水平通常很有挑战性,因为每个领域都很重要, 并且都有助于提高组织抵御网络威胁的能力。 有许多模型可以用来帮助衡量一个组织应对网络攻击 的能力,从而帮助决定应该在哪里进行投资。NIST网络安全
12
Issue: 005; August 2019
执行一个桌面演练,了解你的组织将如何处理相同的事 件,至少你会发现你还需要解决的问题。演练应该是定时 的,并涉及到不同的参与者,重要的是组织的高级成员( 直到高级管理人员)以及技术和其他员工参与其中。这样 当真实的事件发生时,这种“肌肉记忆”是非常宝贵的。
有效地应对和管理风险 频繁和尽早地沟通。当安全事件被公众所知时,即 使是你只能说明你正在调查,也要尽早地承认事件。这有 助于确保受影响的各方知悉你已了解并开展了工作,并将 成为未来的信息来源。定期提供更新有助于确保你们的节 奏,这样合作伙伴和客户就会定期回来,并且他们也不会 愿意去寻找其他有可能是不可靠的信息来源了。 要诚实坦率。当沟通不顺畅和不被理解的时候,或 忽视的部分,那就是记录每一个决策的细节。当你希望在 事件发生后执行事件分析时,要回忆事件的确切时间线可 能非常困难。再加上现在我们看到的许多事件极其复杂, 要明确时间线这几乎是不可能。 你的团队需要与事件响应团体建立好关系。在事件 中有效的合作是基于信任。当事件发生时,你再去构建信 任关系就已经太晚了。你的团队需要提前与业务合作伙 伴、国家CSIRT和服务供应商进行互动。需要加入该领域 的相关组织,在会议和行业工作组中与各方的安全团队见 面,或者使用现有的机制(如供应商评审流程)尽早确定
者对方觉得你没有表达实际发生的事情时,你可能就会失 去最终用户的信任。要根据用户的技术水平清楚地写下真 实情况,但不要言过其实。当最终用户因为你的缺口而面 临风险时,你需要跟用户说明清楚。 不要忘记最基本的东西。“如果这种情况发生在另 一个系统上,会发生什么”这是有价值的思考,但是你应 该首先关注你的团队需要尽早解决的关键问题。优先级 较高的问题通常包括:“入侵是何时发生的”以及“哪些 客户数据受到影响”。如果未能就事件的影响达成基本共 识,那么有可能会导致后期的延误和混乱。
和跟踪正确的联系人。 拥有外部法律、公关和技术支持。有些技术技能也
事件发生后
许是你的团队或缺的,它们可能包括法律、公共关系和技
研究并记录你的反应。处理安全事件时,最重要的
术支持,比如危机管理或磁盘取证。你需要在安全事件发
阶段就是“事件后分析”。所有事件的发生几乎是不可能
生之前就要找到这些服务的提供商并签署预约。
防止的,因此这是一个机会来审查这一事件发生的原因并
研究适用的报告要求。你可能已经向客户承诺,当 数据泄露时,你将如何快速地通知他们。就算你还没作 出承诺,现在各种法律报告规定都已经生效,例如GDPR 规定组织通常有72小时的时间来收集相关信息并向适当的 监管机构报告 – 或者欧盟NIS指令,特定的数字服务提供 商必须“毫无拖延地”报告。你需要与你们的法律团队合 作,提前了解每项要求,以便你的事件响应流程将其考虑 在内。 演练,演练,再演练。安全演练只有在你达到一定 程度的成熟时才重要,这是一个常见的误解。事实上,演 练从一开始就有回报。演练一个影响到其他组织的案例,
Issue: 005; August 2019
13
行业趋势
找出改进方法。要问“五个为什么”:每次你认为你对事
采取这些行动之后,你的组织将能够更有效地响应
件的发生原因都有了答案时,就要求一个更深层次的根本
安全事件。最后,在供应链环境中考虑你的组织。大多数
原因,直到你达到至少五个级别的“为什么”。要解决所
组织关心的是客户信息的泄露,但是更长期令人担忧的可
有层面的问题,并专注于更深层次的问题,因为如果这些 问题不加以解决,它们将导致未来的其他事件。 永远不要让一个好的事件白白浪费掉。一个事件有 两个积极的好处:第一,它清楚地说明了需求和影响;事 件的发生往往是获得额外投资以防下一次事件发生的最
能是你的产品和可交付成果对其他组织的影响。如果你是 作为销售硬件和软件的B2B供应商,或者提供中断时会影 响关键基础构架的服务,那么狭义定义的数据泄露可能不 是你最关心的,而你将要分析和解决不同的风险。
好时机。确保清楚地传达你的安全程序需要什么才能更有 效,并创建后续计划以获得组织里高层的支持。其次,你 工作中的每个事件都可以帮助你获得有关你的流程和组织 的更多信息:你的系统如何互动,更重要的是,你的人员 如何互动。 分享你的学习经验。作为一个团体,只有积极分享 我们遇到的网络安全问题的信息,我们才能更有效应对。 航空公司之所以如此安全,正是因为每一次故障都要经过 仔细审查,并与他人详细分享,而且不管最初是谁受到影 响,航空公司都会制定行动计划。通过分享你的学习,其 他团体成员有机会学习,互联网才能成为社交和开展业务 更安全的地方。
FIRST有四个主要目标: 每 个FIRST成员都可以在任何事件中成功找到一个
FIRST成员,就算是在其他国家和行业中也如此。 FIRST将继续投资于其他行业和地区的外展活动; 此外,FIRST确保使用FIRST的CERT目录,并且可 用于查找其他FIRST成员。 FIRST团队是可依赖的。FIRST成员对方法和问题有共
同的理解。 我们致力于确保FIRST成员可以信任其他FIRST成 员至少已达到最低限度能力水平。我们将投资于
关于FIRST 事件响应和安全团队论坛(FIRST - www.first.org)可 以在这方面提供帮助。FIRST是莫里斯蠕虫(这是另一个 故事)爆发后的1990年创建的,旨在使各方能够相互协
培训和教育,以确保所有成员之间的知识共享是 有效、全面和一致的。 当FIRST成员互相信任时,他们就拥有了一个可用于自
动共享的工具集。
作、协调和相互学习。从一个只有15个团队的小团体发
为了改善协作,FIRST将支持其成员开发共享工具
展到现在全球大约500个团队。团队来自各个领域 – 民
和标准,以便他们能够高效可靠地共享信息。
族、国家、国际公司、学术界、区域团队。所有这些团队
FIRST成员可以在有利于他们使命的环境中工作。
都明白,当组织一起工作并互相帮助时,我们会变得更
FIRST成员的工作越来越受到立法和政策的影
好。FIRST是一个热情的群体。FIRST的成员都有这么一个
响。FIRST寻求与政策制定者合作,对其成员的需
共识,那就是在事件发生期间的合作是必不可少的,因此
求进行培训教育。
他们通常非常乐意为各个国家乃至竞争对手提供帮助。开 展这项合作的一个好机会是参加一年一度的FIRST会议,
如果您想了解更多关于FIRST的信息,请访问我们的网站
目前该会议也向非成员开放。
(www.first.org)或通过FIRST -sec@first.org与我们联系。
14
Issue: Issue: 005; 003; August April 2018 2019
身份验证 的安全性
孙以强 北京嘀嘀无限科技发展有限公司 安全 产品专家
数字化对每个人生活的影响越来越深入,每天都有
文希望能从现阶段身份验证的特点入手,和大家探讨如何
各种系统需要登陆,个人邮箱、公司网站、社保账号、银
利用各种身份验证手段相互交叉多重验证,抛砖引玉,共
行APP、公司进门、幼儿园接送孩子。在所有系统登录及
同审视身份验证安全这个“水桶”的边沿。
获权的场景下,都涉及同一个问题,身份识别和验证。也 就是如何向系统证明“你”是“你”,或如何让系统知 道“你”是“谁”,并且根据“你”的权限,提供对应的 服务和信息。
多因素交叉验证: 多源异构交叉验证:
身份验证也经过漫长的发展进化。从早期用来开锁
多源异构多因素验证是指利用多种类型的验证手
的钥匙,到登陆邮箱的账户密码,再到现在随处可见的刷
段对同一用户进行复合身份验证,包括但不限于采用门禁
脸开门和刷脸支付。可以看到身份验证的方式越来越数字
卡、密码、刷脸、指纹、掌纹掌静脉、虹膜、声纹等验证
化,越来越便捷,但便捷的同时也面临着诸多新挑战。本
方式中的2种或更多种。但在设置验证方式的时候需要考
Issue: 005; August 2019
15
行业趋势
虑便捷性的损失,需要根据安全等级需求设置与之相匹配
因素越多,不法分子的违法成本和违法门槛就越高,系统
的身份验证方式。
就越安全。
举例来说,目前很多公司开始采用刷脸门禁,这给 员工进出公司带来了极大的便利性,但如果是一个重要保
多用户交叉验证:
密单位,单靠刷脸开门,则可能存在一定的隐患。尽管目
对于保存重要财务和信息的场所,从古时候起就出
前针对人脸假面攻击的算法已经相当优异,能够检测出绝
现了多把钥匙开门的保障措施,随着信息化发展慢慢演变
大多数的假面欺骗,但是仍很难做到100%检出。所以对
成多张门禁卡开门,多张人脸开门,这其实是把“人”作
于高安全等级的场所和系统,可以考虑用多种身份因素组
为横向交叉验证因素的多因素身份验证方式。这种多用户
合验证的方式,例如:
交叉验证是为了避免某个个体发生不受约束的不当行为,
刷脸+刷卡+密码验证方式:这是目前很多高安保等 级场所采用的方式,但是刷卡+密码毕竟耗费时间,用户
对于高安保等级场所和系统来说,采用多用户交叉验证的 方式将起到更高的防护效果。
体验不够好。所以,未来是否有更安全同时又更便捷的方 式?比如: 刷脸+声纹验证方式:曾经科幻电影里演的那样将刷
验证源的防伪:
脸和声纹配合起来使用的方式,现在已经开始有部分场景
单信息的真实性:
的落地应用。用户站在摄像机前面刷脸,同时发出“身份
上文讨论的是多源异构多因素验证的组合方式和
验证”声音或说出自己的姓名进行声纹验证,当刷脸和声
有效性,那进一步细究,如何保障每一种验证因素本身的
纹验证都通过,才能登陆系统。
真实性呢?
刷脸+虹膜验证方式:随着摄像机成像质量的不断提
以刷脸验证为例,假设某个高安保等级场所设置
升,利用摄像机同时采集人的面部特征和虹膜特征也变的
的身份验证方式是刷脸+刷卡+密码,这里面的三个因素
可实现。
中,每一种都是可能被伪造的。密码可能被偷窥或窃取,
多种验证因素交叉验证的组合方式有很多,不一一
门禁卡有可能是复制的或偷来的,刷的“脸”有可能是打
列举,总之,结合生物活体特征,且同时采用的多源异构
印出来的合法人员的脸部照片,或者平板电脑上显示出来
16
Issue: 005; August 2019
的合法人员的脸部照片,这些对系统的防伪防攻击能力也 提出了挑战。针对门禁卡的防复制,在传统门禁系统中 有很多的讨论,此处不再赘述,以下仅针对近来越来越普 及的假脸攻击进行探讨。针对假面攻击的技术,又称人 脸活体检测技术,目前采用较多的是用深度学习算法训练 出人脸活体检测算法模型,可以有效应对打印面部照片、 手机和平板电脑上的面部照片、人脸头套、人脸面具等“ 假面”的攻击。深度学习算法很依赖场景数据,以滴滴的 人脸活体检测算法为例,因为滴滴每天有大几百万次司机
以上图片来自于网络搜索
人脸比对过程发生,这期间经常会有不合规司机企图利用 假面手段欺骗系统获得注册或接单,在年复一年的算法调
现了简便易行又美观大方的解决方案,摄像头遮挡帖。在不
优和与各种假面攻击战斗过后,滴滴积累了大量的相关经
需要使用摄像头的时候,遮挡住摄像头,可以防止黑客在我
验,也得以打造出效果优异、适配多种假面攻击类型的活
们不知情的时候调取摄像头视频,留存我们的人脸照片甚至
体检测算法,有效保障了平台的身份验证安全。
是各种表情的视频。
现在越来越多的移动支付手段开始链接到便捷指纹 支付和刷脸支付,刷脸的防伪防攻击在上文已经提及,已 经具备了很多检验假面攻击的有效技术手段。而反观指纹
引申的非技术手段:
支付防伪,虽然也有活体指纹检测技术,但想部署到手机
《思考快与慢》一书中提到一个经典实验,在某
上似乎还有一定的工程困难和成本困难,这给指纹支付带
个自觉缴费的自助咖啡室内,单号日期在收款箱
来了一定的安全隐患。万一手机被不法分子偷走,其可以
上方张贴一双眼睛的图片,双号日期张贴一张风
直接从手机表面提取到手机主人的指纹,然后在某宝制作
景画的图片,结果发现在每天消耗咖啡商品量几乎一致的
出指纹膜,岂不是就可以进行移动支付了么?可见,对多
前提下,单号日期收到的货款是双号日期收到的货款的3
因素交叉验证而言,确保其中每一项验证因素的真实性和
倍,实验说明心理暗示对人的行为的干预作用。延伸到身
识别准确性都不可或缺。
份验证安全的场景里来,在需要验证身份的界面张贴醒目 的警示语或图片,比如 “账号有责,违规重罚”之类,对
引申:个人生物特征隐私的保护
上文探讨了很多关于身份验证方式的特点,都是从如
安全验证本身虽没有明显的技术防范价值,但也许对降低 违规事件的发生率会有一定的帮助。
何提升系统安全性角度,那一定会有人想到,一旦身份验证
另外,对于一个组织而言,建立一套完善的安全防
方式被破解了怎么办?物理形式的钥匙被复制了,我们可以
范机制和规章也是极为重要的,规章可以在事前起到向组
换把锁;门禁卡被复制了,我们可以换个加密更好的卡;账
织成员宣贯和警示的作用,可以在事中指导危机处置,可
号密码被拖库了我们可以提醒用户更改密码;可是,生物特
以在事后起到责罚有法可依。
征一旦被盗取了,我们能换指纹和脸么?指纹可以通过手指 触碰过的光洁表面获取,也可以从加密措施不够的设备中获 取,面部照片的获取途径则更多。很多人的朋友圈自拍已经
后话:
涵盖了其各个角度的人脸照片,甚至很多算命小程序还收集
古语“魔高一尺,道高一丈”,攻击和防攻击永
到了用户跨年龄段的面部照片,这对不法分子来说,无异于
远都是在此消彼长间角逐着,有防范技术的提
把自己的银行卡密码写在大门口。那朋友圈不发自拍能够避
升,自然也有攻击技术的多变,除了在技术层面
免隐患吗?黑客这种职业了解一下?新闻不止一次的报道有
不断打击不法分子的非法行为之外,还要依靠法律法规来
黑客通过手机、PAD、笔记本电脑的摄像头非法获取设备用
震慑和惩罚不法行为。选取适当的综合验证安全方案,并
户的面部照片甚至视频。基于这样一种担忧,网络上已然出
将技防和人防有效结合,才能不断提升系统的安全性。
Issue: 005; August 2019
17
网络战略
国家网络战略 在网络空间安 全中的作用 Virginia A. Greiman 战略网络空间+国际研究中心 (CSCIS)高级顾问
网
络战略是我们不断发展完善网络安全生态系 统的必要力量。世界经济论坛2018年的“全 球风险报告”将大规模网络攻击和重大数据
泄露或欺诈列入未来十年最可能出现的五大风险。虽然最 初的网络战略只具启示性,但近年来,这些战略为国家建 立网络议程,确立法律和道德责任提供了安全可靠的框
策略需要硬性的选择。网络安全战略的目标和实施 方法千差万别。它们包括:大数据治理和社会利益、攻击
架。 在过去十年中,各国政府一直在制定战略,以应对
和应对理论、政府机构标准、可塑性(加强保护)、国际合
迅速扩大发展的全球互联网络、人工智能和有关技术发展
作伙伴、研究和发展以及体制改革。网络安全只是大多数
带来的安全威胁。这些威胁已经发展成为国家安全需求、
国家网络战略的其中一个支柱。
企业竞争力和隐私保护在内的重大国家级问题。国家安
直到最近,“国家安全”一词在美国广泛被使用。
全、犯罪行为、关键基础设施、全球金融服务、优势战
而许多经济合作与发展组织国家普遍采用“国家安全战
略、医疗记录、国际贸易、知识产权、隐私以及其他重要
略”(NSS),这是一个相对较新的现象,似乎与战略思维
权利和责任等等,都受控于在虚拟世界中进行的范例式的
的转变密切相关,战略思维从关注少数几个具体的“威
治理。
胁”,转向混合性的无数“风险”。日益增长的网络攻击
网络活动为“全球化”带来了全新的含义。图1说明 了政府在平衡国家网络基础设施系统需求的基础上,采取 制定战略所面临的挑战。
数量和强度也要求人们更密切地关注国家网络战略。 世界上所有地区的国家现在都有网络战略,这反映 在地区议程(特别是在欧洲)、多边和双边讨论、或为发展 中国家项目提供援助时的所做的努力上。然而,正如欧洲
什么是网络战略?
网络安全协会(ENISA)的理解,各国观点的差异,将增加
《国家网络战略》概述了一个愿景,阐明了国家高
涉及网络安全的多国协议的谈判难度。这些差异包括对内
度上网络风险理解与管理的优先事项、原则和方法。如果
容的监管、证据标准、域外调查的范围、隐私的范筹,以
政府和企业都没有把网络安全放在首位,这明显会让国家
及由于限制私营部门对互联网的运营而导致的经济增长受
的安全程度降低。网络安全战略因国家而异,从重点保护
限。 国际合作的必要性是各国公认的,但是各国之间缺乏
关键基础设施到改善国家情报和国防,都代表着各自的利
共同的理解和方法则会妨碍国际合作。
益。网络威胁包括网络战、经济和企业间谍活动、恐怖主 义和网络犯罪。
18
虽然国家战略也许是由政府主导,但信息共享、政 策制定和风险管理的发展必须由私营企业主导,因为私营
Issue: 005; August 2019
图1:网络三巨头 来源:Greiman, V.A. (2016)《国家情报、企业竞争力与隐私权:网络空间共存》,《全球研究杂志》,第9卷第3期,第43-56页,9月。
企业是我们网络系统的主要所有者和运营商。普华永道
设施安全;(6)开发网络安全产业技术资源;(7)推动建立国际
(PwC) 2018年对122个国家的9000名企业领导人进行的全球
网络空间政策。由于认识到私营企业在网络安全方面发挥
信息安全状况调查显示,只有31%的董事会参与了对当前
着重要的作用,最近的一些战略为鼓励私营企业投资安全
安全和隐私风险的评估,只有44%的董事会参与了制定总
措施,制定了有利条款。
体安全战略。网络安全要求在政策制定和组织治理方面采
国家网络安全战略的成熟程度差异很大,一些国家
取更具凝聚力的方法,无论在政府内部,还是在私营企
已经建立了很复杂的网络安全治理结构,而另一些国家仍
业。然而,为了让私营企业了解它在保护国家基础设施方
处于规划阶段,没有评估标准和评估效率的指标。 此外,
面的作用,网络战略也必须从国家层面开始。网络法律框
大多数战略都不包括可能会构成网络战或恐怖袭击的严重
架应以国家原则战略为基础,为政府、学术界、技术研
性及威胁,或现有战略如何应对迅速变化的威胁动态的方
发、企业、消费者确立和改进网络安全明确方向。这种方
法。国家战略也不讨论解决和预防这些攻击所需的政策或
法得到了微软的推广和其他跨国技术公司的支持。国家战
立法。例如,南非的国家网络安全法律政策框架承认南非
略应包括:ISO/IEC等国际标准及美国使用的NIST国家标
网络安全法律框架不是一个同质的文件,而是一系列的立
准,以及预防侵犯隐私、歧视性待遇和接入互联网的措施
法,当整体审查时要确保南非的网络空间是安全的。
等等。
大多数战略都意识到私营企业在确保网络空间安全 方面的重要作用。政策应以公私合作关系为基础,其中可
国家网络安全战略的特点
能包括商业、社会和学术界。然而,它们对这方面的重视
通过比较美国,亚洲和欧盟的网络安全战略,可以
程度各不相同,很少清楚地说明如何发展公私合作关系、
发现以下共同的目标,这些都是每个战略都应该包括的重
谁应该参与合作关系以及如何管理和控制这些合作关系。
要目标:(1)制定网络防御政策和能力;(2)实现网络韧性;(3)
在一些国家战略中,它只是一个概念,而在另一些国家战
减少网络犯罪;(4)支持网络安全行业;(5)保障关键信息基础
略中,它是一个关键的支柱。
Issue: 005; August 2019
19
网络战略
家主权。该战略将网络安全称为“国家主权的新领域”,
已确定的网络安全策略
标志着精简网络控制的新举措。其主要目标是与其他国家
《欧盟网络安全法案》于2019年6月27日生效。《网
的关键网络战略保持一致,包括保护国家安全,捍卫网络
络安全法案》旨在实现高水平的网络安全和网络恢复能
空间主权,保护关键基础设施,打击网络犯罪以及加强国
力,并促进个人对欧盟数字单一市场的信任。《网络安全
际合作。
法案》旨在加强ENISA作为欧盟网络安全事务咨询和专业
国际战略
知识中心的作用,并促进欧盟政策和法律的制定和实施。
如今仅仅关注国家战略是不够的。如果我们要战胜
该法案引入了一个自愿的、集中的网络安全认证框架,从
网络犯罪、网络恐怖主义和经济间谍活动的全球威胁,我
而避免了成员国采用各自独立标准的做法。 在美国,通过加强网络防御和网络威慑来加强网络
们必须有全球合作伙伴协助打击和应对这些威胁。虽然国
安全能力是该国的两个最高优先事项。2018年美国国家网
家战略正在迅速发展,虽然许多人强调网络安全国际层面
络战略推动了四大支柱发展:通过保护网络、系统、功能
的重要性以及与志同道合的国家或盟友建立更好的联盟和
和数据来保卫国土;(2)通过培育安全、繁荣的数字经济和
伙伴关系的必要性(包括欠发达国家的能力建设),但是
培育强大的国内创新,促进美国的繁荣;(3)通过加强美国
清晰明了的网络空间国际战略仍然处于发展的早期阶段。
与盟国和伙伴合作的能力,维护和平与安全,遏制并在必
许多国际组织已经在网络基础设施和安全方
要时惩罚那些出于恶意目的使用网络工具的人;(4)以扩展
面建立了伙伴关系,包括国际刑事警察组织(国
开放、可互操作、可靠和安全的互联网的关键原则扩大美
际刑警组织),联合国,八国集团联盟,北约,
国在海外的影响力。
欧洲委员会,亚太经济合作论坛,经济合作与发
自2013年第一次发布以来,日本政府每隔几年就更
展组织(OECD),国际电信联盟(ITU),欧
新一次战略。2017年5月在日本发生的WannaCry勒索软件
洲网络犯罪委员会和国际标准化组织(ISO)。
攻击感染了600家机构的2,000台计算机,这也许增加了推
八国集团(G-8)和互联网联盟等私人团体发布了旨在提
进其新战略的迫切性。日本于2018年发布的最新战略旨在
高自愿合作效率的指导方针。虽然这些团体知道国际合作
改善日本关键基础设施的网络安全,并鼓励日本企业追求
至关重要,但他们尚未接受应该谈判制定法律规定的标准
网络安全最佳实践,这两者都将有助于日本的经济增长和
和义务的国际条约。 正如学者和政策制定者所论证的那样,法律授权的
创新。关注改善私营企业的网络安全是新战略的核心。 2016年12月,中国网络空间管理局(CAC)发布了
国际制度有一个强有力的理由来促进就行为准则、规范和
国家网络安全战略,该战略阐明并重申了中国在网络空间
国际条约达成协议。一些学者建议建立一个以联合国专门
发展和安全方面的主要立场。该战略旨在将中国建设成网
机构为蓝线的国际机构 - 根据非政治专家的建议 - 的标准
络大国,同时促进有序、安全、开放的网络空间和维护国
和建议的做法,以提高保护和调查措施的有效性。
总结
20
各国依靠网络空间收集国家情报,提高企业竞争
争的问题无法轻易协调。它还提出了合作和伙伴关系解
力,改善经济和全体公民的生活质量。因此,降低网络
决普遍问题的必要性,以及改善国家情报和防御的必要
风险对一个国家的繁荣至关重要。网络空间各方利益和
性。一个平衡国家和私人利益的全球法律框架将增强全
责任相互交织,带来了相互矛盾的目标和挑战。由此形
球电子市场的信心并提高法律确定性。随着国家网络安
成的国家利益、隐私和全球竞争力三头同盟,如今远比
全战略的不断发展,确定这些战略之间的共性至关重
单个问题复杂得多,并且主导了关于网络安全的大部
要,这也以便能够制定和实施在和平与安全的世界中协
分话语权。优先考虑这些利益会产生冲突,导致相互竞
调所有国家共同利益的模式。
Issue: 005; August 2019
网络战略
三视角下网络 主权的对立统一 郝叶力 中国国际战略学会 国家创新与发展战略研究会
摘要
二是网络主权与人权的矛盾。有观点认为互联网应 该支持言论自由,主权的介入阻碍了信息自由流动,这 一舆论矛头集中在中国设立防火墙上。 三是网络主权与多利益攸关方的矛盾。有观点认为 网络主权引发互联网治理模式之争,政府主导的多边治 理可能会挑战多利益攸关方治理模式。 由此可见,网络主权问题在网络空间国际规则中有 着特殊的重要性,成为诸多问题树的树根,其他问题由 此衍生。在这一问题上理清分歧、达成共识,才有国际 合作的基础。
一、国际社会对网络主权争议的三大焦点
如何才能让传统主权这个概念在网络空间全球化时 代以更加科学的内涵和表达获得最大公约数和认同度?
网络安全问题已经成为全球性挑战,正在上升为主
我要感谢在“中美”、“中俄”、“中欧”国际二轨对
权国家第一层级的安全威胁。世界各国针对网络空间国
话交流中结识的中外朋友,他们给了我多元的视角和启
际规则和全球治理体系变革展开热议,网络主权不可回
示。“大道至简”,再复杂的问题回归到最简单的“
避地成为争议的焦点。在这个问题上,虽然得到“联合
道”上,道通则理明,这促使我构建一个理论框架,可
国信息安全政府专家组”的一定认同,但在国际社会,
以更客观、更辩证的理清问题、解决矛盾。
仍存在深层分歧和质疑,主要集中在以下三方面: 一是网络主权与互联网精神的矛盾。有观点认为主 权的排他性有悖于互联网精神的互联互通,强调网络主 权可能引发各国另起炉灶导致互联网碎片化。
Issue: 005; August 2019
二、三视角是解决矛盾的重要突破 深入剖析上述三个主要矛盾,实质上反映的是国 家、国民和国际三大网络空间行为体之间的利益诉求。
21
网络战略
这三大行为体各自从自身出发,对另外两大行为体普遍
序和安全,需要主权来提供相应的法律保障。 国家视角:国家追求安全与发展。国家既要保安全
忽视,从而形成了目前各执一词,难以调和的局面。 网络主权和互联网精神这对矛盾,其背后行为体
又要谋发展,既要管网也要用网。这时候,国家与国民
是国家与国际;网络主权和人权这对矛盾,其背后行为
这条边的关系,是相互依赖和依存。习主席说 “网络以
体是国家与国民;而网络主权与多利益攸关方这一对矛
人民为中心。要让互联网更好的造福人民。老百姓上了
盾,其背后又涉及国家、国际和国民三个行为体。
网,民意也就上了网”。 而美国总统特朗普更是有着独
二元对立的零和博弈,或为僵局,或是一方胜利,
特的“推特治国理政策略”。 所以说现在的政权应是建
但皆付出巨大代价。如今国际社会的舆论质疑,大多
在网上一点不为过,在网上倾听民声,了解民意,集中
出自单一视角、单向思维、单边逻辑。站在一个点看问
民智,引导民主,更能深入人民,也更体现执政党的智
题,对另外两点普遍忽视,要么绝对,要么过激,结论
慧。这样互联网的自由活力也会给国家发展带来繁荣生
是无解的,需要跳出单点迷思和二元对立,站在更高的
机。
全息维度,引入三个视角。
国际视角:国际社会追求开放与包容。国际互联网
认清网络空间的三大行为体,如同混沌空间点亮
代表技术发展的主流,人类文明的大势。国际社会要追
的三盏灯,一盏灯只能看到一个点,两盏灯能看到一个
求开放与包容,因为这里既有大国关系的角逐,又有东
面,而三盏灯可以让我们看清一个整体。从三视角出
西方文化的碰撞,还需兼顾发达国家和发展中国家的利
发,我们可以看到一个更真实的网络空间,其中各行为
益平衡。国家主权排他性的一面与国际社会的开放性看
体的角色与诉求,以及相互间的关系影响,形成多元矛
似有一定冲突,实则是可以协调平衡的。
盾的对立统一。
三、三视角的理论框架
一方面,从国家视角看,国家需要解放思想、转 变观念,正确对待发展与安全间的平衡,国家主权通过 一定的让渡,融入国际体系,可以让国际间的开放互通
数学当中解多元方程总要设边界条件,(n>x>0),
为国家带来更多发展机遇,促进文化交流、经济合作、
在一个定义域里求解,变量既不是无穷大,也不是无穷小。
以及安全上携手应对。国家与国际之间有相互依赖、包
三视角的意义就在于,由这三个行为体的视角出发,就能画
容、让渡的关系,达成对立统一。习主席说:“中国开
出三个边界条件,更具包容性,形成一个稳定的三角形和共
放的大门不能关上也不会关上。”
视区,进行有效对话,求同存异,可以让问题得到收敛和聚 焦,避免单点思维,“发射后不管”。
另一方面,从国际视角看,互联网在技术上实现了 全球互联互通,但只要国家还存在,就不可能无视国界
传统的、实体空间的国家主权,存在天然的排他
和国家主权。要防止过度追求开放,越过底线,导致一
性。对内强调至高无上的权威性,对外强调不可侵犯的
种强势文化格式化多元文化,网络强国更应主动填平数
独立性。当人类进入了网络空间,由于开放性、全球性
字鸿沟,积极让渡和共享网络资源和治理经验,克制使
特点,使另外两个行为体的体量增长,作用凸显。这个
用不对称手段谋取短期利益的冲动。在全球一网的基础
时候谈国家主权,一定要拓展国际和国民两个视角。
上,应创造更多的利益契合点,让世界各国都能够取得
国民视角:国民社群(网民及公民、国民)追求 自由。今天全球网民超过40亿,中国网民达8.3亿,这是
经济繁荣、文化昌盛、安全保障,这才与“互联互通, 共享共治”的互联网精神本质相契合。
了不起的数字。一定程度上可以说,网民就是公民、国
国家追求安全与发展时,需要向国际开放;国民
民。网民有追求自由的天性,然而事实证明,在无序的
在追求自由时,需要国家提供秩序保障;国际追求开放
环境下,完全靠网民治网,自律效果并不好,自由是不
时,需要包容不同国家的多元文化。这些多边关系看似
可能得到保障的。要维护每一个网民的自由,就必须要
对立,实则统一,看似矛盾,却相互依存。每个行为体
有秩序来平衡,这就注定网络不能是法外之地。秩序的
不能总是一味追求自己利益的最大化和绝对化,而是需
建立和形成需要外力,需要国家、政府层面制定规则,
要一定的相互“让渡”,在三边所限定的共视区内达
依法治网,保障网民的合法权益。技术本身不会提供秩
成最佳的平衡,也就是要在网络空间的地球村、一条船
22
Issue: 005; August 2019
上,寻求守望相助。
受到外部干涉和侵害。这些都是对承认网络主权的实践
综上所述,发展与安全、自由与秩序、开放与包
彰显。分歧并不在于是否认同网络主权,而在于主权覆
容,之间是一组动静平衡,也就是阴阳平衡。三个行为
盖哪些区域,通俗的说,就是“脖子”以上还是以下的
体本身的诉求并非绝对冲突和对立,只是放到窄范畴、
部分。这个问题反映了不同国家对网络安全的痛点是不
低维度,表现出一定对立关系。而当维度升高,我们便
一样的。国际社会应当尊重和理解各国的不同关切。
能看到其内在统一性关联,最终我们追求的是大格局下
因此,我们认为研究的关键,要用分层的方法来
的整体平衡,有让有合,对立统一。很多时候,通过观
具体分析网络主权的可分性,进而找到主权“排他性”
念的转变,视角的转化,很多矛盾迎刃而解。
与“让渡性”的适用域。 底层:物理层,包含网络基础设施。这一层的关键
四、三视角下看网络主权特征 虽然传统主权天然排他,但在全球化时代的网络主 权需要考虑合理让渡。什么时候该排,什么时候能让, 让到什么份儿上,要有度。基于三视角模型,再进一步 分析如何把握这个度。
是追求标准化,全球一网、互联互通。这一层里,需要 各国做出集体让渡,强势方更要向弱势方主动让渡,发 达国家把成果向发展中国家输出,以填平数字鸿沟。 中层:应用层,包含了互联网平台在现实中的各 种广泛应用,互联网载体融入了人类在科技、文化、经
过去人们习惯于把网络主权的争论焦点放在网络
济、贸易及日常等方面的各种活动。网络主权在这一层
空间到底应不应该有主权,也就是放在主权的“演进
次的影响应该因地制宜,动态平衡,多边与多方共治,
性”或“延伸性”上,其实这根本就是一个无须争论的
自由与秩序平衡。
事实。网络空间早就成为继陆海空天之后的第五疆域,
顶层:核心层,包含政权、法律、政治安全和意识
在奥巴马时期早已把它视为一个作战域,并组建了133支
形态,涉及执政根基,是一个国家的核心利益,不容挑
网络战部队。各国不管在网络主权的提法上如何各执己
战。因各国的国情、宗教、文化背景差异,分歧是客观
见,在实践层面却无一例外对本国网络加以管治,防止
存在的。文化的多样性是人类的生存常态,不能用一种
Issue: 005 Is 005; 05; Au August ugust 20 2019 01 19
23
网络战略
文化强行格式化这个世界的所有文化,要尊重差异,包
利益攸关方的一员,既要发挥政府在多方中的作用,
容多样。对于一个国家,你可以不认同它的制度和意识
同时也应当尊重、鼓励企业、社群、专家、智库发挥专
形态,但是必须尊重它的存在,包容它的差异,理解它
业技术优势,参与治理。但要防止以多利益攸关方排斥
的国情。
政府的参与和关键问题的主导。在核心层和应用层,涉
可见,在三角形的中层和底层,网络主权可以进
及意识形态、政策、法律、制度和证券安全问题,肯定
行一定程度的合理让渡,让更多的利益攸关方能够参与
要充分发挥国家政府的主导作用,充分体现多边治理的
治理,形成多利益攸关方治理模式。而顶层重在体现政
优势。政府在国际和国内重大事件当中是举足轻重的定
府的主导作用,“互联网的公共政策制定权是一国的主
盘星,这是不争的事实。关键时刻,政府该出手时就出
权,每个国家对境内信息基础设施承载的信息拥有天然
手,当放则放,当管必管,不容回避,也必须担当。
的管辖权”,这是联合国专家组已经达成的共识。尊重
通过上述分析,三视角下看网络主权的对立统
各国自主选择网络发展道路和网络管理模式,是让各国
一,可概括为:在全球化向深度发展的网络时代,网络
政府承担国家责任、开展国际合作的基本前提。 综合这三个分层可以进一步厘清多边与多方的分 歧。两种模式其实并不冲突,而是在网络空间的不同区 域、不同层级有不同的适用性。涉及意识形态、政策、 法律、制度和政权安全问题肯定要充分发挥国家政府的 主导作用,充分体现多边治理的优势。
主权具有可分性。第一,核心层具有不可侵犯的排他 性;第二,物理层、应用层具有开放共享的让渡性。既 不允许滥用互联网的联通性来挑战主权国家的核心利 益,也不能以传统主权的排他性动摇全球一网的基础平 台。让渡与排他的比重具有弹性,因其网络主权能否得 到国际规则的尊重而互动。
基于这个理论,我们可以回答前文提出的对网络
五:结论
主权的三个质疑: 第一,关于网络主权违背互联网精神的质疑。坚 持网络主权绝不排斥互联网精神。“同一个世界,同一 个网络”,不容置疑。承认“网络主权”是基础,是为 了各国能够平等参与互联网的全球治理,不仅实现互联 互通,而且还要共享共治。 第二,关于网络主权与网络自由的分歧。以防火 墙为例,中国是不得已而为之。面对网络空间日益恶化 的安全态势和“颜色革命”的严峻挑战,网络对抗能 力还不够强大的发展中国家,不能对政权的安危无动于
第一,网络主权植根于现代法理,是国家权利和 责任的综合体现。任何一个负责任、有良知的国家政府 都不会漠视新空间的发展与安全,也不应排斥、阻挠 其他国家的主权申张和全球共治的合理诉求。尊重“网 络主权”是开展国际合作的前提,是构建良好秩序的基 础。 第二,网络时代和全球化背景下的“网络主权 观”,需要突破实体空间的局限和二元对立的误区,站 在网络空间命运共同体的维度,以俯瞰全景的视角,科
衷。就像让一个整日面对恐怖袭击威胁的国家,放下反
学把握排他性与让渡性的对立统一。中国坚持网络主
恐的戒备,解散反恐的武装,那是不可能的。因此我们
权,也在合理让渡主权,中国重视国家安全,也在推进
反对网络强国动用国力支持穿越他国防火墙的行为。但
国际合作与开放发展。
是随着安全的好转,互信的加深,民主的成熟和技术的
第三,不反对多方治理模式,但必须防止以此排
发展,我们也会不断地提高对有害信息封堵的精确性,
斥政府在重大问题上的作用和责任。多边与多方是互补
将防火墙收窄。大家可以看到,顶层所覆盖的范围实际
而不是互斥。政府和多利益攸关方可以在网络空间的不
上是面积很小的,过度扩大顶层区域的面积,不利于各
同层面发挥不同主导作用。
方在网络主权上达成共识,这也是我们一直在努力研 究、不断改进的内容。 第三,关于多边与多方对立的疑虑。提倡网络主 权并非要取代多利益攸关方治理模式。各国政府也是多
24
第四,网络时代,丛林法则应让渡于休戚与共、 风雨同舟;画地为牢应让渡于开放共享;唯我独尊应让 渡于共生共荣;以价值观划线应让渡于尊重差异、包容 多样。
Issue: 005; August 2019
六:三视角方法论从V1到V2的进化
束,只有各自让渡部分私权的自由度,才能让各方利益
三视角模型通过构建三点、三边、三角、三层的
平衡,共享空间才能最大。如果一方想把小三角变成大
方法论框架,体现了以多元思维和分层思维化解矛盾的
三角,让自己的自由度达到极值180 度,最后导致的结
包容力和平衡力。 在原有三视角1.0模型基础上,三视
果是三角形退回到一条直线,事与愿违,面积=0,系统
角2.0版本进一步增加了旋转思维和整体思维,体现了系
失衡,一切化为乌有。 网络主权问题是三视角理论的起源,由此举一反
统性和辩证法。 1、旋转思维,即换位思考。 分别以每个视角为三 角形的顶点进行旋转,对其利益诉求分层。例如国家、 国际和国民,每个行为体都有核心层,即小三角,需要 尊重,不轻易触碰,应当“存异”。同时,各自小三角 又要限定在适度范围,任何一方都不能一味追求自身利 益最大化、绝对化,必须留出小三角之外互相兼融的共 享区、求同区。核心区尊重差异,共享区求同共治。 2. 整体思维。 以三角形外接圆代表网络空间整体 的多样性、也是各种可能的变化与差异的不确定性,而
三,诸如信息治理、数据跨境等问题皆可带入分析、判 断、权衡。 如信息治理问题,从管理视角看,政府要履行管 理职能,通过立法制定对有害信息监管政策,任何负责 任的政府,对破坏社会稳定的有害信息都不能熟视无 睹,各国都不例外;从技术视角看,执行部门要制定监 管规则,用技术手段以合理的方式过滤有害信息;从社 会视角看,舆情是社会的晴雨表,也是评估监管政策和 规则是否符合初心,让社会稳定、政权巩固、百姓安宁 的客观标准。以此把握调控信息治理的政策制定和技术
内接圆则代表三行为体的共同利益。此图揭示了三方各
运用,在三者之间不断调试,优化,找到平衡点和稳定
自利益之角如何影响了共同利益与差异。几何学中有一
度至关重要。
个原理,任意三角形都对应一个外接圆,同时也对应一
一千人眼中可能会有一千个看问题的角度,但拥
个内接圆,在三角形周长不变的前提下,等边三角形的
抱了多元、分层、旋转、整体思维,我们就拥有了超越
内接圆面积最大,外接圆面积最小,且外接圆圆心落在
二元对立的智慧,有了稳定的基石和解决问题的钥匙。
三角形内,让整个系统具备稳定与和谐性。
以此为方法论,可在网络大潮中,开合作大局,利全球
这说明各
方共处的三角形空间内,每一方都应受到共同利益的约
Issue: 005 Is 005; 05; Au August ugust 20 2019 01 19
共治。
25
网络战略
从国家总体安全观到 5G产业安全战略 随着5G技术在全球范围内的逐渐商用和相关产业链的不断成
于2017年12月,完成第二阶段(技术方案验证)测试,于2018年启
熟,5G产业发展已成为通信业、信息产业、社会经济乃至全球竞
动第三阶段(系统验证)测试,制定并发布第三阶段试验第一批规
争的重要热点。在逆全球化、贸易保护主义和单边主义活跃的背景
范,成为5G预商用设备研发与测试的重要依据。
下,中国5G设备制造商和电信运营商在全球的发展不断受到干扰
2018年,三大电信运营商陆续进入全国范围的5G网络试验阶
和影响,这使5G技术、产业及其安全问题进一步成为全球关注焦
段。2018年6月,中国联通宣布在16个城市陆续开启5G规模试验;9
点。
月,中国电信宣布打造5G示范工程,开展17个城市规模试验;年 底,中国移动宣布全面启动17座城市,进行5G规模试验和应用示
我国5G产业发展:从技术演进到
一、
全球热点
范。 2019年是5G元年。我国5G产业发展对我国经济和全球经济的
就我国5G产业发展现状看,从中
发展将产生深远影响。至2019年,我国5G产业相关链条整体趋于成
央政府到地方政府,从电信运营商到电信设备商和终端制造商,从
熟,为大规模商用做好了准备。从2019年2月14日开始,中国联通正
互联网领域到物联网领域和工业互联网领域,从新闻媒体到普通消
式交付首批5G智能手机测试机;中国电信于3月推出超过1200台5G
费者,都对5G产业发展寄予厚望,期望5G发展能够给各行各业带
终端进行测试;中国移动也于上半年推出5G智能手机和首批中国移
来发展新机遇和发展新空间。
动自主品牌5G终端产品。
从我国5G发展历程看,自2016年开始,我国5G技术开始进入
对于5G产业发展,我国信息通信主管部门采取了积极稳健开
测试阶段,并于2016年9月完成第一阶段(关键技术验证)测试,
放的产业政策,以保障我国5G产业的可持续发展。2018年12月10
26
Issue: 005; August 2019
日,中国电信、中国移动、中国联通获得5G系统中低频段试验频 率使用许可,进一步推动我国5G产业链的成熟与发展。2019年6月 6日,依中国电信、中国移动、中国联通、中国广电的申请,工业 和信息化部经履行法定程序,分别向四家企业颁发了基础电信业 务经营许可证,批准四家企业经营“第五代数字蜂窝移动通信业 务”。5G牌照的发布,标志我国5G产业进入正式商用阶段。 我国政府在5G产业发展方面秉持开放的政策。我国政府认 为,5G是一个面向全球开放的产业,5G产业的标准、专利、终 端、网络由全球的相关企业和机构参与,共同推进5G在全球的发 展。中国积极开展5G技术研发试验,构建面向全球企业开放的公共 测试环境,欧、美、韩多国企业参与其中,加速促进产业链成熟。 工信部总工程师张峰曾呼吁,秉承优势互补、互利共赢的原则,构
工信部总工程师 张峰
建全球化的5G产业链,保障网络基础设施安全,促进信息通信技 术的融合发展与应用,不断为世界经济增长注入新动力。2019年6
术环境下,每平方公里范围内网络连接数量可达100万个。
月,中国移动公布了5G的招标采购网络设备情况。其中,华为网络
这将使5G网络环境下,来自社交网络、无人驾驶、远程医
设备中标数量最多,成为最大赢家。与此同时,欧洲的爱立信、诺
疗等各种应用海量信息的产生和传输能够达到前所未有的
基亚也成功中标。在两项重要设备采购中,爱立信、诺基亚中标设
量级,将导致5G信息安全面临前所未有的压力。
备的合计数量占比均超过40%。这表明,我国在5G商用上继续秉持 开放姿态,显示出我国愿意让各国企业共谋中国5G发展、分享中国
四是5G终端安全。在5G网络环境下,5G终端进一步趋于多元 化、折叠化、虚拟化、可穿戴化,使5G终端安全环境进一
5G发展成果的诚意。
步趋于复杂。与此同时,华为在5G发展方面所遇到的来自
我国5G产业安全观:从网络安全到
二、
产业安全
外部的芯片、操作系统、技术标准等方面的遏制,说明5G 终端所面临的安全形势也存在高度不确定性。
在复杂的国际局势中,我国5G产
业发展所面临的安全问题,不仅涉及技术安全、网络安全、信息安
五是5G设备安全。在全球范围,华为5G设备遭到以美国为主
全,还涉及终端安全、设备安全、产业安全。这要求我国5G产业发
导的相关国家以安全为借口的种种遏制和打压。这说明,
展,应在国家总体安全观的统领下,应对当前所面临的各种安全风
国际政治力量深度介入技术和市场领域的风险急速攀升。
险。具体而言,5G产业安全主要包括以下几个方面:
然而,5G有关规则和标准的制定,应该最广泛地听取和吸
一是5G技术安全。在5G发展阶段,5G技术的形成所依托的基
收所有利益攸关方的意见,并在具有普遍代表性和权威性
础是5G技术标准和各种专利。在这方面,我国在5G国际标
的机制框架下,通过开放包容的多边进程予以讨论,为各
准文稿中所占比例处于全球领先位置,在一定程度上确保
国企业参与5G建设创造非歧视的竞争环境,体现公平公
了我国5G产业的安全性。
正,追求互利共赢。
二是 5 G 网 络 安 全 。 由 于 5 G 网 络 采 用 网 络 功 能 虚 拟 化
六是5G产业安全。5G产业安全是总体性、运营性、全球性
(NFV)、软件设计网络(SDN)、网络架构服务化
的。在这种形势下,从5G设备提供商、5G终端生产商到
(SBA)等技术,使5G网络更具有弹性,更便于通过计算
5G网络运营商,都应对5G产业安全问题予以高度重视,并
机网络进行控制。但是,从另外一个方面看,也增加了5G
从产业总体安全观的高度系统梳理和协同应对。另外,5G
网络安全的风险。
产业发展现状也需要我国政府信息通信主管部门,从产业 政策层面对5G产业安全问题予以高度重视和前瞻布局。只
三是5G信息安全。在5G发展阶段,人际互联网和物际互联网
有如此,5G产业安全问题才能得到包含产业政策、运营体
并行发展,高度融合,在人和人之间进行连接的同时,也
系、法律体系等在内的来自总体安全观框架全方位的安全
会在更大范围内进行人和物、物和物的海量连接。在5G技
保障。
Issue: 005; August 2019
27
行业动态
全球视野下的5G产业安全:从产业
三、
现实到产业未来 在移动通信发展领域,1G和2G发
展阶段,我国移动通信产业采取的是跟随战略。在3G发展阶段,我 国移动通信产业取得了重要突破。在4G发展阶段,我国移动通信产 业和发达国家处于“并跑”位置。在5G发展阶段,我国移动通信产 业整体处于领跑位置。可以预计,在6G和7G发展阶段,基于我国 庞大的市场空间和技术储备,我国移动通信产业将有望继续保持处 于第一阵营的领先位置。这种产业领先优势,是在移动通信产业全 球开放和经济全球化背景下取得的。 我国移动通信产业和信息相关产业的进一步发展壮大也离不
习近平主席
开全球开放的产业环境和产业政策。当前,美国挑起的中美贸易 战,往往以“安全”等理由为借口,试图将中国的5G设备生产商、
判。只有在改革开放进程中,稳健有效可靠地处理好安全问题,才
终端生产商和电信运营商排除在美国及其盟友的移动通信产业范围
能真正确保我国“两个一百年”战略目标的顺利实现,才能确保我
之外,这是一种典型的贸易保护主义、单边主义、霸权主义做法,
国在全球治理体系改革和人类命运共同体构建中发挥更大的建设性
将不利于更加开放地推进全球移动通信产业的发展,同时,也不利
作用。
于美国移动通信产业及相关产业的发展。
在我国总体安全观战略布局中,5G产业具有至关重要的战略
可以预计,从2019至2049年的30年间,我国移动通信产业将持
位置。从党的十九大报告可以看出,我国社会主义现代化强国目标
续获得稳健发展。我国移动通信产业所具有的基础性、融合性、全
由众多细分的目标构成。其中的网络强国、交通强国、科技强国、
球性等特征将更加明显。我国移动通信产业的基础性特征表明,对
制造强国、质量强国、教育强国、人才强国、军事强国等,都和作
我国社会经济整体的支撑作用将进一步增强。我国移动通信产业的
为新时代信息基础设施重要组成部分的5G产业密切相关,5G产业
融合性特征表明,其对大数据、云计算、人工智能、物联网等信息
对我国网络、交通、科技、制造、教育、军事等领域的发展具有重
技术及相关产业的融合性将进一步加强。我国移动通信产业的全球
要的支撑作用。
性特征表明,其对全球移动通信产业的引领和支撑作用将进一步加 强。这种发展态势对我国移动通信产业安全提出了更高要求。
对中国而言,涵盖各方面安全的国家安全是一个大问题,一 个全局性问题,一个全球性问题。在总体安全观框架中,5G产业是
可以想见,我国移动通信产业的未来发展,将更为广泛地覆
连接所有安全问题的焦点和中心。从我国国家安全总体安全观战略
盖全球市场,更深融入全球产业链条和产业领域。这就要求我国5G
架构看,5G产业安全是其中的一个重要组成部分,而5G产业安全
产业在未来10年中应形成完整、有效、可靠的安全战略,并为此后
又涉及影响我国总体安全的战略布局。其二者形成局部和全局的辩
20年的移动通信产业发展奠定牢固的安全发展基础。
证关系。 5G产业安全还影响涉及全球产业安全、全球治理体系变革等
四、
我国总体安全观统领的5G产业安全 战略:从局部安全到全局安全 2014年4月15日,习近平总书记在主
问题。在移动通信网络、移动互联网、社会关系网络高度融合,在 网络治理、社会治理、国家治理、全球治理高度融合的背景下,5G 产业安全和我国总体安全的关联将越来越密切深刻。
持召开中央国家安全委员会第一次会议时提出,要坚持总体国家安
总而言之,对于我国5G产业安全问题的研究,首先应将其放
全观,走出一条中国特色国家安全道路。所谓的总体安全观,就是
置在我国国家安全总体安全观的框架之中考虑。其次,要从产业安
从国家安全的总体框架下,以全球范围视角考量审视我国发展所面
全的视角,对5G所涉及的各个环节、各个层面、各个领域的安全问
临的安全问题,并作出总体规划和战略应对。我国总体安全观的形
题统筹考虑。5G产业安全问题,涉及技术和网络,政治和经济,终
成,意味着我国已从战略层面审视和判断我国新时代发展所面临日
端和设备,信息和运营等诸多方面。只有运用总体安全观的战略眼
益复杂的安全风险。
光进行研究,才能从产业安全角度对我国5G产业未来10年的发展做
在此背景下,需要从战略维度对我国在参与全球治理体系改 革和人类命运共同体构建过程中的安全问题进行深刻分析和准确研
28
出清晰的安全战略规划,并在全国和全球范围内推动5G产业和新一 代移动通信产业的稳健、开放、持续、均衡发展。
Issue: 005; August 2019
网络创新 & 初创企业
中国网络安全100强 《中国网络安全100强企业 (2019)》(以下简称 “百
注:网络安全行业收入总额,即网络安全企业的营
强” )于今日发布,调研对象为国内近 500 家包含网络安
业收入总和,包含非安全业务、海外业务、安全集成业务
全业务的企业,时间区间为 2018 年全年的数据。
等。这里的安全企业是指,网络安全业务收入大于等于公 司总收入 50% 以上的企业。而网络安全业务小于总收入
网络安全市场概况
50% 的企业,只统计其网络安全业务收入,非网络安全业
为了更加客观真实的反映网络安全行业现状,本次
务收入不计入本次调研统计范围。此外,为避免重复计
调研评选由 “50强” 增扩至 “100强“,并首次将百强矩
算,网络安全产品与服务收入已减去安全集成收入、部分
阵图划分为四大区域,分别为:领导者、领先者、竞争者
OEM 收入,以及统计对象的全资子公司收入。
和潜力者矩阵。入选百强矩阵的企业除了网络安全厂商, 还包括了 IT 服务商、互联网公司及可信计算提供商。
关键发现
据本次调查报告的统计,2018 年网络安全行业收入总
√ 2018 年年收入超过 10 亿元的十家安全企业,总收
额约为 529.46 亿元,与 2017 年相比,国内网络安全行业收
入约为 179 亿元,占网络安全整体收入的 39%,与 2017 年
入总额的增长率约为 32%。网络安全市场规模约为 453.82
的占比 (40%) 基本持平。年收入在 4 亿至 9 亿的安全企业
亿元,与 2017 年相比,网络安全市场即网络安全产品与服
约十余家,总收入约为 73 亿元,占网络安全整体收入的
务的收入总额的增长率,约为 30%。在本报告内容中,如
16%。年收入在 1 亿至 3 亿的安全企业,超过 40 余家,总
无特指,网络安全整体收入则是指网络安全市场规模。
收入约 80 亿元,占网络安全整体收入的 17%。
Issue: 005; August 2019
29
网络创新 & 初创企业
√ 网络安全业务 “碎片化” 现象依然严重,已具备
互安全/业务反欺诈延展到征信服务、移动安全延展到商
一定竞争力的安全企业厂商,只有不断扩大产品线,才能
业分析、网络安全设备延展到网络设备等。这一现象,在
支撑企业的持续发展。这一现象,并不利于安全产品在技
一定程度上反映出网络安全概念的扩大并正在与信息技术
术方面的竞争力。
融合的趋势。
√ 大部分中小网络安全企业的集成收入持续下降,
√ 自有统计记录以来,2018 年是中国网络安全市场
自主研发产品销售收入稳步上升,安全集成业务越来越
增长速度最为快速的一年,这是由于数字时代的来临、国
集中到少数大型 IT 服务商和一些重点行业的 IT 服务商手
家安全的挑战、政策法规的出台,以及用户的实际需求等
中。
各方面驱动的结果。网络安全产业的快速发展趋势,至少 √ 部分安全企业依托自身的安全业务,逐渐延展到
在未来的三到五年内,有望持续。
相关的非安全业务。如数据安全延展到数据分析、在线交
30
Issue: 005; August 2019
中国网络安全100强企业
2)领先者矩阵 此区域聚集了大部分主板上市企业及已申请科创板
四大区域简介: 1)领先者矩阵
的企业,此类企业特点主要是,安全细分领域中的技术/
位于此区域的企业,可分为三种类型:
产品在国内占有领先地位,并凭借多年的行业积累和技
综合实力领导者:以提供全线安全产品及服务的
术沉淀,将其业务延伸到各安全领域中,这类企业将会
老牌安全企业和超大型网络设备厂商为代表,
成为未来网络安全市场的主导力量。
无论在企业规模还是行业影响力方面都已成为
3)竞争者矩阵
网络安全市场的领军企业。
位于竞争者矩阵的安全企业大多专注于某细分安
影 响力领导者:以互联网企业和云服务商为代
全领域,并处于企业成长的关键阶段,面临扩大市场、
表,此类企业特点主要是,拥有大量的优秀安
研发投入、人才储备、资金能力等诸多挑战。但网络安
全专业人才、海量的互联网数据和大型网络服
全的快速发展和未来的上市可能性,则是这个区域企业
务平台。进年来,由于安全重要性的提升和产
的强大推动力。这些企业是目前网络安全市场的中坚力
业互联网的趋势,逐渐涉足企业级网络安全市
量。
场。 规模领导者:以
4)潜力者矩阵 IT 安全服务商为代表,业务模
矩阵中主要以技术创新型网络安全企业为代表,这
式以提供安全规划、安全系统集成及安全运维
些企业虽未形成较为稳定的收入规模和行业客户,但由
服务为主。此类企业的服务对象区域覆盖范围
于某一细分领域具有独特的技术创新力,已逐渐被信息
大,且多以行业大型客户为主,近年来开始注
安全要求较高的企业客户所认可,并受到资本投资机构
重安全能力的整合。
和网络安全领导厂商的关注。这些企业是网络安全市场 的新兴和后备力量,在一定程度上反映着网络安全技术 和市场的未来走向。
附录1:调查对象所处城市分布 附录1 本次调研对象约 50% 总部设在北京,上海、深圳和 杭 杭州分别约占十分之一强,其它依次为成都、南京、 广州、济南、厦门、福州、苏州、合肥、沈阳、天 津、西安、长沙、珠海、哈尔滨、常州、长春、金 华、青岛、太原、武汉、郑州、南昌、宁波、贵州 及湘潭。 附录2. 调查指标 调研包括:企业总收入、人员、研发收入占比、 企 企业专利资质数量、客户覆盖率、证书资质、用户覆 盖、 盖、媒体覆盖、企业背景、员工满意度、技术积累、创新 水平、 水平、产品或服务质量、创新力、经营模式等近百项指标。 (注:由于 (注:由于涉及商业秘密,各项详细指标不在此逐一列出)
Issue: 005; August 2019
31
网络创新 & 初创企业
三、 细分 领域 优秀 企业 推荐
文章来源:安全牛
32
Issue: 005; August 2019
捕捉PB级数据, 打击暗网犯罪 By GENE YOO, Resecurity CEO
今天,仅仅知道你的网络里发生了什么是远远不 够的。一个组织必须对外部环境发生的势态情报有所理 解:是谁在针对他们?都有什么行为?联合了谁?是否 会置公司于危险境地?这些场景(context)对打击网络 犯罪至关重要。没有这些场景(context),情报机构也 会失去它的作用。 Resecurity是一家全面且独家地在深网和暗网数据中 提供深入分析的网络安全公司。公司花了六年的时间对 这些信息进行索引,并将其置于场景(context)中。我 们正在创建第一个暗网综合索引。 该项目于2014年以隐秘的模式开始,计划于2020年
到我们可以将特定威胁行为者与其真实身份联系起来的
完善。该项目潜入互联网隐藏的深处,预计将产生PB级
程度,我们需要运用数据科学和大数据的力量,这也是
的数据,执法机构和网络安全客户可以使用它来阻止网
我们Resecurity正在努力的方向。
络犯罪和调查威胁行为。这些海量数据的有效利用,将 成为调研复杂网络犯罪案件的关键。
我们依靠一系列先进的大数据、数据科学和人工 智能技术,以回溯的方式分析和存储大量的动态数据。
暗网 - 一个可以使用匿名工具掩盖身份的地方, 使
训练有素的机器学习模型和人工智能引擎按类别识辩相
互联网无迹可寻、使传统搜索引擎没有索引, – 也是社
关内容,并在即时的情况下挖掘关于威胁行为者及其行
区、团体用于交易非法商品和服务的隐蔽的市场。 - 从
动的有效信息。每天捕获和处理数百万条暗网发布的消
儿童色情、毒品和武器,到用于散布恶意和勒索软件的
息,包括文本、图形和二进制信息(包含附件和其他重
工具,甚至是被盗数据都可以影响到国家的安全。根据
要构件)以及与消息和发布源相关的元数据。
定义,暗网是一个完全不受控制和管制的跨境生态系
其后,网络威胁情报分析人员和网络犯罪调查人
统。由于跨境立法以及影响执法的技术障碍,暗网的规
员与Resecurity捕获的数据进行交互,可以通过主题细
模迅速增长。这使网络犯罪分子有了一个可以进行影响
分、社区规模(参与者总数和发布的消息)、更新和活
我们社会所有元素的非法活动空间。
动动态、风险视角等来查看信息,从而确定如何对关键
源于暗网的网络犯罪几乎影响了所有行业,给全
威胁源进行优先级排序,以便进行更系统的监控。根据
球经济造成了高达6000亿美元的损失 - 约占全球GDP的
多年的经验和我们目前与国际政府以及执法机构的合
0.8%。安全行业专家预测,全球各地的公司在未来五年
作,Resecurity的猎人小队提取和分析最佳数据,并提供
可能会因网络攻击蒙受超过5万亿美元的损失。
最可操作的数据格式。
过去曾有过一些扫描暗网的尝试,但在当时可用的
总而言之:当这个项目完成之时,它就能成为一个
工具不够先进,致使产生很多误报 - 而缺少真实可行的
帮助执法部门的关键工具,不管那些坏人在哪里,我们
情报。为了能够最大程度地提供暗网的可见性,为了达
都会找到他们,使世界更安全。
如需获取更多有关Resecurity的信息,请联系:Nikki@Resecurity.com
Issue: 005; August 2019
33
网络创新 & 初创企业
2019年最具潜力的10家 以色列网络安全初创公司 以色列是一个充满蓬勃发展的科技初创企业的国家。 根据《2018全球创业生态系统报告》,特拉维夫人均创业公 司数量超过世界其他任何地方,因此也被誉为中东硅谷。 以下是由CyberDB列出的2019年最具潜力的十家以色 列网络安全初创公司名单:
XM CYBER
SILVERFORT 由于云、物联网和BYOD等IT革命,企业网络正在 经历巨大的变化。无数设备和服务彼此连接而没有明确的 边界,因此用户必须在访问任何敏感资源之前进行身份验 证。 Silverfort在复杂的企业网络和云环境中提供强大的身 份验证,无需任何代理或本地配置;可无缝地位所有敏感 用户,设备和资源(包括当前不支持它的系统)实现自适 应多因素身份验证,例如物联网设备,自行开发的应用 程序,关键基础架构等。 Silverfort使企业能够防止数据泄
Noam Erez, XM Cyber联合 创始人兼CEO
露,遵守法规要求并将敏感资产安全地迁移到云中。
网址: https://www.silverfort.com/
为了防止网络攻击,企业应事先确定黑客将利用哪 些攻击载体来破坏其关键资产。XM Cyber 屡获殊荣的入 侵和攻击模拟(BAS)平台能够不断识别攻击载体,并确 定补救的优先顺序。XM Cyber 由以色列网络情报界的高 管创立,并在美国、英国、以色列和澳大利亚设有办事 处。 Hed Kovetz, Silverfort联合 创始人兼CEO
网址:https://xmcyber.com/
34
Issue: 005; August 2019
SIXGILL
SALT SECURIT Y
网络安全公司通常依靠手动或半自动流程来收集和
Salt Security保护每个SaaS、web、移动、微服务和物
分析情报,从而创建一个冗长,昂贵且无效的情报周期,
联网应用程序核心的APIs,其API保护平台是第一个使用
而并没有减轻安全威胁。Sixgill成立于2014年,为世界各
行为保护来防止新一代API攻击的专利解决方案。 这种基
地的企业(包括财富500强公司,金融机构和执法机构)
于AI的解决方案在几分钟内就可以自动连续发现并了解
提供基于对深网和暗网独家访问的网络威胁情报解决方
API的细粒度行为,无需配置或定制即可确保API保护。
案。
该公司成立于2016年,由以色列国防军(IDF)的校 2017年,Sixgill在Netexplo / UNESCO巴黎会议上被
评为“世界十大最具创新力和潜力的公司”,并被列入
友和多名网络安全领域高管组成,并于2019年被选为RSA Innovation Sandbox的决赛入围者。
Disrupt 100。2016年,Sixgill在CyberTech Tel Aviv被评为“ 最具创新力的五大公司”之一 。 网址:https://www.cybersixgill.com/
网址:Website: https://salt.security/
Roey Eliyahu, Salt Security, 联合创始人兼 CEO Sharon Wagner, Sixgill, CEO
INTEZER Intezer的基因恶意软件分析技术可以识别可信和恶意软件中的 代码重用,以检测高级网络威胁。该技术可确定文件是可信任还是 恶意文件,同时还将恶意文件分类到其相关恶意软件系列,并在几 秒钟内提供有关攻击背后的复杂程度和威胁行为者的信息。该公司 还提供免费的社区版本,用户可以在其中检测代码重用,从而了解 恶意软件和威胁行为者。财富500强公司利用Intezer自动化他们的恶 意软件分析和分类,减少误报 - 改善安全操作并加速事件响应。该公 司的技术为领先引擎和政府机构(包括APT28、MirageFox、NotPetya 和WannaCry)之前的几次备受瞩目的网络攻击提供了重要见解。
Itai Tevet, Interzer, CEO
网址:https://www.intezer.com/
Issue: 005; August 2019
35
网络创新 & 初创企业
PROTEGO
SEPIO
Protego成立于2017年,其全面的SaaS解决方案可帮助 企业安全采用无服务器技术。
Sepio是一家主要以抵御隐藏的硬件设备攻击扰乱网 络安全的企业 。Sepio Prime使安全团队能够实时全面了解
该平台:
其硬件资产及其行为;全面的策略实施模块允许管理员轻
・通过在现有管道中自动化应用程序强化和治理,
松定义粒度设备使用规则,并持续监控和保护其基础架
节省开发人员和DevSecOps时间。
构。 Sepio的纯软件解决方案结合了物理指纹识别技术和
・为CloudAppSec提供无服务器应用程序可见性和无 缝运行时安全性以及功能自我保护。
设备行为分析功能,可以对来自受控或受感染元素的任何 威胁或破坏尝试进行即时检测和响应。
Protego获得了2019年最佳创业公司网络安全卓越 奖,并被SDTimes杂志评为2019年值得关注的公司。2018
Sepio Systems最近被Frost&Sullivan授予RDM(Rogue Device Mitigation)市场最佳实践和技术领导奖。
年,Protego获得SC杂志创新奖,Frost & Sullivan全球新产 品创新奖,并在特拉维夫网络技术大会上获得最具创新力 创新奖。 网址: https://www.protego.io/
网址:https://www.sepio.systems/
Yossi Appleboum, Sepio, CEO
Tsion(TJ) Gonen, Protego, 联合 创始人兼CEO
REBLAZE Reblaze成立于2012年,是一个基于云的、完全管理的站点和web应用 程序防护盾。恶意流量在到达受保护的网络之前就会在云端被阻拦。 Reblaze是一个全面的Web安全解决方案,提供下一代WAF,DoS和 DDoS保护,机器人缓解,防刮,CDN,负载平衡等。 该平台提供独特的优势组合。
机器学习提供准确的自适应威胁检
测。 专用虚拟私有云确保最大程度的隐私。顶级基础架构可确保最高性 能。细粒度ACL可实现精确的流量调节。直观的基于Web的管理控制台提 供实时流量控制。允许一个月的试用期,无需任何成本、风险或义务。
Eyal Hayardeny, Reblaze, 创始 人兼CEO
网址:https://www.reblaze.com/
36
Issue: 005; August 2019
REGULUS CYBER Regulus
Cyber为汽车,海事和航空领域的传感器提
供防御。这是第一家完全专注于传感器安全解决方案的 公司,该解决方案可保护用于载人和无人系统的常用传感 器。这款名为“Pyramid”的产品可以提供实时保护,防 止干扰和欺骗攻击(这些攻击可以禁用或攻击传感器,如 GNSS、激光雷达、雷达和其他关键任务组件)。Regulus Pyramid曾获得多个奖项,并从以色列和硅谷的领先风投 公司获得了630万美元的资金投入。
网址:https://www.regulus.com/
MORPHISEC Morphisec可以将优势转移到防御者身上,通过移动 Yonatan Zur, Regulus, 联合 创始人兼CEO
目标防御使他们领先于攻击。 Morphisec形成于以色列国家网络安全中心,由一群 最敏锐的安全专家创建而成。它通过确保攻击者永远不会 找到他们寻求的目标来提供最终的威胁预防。
网址:https://www.morphisec.com/
Ronen Yehoshua, Morphisec, CEO & 董事会 成员
Issue: 005; August 2019
37
网络大会
为什么选择以色列? 为什么选择Cybertech Tel Aviv 以色列是一个充满创新的国家,其独特的文化和地缘政治
Cybertech Tel Aviv 是一个B2B平台,是进行商业交易和
环境使它在网络安全方面拥有广泛的经验。《以色列时
学习最新技术创新、挑战和解决方案的首选之地。它包括
报》报道:以色列初创企业在920亿美元的网络安全市场
来自关键基础设施、保险、零食、医疗、政府、国防、研
上大放异彩。以色列在网络安全领域的投资超过10亿美
发、制造、汽车等等各个领域的高层人员、政府官员和主
元,较上年增长47%,已成为网络安全领域的领导者。该
要决策者。
国在市场上的地位仅次于美国,预计将继续保持其令人印 象深刻的增长模式。2018年的风险资本交易平均价格每 家公司为600美元。迄今为止,约有450家网络安全公司 在以色列运营,并与全球市场发展密切关联。
Cybertech Tel Aviv是一个学习、联结、合作以及从以色 列获得最佳网络安全创新并走向全球的完美平台!
Cybertech 大会提供:
180+ 200+ 90+ 160+ 18,000 850 来自许多知名行业领导者 的网络安全主题讨论,如 云端、物联网、区块链、 金融科技、机器学习、量 子计算等等
行业参与者展示他 们最新的网络技术 和解决方案
领先的初创公司
代表团
名观众
场B2B会议
Cybertech 大会提供特别赞助方案, 详情请联系Nikki,电子邮箱:cybertechasia@126.com;或微信:nikki159。
38
Issue: 005; August 2019
Cybertech Tel Aviv 将于2020年1月28日至30日在以色列特拉维夫举行, 这是一个网络安全行业必须参加、在该地区首屈一指的大会! 大会创办者Amir Rapaport表示: “中关村海外科技园赞助中国网络安全公司参 加以色列特拉维夫2020年的Cybertech大会, 让我们进入了中国与以色列合作的新篇章”, “我们欢迎更过中国企业参加Cybertech大 会,见证两强国网络创新与合作!”
此外,我们还设计了一个特别行程,带您体验以色列网络创新的成功经验,访问网络初创企业, 同时游览雅法老城与耶路撒冷,了解这个历史文化丰富的国家。
为期五天的网络创新之旅: Day 1-2 特拉维夫-网络创新之旅
Day 3 古老的历史文化之旅
参观网络安全实验室以及拜访会见,包括初创企业、云安
旧城+橄榄山+ Mahne Yehuda 市场
全、数据安全、移动安全、工业安全、基础设施安全、终
耶路撒冷旧城从来都是游客游览以色列的主要目的地,它
端安全、应用安全和网络空间安全等企业。
在犹太、穆斯林和基督徒的心中占有重要地位。从犹太人 的希望和祈祷的焦点-哭墙,到伊斯兰的圆顶清真寺和圣
Day 4 马萨达-联合国教科文组织世界遗产之旅
殿山上的阿克萨清真寺,再到基督教徒心中的圣地-圣墓 教堂,游览整个旧城能让人们直接体验耶路撒冷丰富的历
马萨达是以色列古代犹太国的象征,犹太人的圣地,联合
史文化以及宗教居民的多样性。
国世界遗产之一。希律王宫殿遗址至今仍保存在孤立的岩
橄榄山位于耶路撒冷山脉的东坡上,与圣殿山和大卫城隔
石山顶上,虽唯余断壁残垣,但人们依然能想象出当年的
着汲沦谷。橄榄山得名于圣经时代覆盖于其地面的橄榄
奢华与坚固。雄伟的高原上既有古老的神秘传说,也有悲
树。这里是以色列圣地之旅的必游之地,除了各式教堂和
剧的英雄故事。犹太人反抗罗马人侵略的最后战役就发生
修道院,最令人惊叹的莫过于从橄榄山上俯瞰,耶路撒冷
在马萨达,“罗马围攻”虽已过去了千年,但“永不陷落
旧城就在山下铺展开来,在这里荒野与城市融合在一起,
的马萨达精神”至今仍在犹太人心中传承。
旧城与汲沦谷、摩利亚山和圣殿山融合在一起,人们几乎 能感觉到圣经故事的活现。
Day 5 死海之旅 死海位于以色列、巴勒斯坦、约旦交界,是世界上最低的 湖泊,有“世界的肚脐”之称。死海含盐量极高,水中和
Mahne Yehuda 市场,也被称为Shuk,是以色列最美丽 的市场之一。无论是现在还是可预见的未来,它都代表着 耶路撒冷的心脏。Mahne Yehuda 市场以一种独特的方式
岸边几乎没有生物存活,任何人掉入死海都会浮起来,并
将新旧结合在一起,一个熙熙攘攘的市场和社区,食物、
且死海富含矿物质,每年吸引数十万游客来此休假疗养。
饮料、购物、酒吧和餐馆交织在一起。在这里你能从摊贩
在死海中漂浮,聆听追溯到亚伯拉罕时代的神秘故事,必
和人群的互动中、各种物品丰富多彩的色泽和芳香味道中
定让人流连忘返!
感受耶路撒冷最真实的存在。
以色列,这个融合了古老智慧和现代魅力的国家,正在等待您去探索和发现!
Issue: 005; August 2019
39
对话CEO
是什么让CISO 彻夜难眠? 对话思科全球安全业务首席技术官 Bret Hartman
Bret
Hartman是思科公司副总裁兼全球安全事业部首席技术
官,领导团队专注于行业未来发展方向,以及思科在为未来的 安全环境做好准备的过程中所扮演的角色。 作为最值得信任的安全顾问,Bret在构建信息安全架构等 方面拥有三十多年的丰富经验,他在包括云、虚拟化、 服务导向架构(SOA)和Web服务安全、策略制定和管 理、以及安全建模和分析等方面多有建树。Bret曾多次 在重要的安全行业大会上发言。加入思科之前,Bret曾是 RSA、EMC、IBM、DataPower、日立和Concept
Five的高
管。Bret还与人一起合著了安全行业规范、安全技术书籍,并 共同拥有一项企业级应用安全集成专利。Bret拥有麻省理工学 院计算机科学与工程专业学士学位,以及马里兰大学计算机科 学专业硕士学位。
40
Issue: 005; August 2019
网络安全行业面临的挑战是什么?使众多CISO无法入眠
念是一种趋势,能够促使业界多加考虑我们用来保护企业
的隐患是什么?
的工具。使用工具分析和分析始终是目标,因此企业应在
作为思科安全业务集团的首席技术官,我经常与来
被攻击之前就考虑好对策。
自世界各地的客户会面并交流,他们其中不少人是首席安 全信息官(CISO)。让CISO们夜不能寐的原因与让我们
请您分享一下对数字风险管控的看法,企业如何做好准
时刻严阵以待的理由是共同的,那就是 - “未知威胁”。
备?
年初,思科发布了2019网络安全报告系列《首席信
数字风险管理是CISO和董事会关注的一个重要领
息安全官(CISO)基准研究报告》,3,200名来自全球重
域,因为它们帮助公司管理企业风险。当今公司面临的一
点区域的安全决策者参与了调查。在该报告中,用户行为
个主要风险是管理多个供应商和解决方案的复杂性。在全
(例如,点击电子邮件或网站中的恶意链接)在CISO报
球范围内通过一个通用的架构简化产品协同工作,简化的
告中排名最高,其中56%的受访者将其视为重要问题。此
越多,就越能更好地应对潜在威胁。
外,79%的受访者表示,处理来自多个供应商产品的警报
此外,公司需要从全球的角度来进行数字风险管
非常具有挑战性,这比2018年的74%有所增加。太多的供
理,而不要将眼光局限在您的企业业务的当前问题。否
应商,彼此之间没有相互协调,因此很难及时应对收到的
则,根据我的经验,孤立地看待眼前问题,最终会导致失
大量警告,相较于2017年的55.6%,仅有50.7%的警报得到
败,因为您可能忽视掉来自世界另一端的威胁。
响应。未知威胁存在于未经调查的警报中。即便如此,与 以往相比,如今企业能够及时响应的警报比例正在降低。
Gartner预测,2019年全球信息安全产品和服务支出将达
面对这些真实存在的担忧,CISO可以采取以下一些
到1,240亿美元,较2018年增长8.7%。您认为在网络安全
措施来更好地为企业做好准备:
领域中哪些产品或服务的增长最快?
准备:组织可以通过演习来不断完善的筛查手
向云端转移是最大的增长领域。
段,使其更加严格完善,熟练掌握最便捷的恢复
多年来,大多数公司都是在总部的数据中心内部,
方法,从而采用经过验证的流程来减少漏洞和暴
在单一的位置上部署整个网络的安全堆栈。如今,网络正
露的风险。
变得分散。随着越来越多的应用程序迁移到云端,移动/
协调:协调跨不同工具的事件响应,以便更快地
漫游工作人员的数量不断增加,越来越多的设备连接到网
从检测到响应,并减少手动操作
络,外围环境正在扩大。
协作:了解业务案例的基础安全需求的唯一方法
公司开始重新考虑安全策略,并将保障扩展到分支
是在IT,网络,安全和风险/合规部之间进行跨部
边缘和云边缘。不断扩大的边界也带来了新的风险,一
门合作。
切都在更大的范围内发生。比如用户可以在自己的设备上 安装和使用有风险的应用程序,敏感信息暴露(无意或恶
据Gartner估计,至2021年,一般企业的平均收入大约有
意)的风险随之增加。如果完全只依赖于传统安全堆栈的
17%将用于数字业务计划;2020年则将有约30%的数字
保护,那么在可见性和覆盖范围方面将存在潜在的差距。
内容将是由人工智能技术产生的,预示全自动化的到来。
企业安全的定义正在发生改变,公司也相对调整安全管理
对此,从安全和风险角度来说,您如何看此发展趋势?
的手段。
从安全和风险的角度来看,我们正在密切关注两种 趋势:我称之为信任和欺骗。
思科正在做的一个例子是我们的云交付网络安全服 务Cisco Umbrella。它可以保护任何设备上的用户,无论他
信任数据:在分析方面,如果出现不良数据,无论
们身在何处。Umbrella保护用户免于访问恶意域名、IP和
分析有多好,结果都无法令人信服。对于任何类型的分析
URL。当用户打开或关闭公司网络时,它会通过任何端口
来说,确保其使用数据的完整性和准确性非常重要。你可
或协议阻止此类危险通信,即使在VPN关闭的情况下也是
以拥有世界上最好的人工智能技术,但如果数据被篡改,
如此。此外,StealthWatch还提供全面的安全监控和分析
那些技术就没用了。
功能,能够快速、有效地响应事件。
欺骗人工智能引擎:有一种观点认为人工智能可以
在思科,我们的方法首先采用最好的产品保护网
被用作武器,或者用于恶意目的。避免机器学习引擎的概
络、端点、应用程序和云,不仅如此,我们使用信任验证
Issue: 005; August 2019
41
CEO 作为基础,以确保只有正确的人才能获得访问权限。每个
请您与我们的读者分享一些您最近阅读的一些有益的资料
产品都有行业领先的思科Talos威胁情报支持,有效阻止更
多的威胁,确保组织的安全。我们在整个安全产品组合中
思科Talos博客 - 了解最新的威胁和分析 https://blog.talosintelligence.com/
提供针对高级威胁的自动响应,并通过整合的威胁和安全
“每月安全威胁(Threat of the Month)” - 思科
管理简化操作。最近,我们的产品可以和客户拥有的其他
深入研究威胁情报趋势,将其发现和专业意见提
技术协同工作。即使是非思科的产品,也能一同提供安全
炼成“每月安全威胁”报告,在思科的安全门户
响应。
网站上定期分享。 这些文章将帮助读者及时了解 可能对他们的业务构成威胁的安全隐患,并从最
思科公司有着不断创新发展的好传统,并且也在不断发堀
新的研究和分析中学习,以更好地保护自己所在
最具创新性的初创公司,目前您正在关注的最具创新性的
的组织。企业可以通过订阅思科的“每月安全威
数字技术是什么?
胁”来了解威胁情报的发展,并学习如何利用最
作为安全业务的首席技术官,我的职责是预测未来
新的网络安全技术保护自己。
的2-4年内我们将面临哪些挑战,以及我们如何帮助客户 调整他们的安全态势以满足新的需求。我的团队致力于发 掘思科战略技术伙伴、投资和收购等潜在目标。 现在,我最感兴趣的技术趋势之一是我们在安全方 面看到的巨大转变,过去,安全部署必须是在一个集中的 网络环境里,因为只有一个地方可以执行安全保护策略; 而现在,任何一个分散的、零信任的网络环境,无论是数 据中心、云端、还是分支机构,都能够实现安全保障—— 从本质上实现,安全无处不在。 作为一家公司,无论员工在哪里工作,使用什么服 务,您都希望他们处于被保护状态,当然这种无处不在的 办公需求也可能会造成更大的攻击面。为了应对这一实际
简体中文 Simplified Chinese
https://www.cisco.com/c/m/zh_cn/products/security/offers/ threat-of-the-month.html
需求,思科去年收购了Duo Security。Duo Security是基于云 的统一访问安全保护和多因素身份验证的领先供应商。在 用户得到允许访问应用程序的授权之前,Duo会先验证用
繁体中文 (台湾) Traditional Chinese (Taiwan)
https://www.cisco.com/c/m/zh_tw/products/security/offers/ threat-of-the-month.html
户的身份和设备的健康状况。
您对大多数CTO的建议是什么? 在我看来,首席技术官的职责中最重要的部分是预
繁体中文 (香港) Traditional Chinese (Hong Kong)
https://www.cisco.com/c/m/zh_hk/products/security/offers/ threat-of-the-month.html
测技术趋势,并在当下开展工作,以确保我们在客户需要 时提供正确的产品及时解决问题。而预测这些趋势的最佳 方法就是不断向客户学习,并持续倾听客户的声音。 很幸运,我领导了一个由世界上最具才华的安全技
英文 English
https://www.cisco.com/c/m/en_hk/products/security/offers/ threat-of-the-month.html
术专家们组成的团队。我们的团队对无论是大小企业的复 杂性、以及对于最新技术皆有着深刻的理解。我们高度关 注客户需求,不断致力于创新,致力于帮助我们的客户打
扫描下载阅读《首席信息安全官 (CISO)基准研究报告》
造更加灵活、客制化的安全环境,而这样的安全环境在构 建过程中,不仅复杂程度在不断降低,同时也更加具备可 视性。我们的目标是让客户有权专注于其业务的管理,而 不是IT的安全。
42
Issue: 005; August 2019
Industry Trends
Failing to Prepare is Preparation to Fail by CHRIS GIBSON, Execu ve Director, Forum of Incident Response and Security Teams (FIRST)
with a cyber attack and therefore help decide where investments should be made. The NIST Cybersecurity Framework is one of the most commonly used (there are others). NIST measures maturity across 5 domains - Identify, Protect, Detect, Respond and Recover. Only an organization that has capability and maturity across all five of these domains can be said to be truly ready and able to deal with a sophisticated cyberattack. Many organizations develop Computer Security Incident Response Teams (CSIRTs) as one capability to respond to security incidents. These teams follow a widely understood methodology that prepares for an incident, detects, triages and analyses it, works to contain and remediate the issue, and finally performs post-incident activity which typically includes a postmortem. But even when your business is too small to invest in a dedicated capability, there are a few things you can do to make your organization more resilient against an incident.
PLANNING FOR A SECURIT Y INCIDENT
I
t is highly likely that an organisation will face a cybersecurity incident of some sort at some point in its lifetime, regardless of the level of cybersecurity defence in place. In KPMG’s 2018 Global CEO Outlook, a representative group of senior leaders ranked cybersecurity threats as the second highest risk to their firm’s future growth. This is reinforced by many Government cyber security strategies from around the world where cybersecurity threats are considered to be a significant threat to national security and prosperity. Yet many historical breaches show that security incidents can be survived. And, when managed well, your response to them can be an indication to your partners and customers that your organization takes security seriously.
Assign a clear incident leader. During a response, coordination is needed across many teams, including Security, IT, Engineering, Operations, Legal, Human Resources and Public Relations. In most cases, technical response work will not all be conducted by a single team. However, organizations benefit by having one clear authority within the organization who defines the process that will be followed and focuses on planning those interactions ahead of an incident. Manage the information gap. Plan ahead to have a communications lead, who works closely with the incident leader, and works to satisfy third party information requests from across the organization. During an incident, there will be a large set of requests for information, with a small team actually investigating and developing the deliverables. An often-overlooked piece is to record details of each decision as it happens. When you look to perform a post-mortem after
A business leader can make a wide variety of cybersecurity investments, ranging from prevention, to detection and incident response. It’s often challenging to determine the appropriate level of investment in each area, as each is important and contributes to an organization’s resilience against cyber threats. There are a number of models that can be used to help measure an organization’s capability to deal
Issue: 005; August 2019
43
Industry Trends
be regular and involve a range of participants. It’s important that the senior members of an organization (right up to senior executive management) as well as the technology and other staff participate. The “muscle memory” this will build is invaluable when a real incident occurs.
RESPONDING EFFECTIVELY AND MANAGING RISK the event it can be extremely difficult to recall the exact timeline of the incident. Multiply this with the complexity of many of the incidents we see today and it can become almost impossible. Your team needs to build relationships with the incident response community. Effective cooperation during an incident is about trust. When an incident strikes, it’s too late to build it. Have your team engage with business partners, national CSIRTs and service providers before you need the relationship. Join relevant organizations in the field, meet their security teams at conferences and industry working groups, or use existing mechanisms such as a vendor review process to determine and track the right points of contact early on. Retain external legal, PR and technical support. There will be technical skills not available to your team. These may include legal, public relations and technical support, such as crisis management or disk forensics. Find a provider for these services and sign a retainer, before the incident strikes. Study applicable reporting requirements. You may have made commitments to your customers on how quickly you’ll inform them when data is breached. Even if you haven’t, various legal reporting regulations are now in effect, such as the GDPR, where organizations typically have up to 72 hours to gather relevant information and report to the appropriate regulator – or the European Union NIS Directive, according to which specific Digital Service Providers must report “with no undue delay”. Work with your legal team to understand each requirement ahead of time, so your incident response process takes them into account. Exercise, exercise, exercise. It’s a common misunderstanding that security exercises are only important once you’ve achieved a certain level of maturity. In fact, exercises pay off from the very beginning. Take a scenario that affected another organization and perform a table-top walkthrough of how your organization would deal with that same incident. At the very least you’ll identify gaps you still have to address. Exercises should
44
Communicate often and early. When a security incident is known to the public, it’s important to acknowledge it early, even if you can only state you are investigating. This helps ensure that affected parties understand you are aware and working on it and will be a source of information in the future. Providing regular updates helps ensure a cadence, so they will come back at regular intervals and will feel less inclined to go look for information from other sources, which may be inaccurate. Be truthful and straightforward. End users lose trust when communication isn’t clear and understandable, or if they feel you are not expressing what truly happened. Be clear and write to the technical level of your users, but don’t make things sound better than they truly are. When end users are exposed to risk as a result of your breach, say it. Don’t lose track of the basics. “What would have happened if this took place on another system?” is valuable information, but you should first focus on the key questions you need your team to pursue early on. Higher priority questions typically include: “How did the breach take place?” and “What customer data is affected?”. Failing to reach basic agreement on the impact of an incident can cause delays and confusion later.
AFTER THE INCIDENT Study and document your response. The most important phase when handling a security incident is the “post-mortem”. It’s almost impossible to prevent all in-
Issue: 005; August 2019
cidents from happening, so this is a chance to review why this one took place and identify ways to improve your program. Ask the “Five Why’s”: every time you believe you have an answer to why the incident took place, ask for a deeper, underlying cause, until you hit at least five levels of “Why.” Address all levels, and focus on the deeper, underlying ones, as they will lead to other, future incidents if left unaddressed. Never let a good incident go to waste. There are two positive benefits from an incident: The first is that as it so clearly illustrates both needs and impacts; an incident is often the best time to get additional investment to prevent the next one. Make sure to clearly communicate what your security program needs to be more effective and create follow up plans to get buy-in from senior leadership in your organization. Secondly, every incident you work helps you learn more about your process and your organization; how your systems interact but more importantly, how your people interact. Share your learnings. As a community, we can only become better if we actively share information on the cybersecurity issues we experience. Airlines are so safe exactly because every failure is scrutinized and shared in detail with others, and action plans are made by airlines regardless of who was originally affected. By sharing your learnings, other community members have an opportunity to learn, and the internet becomes a safer place to socialize and do business.
ABOUT FIRST The Forum of Incident Response and Security Teams (FIRST - www.first.org) can help in all of this. FIRST was created in 1990 after the outbreak of the Morris Worm (a whole other story) to enable parties to collaborate, co-ordinate and learn from each other. From a small nucleus of some 15 teams it has now grown to approximately 500 across the globe. Teams come from a variety of areas - nation states, international companies, academia, regional teams. All these teams understand that we are better when organizations work together and assist each other. FIRST is a welcoming crowd. FIRST members recognize that collaboration during an incident is imperative, so they typically are very happy to help, even their competitors and across countries. A good place to start this collaboration is to participate at the annual FIRST conference, which is open to non-members too.
Issue: 005; August 2019
Taking these steps, your organization will be in a better place to effectively respond to a security incident. Finally, think of your organization in the context of a supply chain. Most organizations care about a breach of customer information. But even more persistent and concerning can be the effect your products and deliverables have on other organizations. If you’re in such a position, for instance as a B2B provider selling hardware and software, or providing a service that when interrupted, would impact critical infrastructure, the narrow definition of a data breach may not be what you are most concerned about, and you’ll have different risks to analyze and address.
FIRST HAS FOUR MAJOR GOALS: Every FIRST member can successfully find a FIRST member to work with during any incident, whether in another country or industry. FIRST will continue to invest in outreach, both to additional industry sectors and regions; furthermore, FIRST ensures that FIRST’s CERT directory is used and useful for finding other FIRST members. FIRST teams know they can rely on FIRST teams. FIRST members have a common understanding of methods and issues. We are committed to ensuring that FIRST members can trust in the fact that other FIRST members meet a minimum level of capability. We will invest in training and education to ensure that knowledge sharing is effective, comprehensive and the same among all members. When FIRST members trust each other, they have a toolset they can use to automate sharing. To improve collaboration, FIRST will support its members to develop shared tools and standards so they can efficiently and reliably share information. FIRST members can work in an environment that is conducive to their mission. Increasingly the work of FIRST members is affected by legislation and policy. FIRST seeks to engage with policymakers to educate about its member’s needs. If you would like to know more about FIRST have a look at our website (www.first.org) or contact us at first-sec@first.org.
45
Industry Trends
Cylance Lists 5 Top Threats in 2019 Emotet, a variant of the Feodo trojan family, first emerged in 2014 as a threat designed to steal banking credentials and other sensitive information. It is most often propagated by phishing emails containing an infected document or malicious website link.). Top Industries impacted: Government,Healthcare, Non-profit Ludbaruma, also known as Rontokbro and Brontok, is a mass mailer worm written in VisualBasic. This worm, first identified more than 10 years ago, has resurfaced through many variants over the years.). Top Industries impacted: Manufacturing, Technology, Education Upatre often arrives as a malicious email attachment. It has been associated with several botnets and exploit kits. Upatre may display the icon of a recognized file or application to lure users into clicking on it, and can update itself or expand its functionality by connecting to C2 servers and downloading additional code. Top Industries impacted: Technology, Professional Services, Manufacturing GandCrab is an actively maintained ransomware. It is offered by ransomwareas-a-service providers and saw at least five major version releases in 2018. As of the release date of this report, pricing for
What is Predictive Advantage?
GandCrab ranges between $500 (Standard) and $1,200 (Premium). Top Industries impacted: Construction, Finance, Manufacturing/Technology Neshta has been observed since 2003, and is an older file infector that is still prevalent in the wild. It prepends malicious code to infected files. This threat is commonly introduced into the environment by being unintentionally downloaded or dropped by other malware. Top Industries impacted: Manufacturing, Finance, Consumer Goods. If there is one threat that dominated 2018 in terms of propagation and persistence, it is Emotet. The Emotet of 2018 is a vastly different creature from the original 2014 version. It has evolved from a banking trojan into a robust and multi-faceted threat tool. Cylance observed numerous Emotet campaigns throughout 2018, a majority of which delivered additional (or later stage) malware payloads. Emotet has become a go-to tool for the distribution of Trickbot, IcedID, Qakbot, and many ransomware families. The key to Emotet’s success is polymorphism paired with dynamic binaries and infrastructure Malicious document templates are typically rotated every ten minutes during active campaigns”
Predictive Advantage is a unit of measurement applied to security solutions that measures “how far into the future its protection is seen to reach. For example, if it protected against a threat that was created one year after the product was built, then it would have a predictive advantage (PA) of 12 months.” Cylance’s malware PA scores reflect the time elapsed between the creation of a Cylance security model and the first documented emergence of that detected threat type . Why does PA matter? The PA unit of measurement provides insight into how advanced the machine learning training was for a particular security solution model . A model that can block a threat that arrives on the scene 24 to 30 months after that model was introduced can be considered a very robust and expertly trained model.
46
Cylance’s 2019 Key Findings • Most popular infection vector: Phishing/email . • Malware attack volume increase: Cylance customers experienced a 10% overall increase in malware attacks in 2018 . • Top cyber attack industry targets: The top three targets among Cylance customers for cyber attacks were the food industry, logistics industry, and non-profit organizations . • Top ransomware industry targets: The technology sector was the primary target for ransomware attacks in 2018 . Consumer goods and manufacturing placed second and third . • The rise of coinminers: Coinminer detections increased by 47% . • Coinminer industry targets: The top three targets of coinminers were the food industry, technology sector, and professional services . • OS X attacks: OS X was targeted by coinminers, adware, ransomware, and trojans . • IoT Attacks: The Mirai codebase is still being leveraged to launch attacks against IoT devices .
SOURCE: Cylance 2019 Threat Report
Issue: 005; August 2019
Cyber Strategy
The Role of National Cyber Strategies in Cyberspace Security by VIRGINIA A. GREIMAN Senior Advisor, Centre for Strategic Cyberspace + Interna onal Studies (CSCIS)
Cyber strategies are a critical force in establishing mandates for our evolving cybersecurity ecosystem. The World Economic Forum’s 2018 Global Risks Report ranks both large-scale cyberattacks and major data breaches or fraud among the top five most likely risks in the next decade. Though initial cyber strategies were more aspirational, in recent years these strategies are providing more secure frameworks for national cyber agendas and legal and ethical responsibilities. Over the past 10 years, national governments have been developing strategies to address emerging security threats associated with the rapidly expanding use of the Internet global network, artificial intelligence and related technologies. These threats have developed into significant national-level problems that include balancing the needs of national security, corporate competitiveness, and privacy protection. Control over national security, criminal conduct, critical infrastructures, global financial services, competitive strategy, medical records, international trade, intellectual property, privacy and a host of other important rights and responsibilities is governed by a paradigm that is conducted in the virtual world. Cyber activity has introduced a whole new meaning to “globalism.” Figure 1 illustrates the challenges that governments face in adopting these strategies based on balancing the needs of the national cyber infrastructure system.
What is a Cyber Strategy? A national cyber strategy outlines a vision and ar-
Issue: 005; August 2019
ticulates priorities, principles, and approaches to understanding and managing cyber risks at the national level. Failure to prioritize cybersecurity by both government and industry leave nations less secure. Cybersecurity strategies vary by country and represent different interests from a focus on protecting critical infrastructure to improving national intelligence and defense. Cyber threats include cyber warfare, economic and corporate espionage, terrorism and cybercrime. Strategies require hard choices. The goals of cyber security strategies vary widely as do the methods for implementation. They include: the governance of big data and societal Interest, attack and response theory, standards for government agencies, resilience (strengthening protection), international partnerships, research and development, and institutional reform. Cyber security is just one pillar of most national cyber strategies. Until relatively recently, the term ‘national security’ was largely used only within the United States. The widespread introduction of dedicated ‘national security strategies’ (NSS) in a number of OECD countries is a relatively recent phenomenon that appears to
47
Cyber Strategy
Figure 1: The Cyber Triumvirate Source: Greiman, V.A. (2016) Na onal Intelligence, Corporate Compe veness and Privacy Rights: Co-exis ng in Cyberspace, The Global Studies Journal, Vol. 9 (3), 43-56, September.
have been closely tied to a shift in strategic thought away from focusing on a few specific ‘threats’ to the idea of mitigation against myriad ‘risks’. The growing number and intensity of cyber-attacks requires a closer look at national cyber strategies. States in all regions of the world now have cyber strategies, reflecting regional mandates (particularly in Europe), multilateral and bilateral discussions, or efforts at assistance in developing national programs. However, as recognized by the European Network for Cyber Security (ENISA), negotiating a multinational agreement involving cyber security will be more diffi-
48
cult due to different perspectives among States. These differences include regulation of content, standards of proof, the extent of extraterritorial investigation, the scope of privacy and the restriction on economic growth by limiting the control exercised by the private sector over the Internet. The lack of common understanding and approaches between countries may hamper international cooperation, the need for which is acknowledged by all countries. While national strategies may be led by governments, the development of information sharing, policy development, and risk management must be led
Issue: 005; August 2019
by the private sector as they are the primary owners and operators of our cyber systems. The PricewaterhouseCoopers (PwC) 2018 Global State of Information Security Survey of 9,000 business leaders from 122 countries reported that only 31 percent of boards participate in the review of current security and privacy risks, and only 44 percent are involved in setting overall security strategy. Cyber security requires a much more cohesive approach to policy making and organizational governance, not only within the government but within the private sector as well. However, in order for the private sector to understand its role in protecting the nation’s infrastructure, cyber strategy must begin at the national level. Legal frameworks should be based upon a principled national strategy that sets a clear direction to establish and improve cybersecurity for government, academia, research and development, business enterprises, consumers, and the technology companies who serve those communities, and society at large. This approach has been advanced by Microsoft and supported by other multinational technology companies. National strategies should include international standards such as ISO/IEC standards on vulnerability and national standards such as the NIST standards used in the United States, and individual protections against privacy breaches, discriminatory treatment, and Internet access.
Characteristics of National Cybersecurity Strategies Contrasting the cybersecurity strategies of the United States, Asia, and the European Union reveals the following common goals all of which are important goals every strategy should include: (1) develop cyber defense policies and capabilities; (2) achieve cyber resilience; (3) reduce cybercrime; (4) support industry on cybersecurity; (5) secure critical information infrastructures; (6) develop the industrial and technological resources for cybersecurity; and (7) contribute to the establishment of an international cyberspace policy. The recognition that the private sector plays an overriding role in cyber security has created a provision in some recent strategies for incentives for the private sector to invest in security measures. The level of maturity of national cybersecurity strategies varies widely with some States having developed more sophisticated cybersecurity governance structures, while others are still in the planning phases without metrics, standards or methodologies for assessing their efficiencies. Moreover, most strategies do not include what they consider to be a serious threat that might amount to cyber warfare or a terrorist at-
Issue: 005; August 2019
tack, or how existing strategies can cope with rapidly changing threat dynamics. Nor do national strategies discuss the policies or legislation that is needed to address and prevent these attacks. For instance, South Africa’s National Cybersecurity legal policy framework acknowledges that the South African Cybersecurity legal framework will not be a homogeneous document but a collection of legislations, which when viewed collectively will ensure that South African cyberspace is secure. Most strategies recognize the significant role of the private sector in securing cyberspace and that policies should be based on public-private partnerships, which may include business, civil society and academia. However, they place variable emphasis on this aspect and few clearly describe how public-private partnerships are developed, who should be involved in the partnership and how they will be managed and controlled. In some state strategies it is merely a concept, while in other strategies it is a key pillar.
Selected Cyber Security Strategies The EU Cybersecurity Act came into force on 27th June 2019. The Cybersecurity Act aims to achieve a high level of cybersecurity and cyber resilience, and to promote individuals’ trust in the EU digital single market. The Cybersecurity Act aims to reinforce ENISA’s role as the EU’s center of advice and expertise with regard to cybersecurity matters and to facilitate the development and implementation of EU policy and law. The Act introduces a voluntary, centralized cybersecurity certification framework, thereby avoiding a splintered approach by Member States adopting their own separate standards. In the United States, strengthening cybersecurity capabilities by bolstering cyber defence and cyber deterrence are two of the country’s highest priorities. The 2018 U.S. National Cyber Strategy promotes four pillars: Defend the homeland by protecting networks, systems, functions, and data; (2) Promote American prosperity by nurturing a secure, thriving digital economy and fostering strong domestic innovation; (3) Preserve peace and security by strengthening the ability of the United States — in concert with allies and partners — to deter and, if necessary, punish those who use cyber tools for malicious purposes; and (4) Expand American influence abroad to extend the key tenets of an open, interoperable, reliable, and secure Internet. The government in Japan has updated its strategy every few years since the first one was released in 2013. The WannaCry ransomware attack in May 2017
49
Cyber Strategy
in Japan that infected 2,000 computers at 600 organizations may have increased the urgency for moving forward with its new strategy. Japan’s newest strategy published in 2018 aims to improve the cybersecurity of Japanese critical infrastructure and encourage Japanese businesses to pursue cybersecurity best practices, both of which will help Japan’s economic growth and innovation. A focus on improving cybersecurity in the private sector is central to the new strategy. In December 2016 the Cyberspace Administration of China (CAC) released its National Cybersecurity Strategy which illustrates and reaffirms China’s main positions on cyberspace development and security. The Strategy aims to build China into a cyber power while promoting an orderly, secure, and open cyberspace and safeguarding national sovereignty. The Strategy addresses cybersecurity as “the nation’s new territory for sovereignty” and marks a new step in streamlining cyber control. Its major objectives are in alignment with the key cyber strategies of other countries including the protection of national security, defending cyberspace sovereignty, protecting critical infrastructure, fighting cybercrime, and strengthening international cooperation.
International Strategies It is not sufficient today to just focus on national strategies. If we are to defeat the global threats of cybercrime, cyber terrorism and economic espionage we must have global partners to assist in combatting and responding to these threats. Though national strategies are evolving rapidly, and many stress the impor-
tance of the international dimension of cybersecurity and the need for better alliances and partnerships with likeminded countries or allies, including capacity building of less developed countries, clearly articulated international strategies for cyberspace are still in the early stages of development. Partnerships already exist with many international organizations on cyber infrastructure and security-including the International Criminal Police Organization ( INTERPOL), the United Nations, the G-8 alliance, NATO, the Council of Europe, the Asia-Pacific Economic Cooperation forum, the Organization for Economic Cooperation and Development (OECD), the International Telecommunications Union (ITU), the European Council on Cybercrime, and the International Organization for Standardization (ISO). The Group of Eight (G-8) and private groups such as the Internet Alliance have issued guidelines aimed at making voluntary cooperation more effective. Although these groups recognize that international cooperation is essential, they have yet to accept that an international treaty establishing legally mandated standards and obligations should be negotiated. As argued by scholars and policymakers there exists a strong case for a legally mandated, international regime to advance agreement on codes of conduct, norms, and international treaties. Some scholars have suggested the establishment of an international agency, modeled along the lines of specialized United Nations agencies, to prepare and promulgate— on the basis of advice from nonpolitical experts—standards and recommended practices to enhance the effectiveness of protective and investigative measures.
SUMMARY Nations depend on cyberspace for the gathering of national intelligence, increasing corporate competitiveness, improving the economy and the quality of life of all its citizens. Thus, reducing the risks of cyberspace is critical to a nation’s prosperity. Conflicting goals and challenges have emerged from the overlapping interests and responsibilities of the various actors in cyberspace. The resulting triumvirate of national interests, privacy and global competitiveness is now far more complex than each of the individual issues and dominates much of the discourse about cybersecurity. Prioritizing these interests creates conflicts that result in compet-
50
ing concerns that cannot be easily reconciled. It also raises the importance of the need for collaboration and partnering to resolve universal problems and the need for better national intelligence and defense. A global legal framework that balances national and private interests would enhance confidence and improve legal certainty in the global electronic marketplace. As national cybersecurity strategies continue to evolve it will be essential to identify the commonalities among these strategies so that a model for harmonizing the shared interests of all nations in a peaceful and secure world can be developed and implemented.
Issue: 005; August 2019
Cyber Governance’s Unity and Opposition: A View of Three Dimensional Perspective Theory by General HAO YELI re red President of Guanchao Cyber Forum
C
yber is a virtual space created by human. It has special features beyond the physical world, yet closely related to and interacting with it. Internet or world wide web has changed our world to an interconnected sphere and transformed the traditional geopolitics into virtual network relations.
Issue: 005; August 2019
Our living space has become compressed, because of its closely connected relationships. In the context of a new era, the new virtual space comes with new security threats, that require us to broaden our horizon to look at today’s cyber issues in perspective, to avoid a single-point thinking that is narrow and absolute. Nation-state, international community and cit-
51
Cyber Strategy
izen are the three major actors in the cyberspace, their proposition needs to be considered and properly balanced. The three perspective theory creates a tri-angular framework. Within the framework, cyber is a shared space in which we should seek common grounds and co-governance, meanwhile respect each actor’s core interest and unique value, allowing differences and consisting of diversity. Cyber issues shall be studied and discussed using multi-layered, multi-dimensional, scientific, and dynamic methodologies. The three-perspective theory is extremely important for maintaining stability,
52
reducing misunderstanding, and avoiding bilateral opposition. A new era calls for a new awakening of civilization, which zero-sum gaming and the law of the jungle shall give way to cooperation and global solidarity. In the cyberspace people must develop a worldview of common destiny and use three-perspective framework as a key to tackle diďŹƒcult issues and come up with solutions. Eventually, the new worldview along with suitable methodology, serving as a bridge, will lead us to a cyberplace that is collaborative and peaceful.
Issue: 005; August 2019
Cyber Innova on & Cyber Start-Ups
Forbes Cited the Top 10 Cybersecurity Companies to Watch The top ten cybersecurity companies reflect the speed and scale of innovation happening today that are driving the highest levels of investment in the cyber industry has ever seen”, said Louis Columbus, contributor of Forbes said in June 2019. In his article, he listed the following top ten cybersecurity companies to watch in 2019
Christy Wya , CEO, Absolute, based in Aus n, Texas
Absolute – is a self-healing endpoint security, always connected visibility into their devices, data, users, and applications. Its slogan is: Always There, Already There. In its website it says: “Absolute is the first and only company to offer uncompromised visibility and near real-time remediation of se-rce. curity breaches at the source. 0 milEmbedded in more than 500 lion devices.” “Its persistence selfchhealing endpoint security technology gives IT pros complete control over devices and data”. Sandra Toms recently joins the team as Chief Marketing Officer (CMO), having most recently been at RSA Security, where she led and curated the RSA Conference, successfully increasing the global attendance from under 2,000 to nearly 50,000, and catapulting its success into the world’s premier cybersecurity event. It will be a big plus to the team.
Issue: 005; August 2019
Stuart McClure, President of BlackBerry Cylance, based in Irvine, California
BlackBerry is an Artificial Intelligence and Predictive Security; BlackBerry Cylance uses AI and machine learning to protect the entire attack surface of an enterprise with automated threat prevention, detection, and response capabilities. It focuses the power of artificial us intelligence on autonomous at is security decision making that ackdesigned to stay ahead of attackers—years ahead. esi Stuart McClure, President of BlackBerry Cylance, based in Irvine, California Stuart was the Co-founder of Cylance which was acquired by BlackBerry Limited in 2019, he was the visionary behind developing its revolutionary preventative AI approach to threat detection, protection and response.
53
Cyber Innova on & Cyber Start-Ups Tim Steinkopf, CEO at Centrify, based in Santa Clara, California
Centrify is a Privileged Access Management by delivering cloud-ready Zero Trust Privilege to secure modern enterprise attack surfaces. Industry research firm Gartner predicted Privileged Access Management (PAM) to be the second-fastest growing segment for ink formation security and risk ldmanagement spending worldwide in 2019 Zero Trust Privilege sereast vices help customers grant least i privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity and costs for the modern, hybrid enterprise.
Ma hew Prince, Founder & CEO, CloudFlare based in San Francisco, California
ClouldFlare – is a webbased performance and security company that provides online services to protect and accelerate website online, including Cloudflare CDN, Cloudflare Optimizer, CloudFlare Security, and CloudFlare Analytics. Its security platform provides SL protection from spame, QSL injection, and DDOS.
Simon Biddiscombe, President and CEO, MobileIron, based in Mountain View, California
George Kurtz, Co-founder & CEO, CrowdStrike, based in Sunnyvale, California,
CrowdStrike – is a cloud-delivered endpoint protection platf form using artificial int telligence tool, It offers in instant visibility and protect tection across the enterprise and prevents attacks on endpoin on and off the netendpoints work. C CrowdStrike Falcon uses sophist sophisticated signatureless an AI and Indicator-of-Attack (IoA) based threat prevention to stop known and unknown threats in real time.
54
MobileIron – MobileIron is a mobilecentric, zero trust app proach platform, that is built on an unified en endpoint management (UE (UEM) foundation to secure access a across the perimeter-less enterprise, it offers prevision to an any device for a user with appro the appropriate apps profiles and policies, grand access based on a full context, protect data at rest and in motion by containerizing and eliminating threats on the devices. What make Mobileiron unique is its Zero Sign-on (ZSO) method to cloud service on managed devices, Enterprise security team no longer have to trad off security for better user experience.
Issue: 005; August 2019
Danny Kibel, CEO, Idap ve, based in Santa Clara, California
ers Next-Gen Access, protecting organizations from data breaches through a Zero Trust approach. Idaptive secures access to applications and endpoints by verifying every user, validating their devices, and intelligently limiting their access. Secures access everyywhere, for any user, to any appliplication, from any device — elimiliminating friction and reducingg IT burden. Their product and services strategy reflects a “never trust, always verify” approach to access, from inside or outside the network. Adaptive Multi-factor Authentication (MFA); Modern Single Sign-on (SSO) Provisioning and Lifecycle Management; Endpoint and Mobile Security Management Danny Kibel, CEO, Idaptive, based in Santa Clara, California Prior to taking the helm at Idaptive, Danny was Vice President of Engineering & Operations at Centrify, where he led the development and delivery of the company’s cloud identity and mobility products.
Uri May, Co-Founder & CEO, Hunters. AI, based in Tel Aviv, Israel
Hunters.AI excels at auH to tonomous threat hunting b by capitalizing on its auttonomous s ystem that connects to multiple channels within an organization and detects tthe signs of potential cyber-attacks.
Issue: 005; August 2019
Kount – providing fraud management, identity verification and online authentication technologies that enable digital businesses, online merchants and payment service providers to identify and thwart a wide spectrum of threats in realtime. Used by 6500 brands mglobally, its technology combines device fingerprinting, supervised and unsupervised maaud, chine learning, to stop fraud, tion reach their digital innovation goals.
Ramin Sayer, President and CEO, Sumo Logic , based in Redwood City, California
Sumo Logic Sumo Logic is a secure, cloud-native, machine d data analytics service, del livering real-time, conti tinuous intelligence from stru structured, semi-structured, and unstructured data across the en entire application lifecycle and st stack. It is built to scale , in the th cloud, machine learniing powered analytics, and secure by design. It is recent announced to have launched powerful global threat benchmarking service for Amazon Web Service (ASW), to deliver virtually real-time actionable insights that allow customers to benchmark themselves against other adopters of Amazon Web Services (AWS) cloud infrastructure to further strengthen cloud security posture, improve threat detection, and enhance regulatory compliance.
55
Source: https://www.forbes.com/sites/louiscolumbus/2019/06/16/top-10-cybersecurity-companies-to-watch-in-2019/#3cdd27296022
Bradley J. Wiskirchen CEO , of Kount, based in Boise, Idaho
Idaptive – Idaptive deliv-
Cyber Innova on & Cyber Start-Ups
格尔软件 — KOAL http://www.koal.com/
安博通 — ABT http://www.abtnetworks.com/ 爱加密 — ijiami http://www.ijiami.cn/
中新网安 — CNZXSOFT http://www.cnzxsoft.com/
永信至诚 — Integritytech http://www.integritytech.com.cn/
优炫软件 — UXSINO http://www.uxsino.com/
明朝万达 — Wondersoft http://www.wondersoft.cn/
慧盾安全 — SmartSecuri http://www.smartsecuri.com/
通付盾 — Pay Egis https://www.tongfudun.com/
盛世光明 — Safe Soft Great Maker http://www.ssgm.net/
锐捷网络 — Ruijie Network http://www.ruijie.com.cn/
圣博润 — SBR-info http://www.sbr-info.com/
科来 — Colasoft http://www.colasoft.com.cn/
赛博兴安 — CYBERXINGAN http://www.cyberxingan.com/
COMPETITIVE ADVANTAGED
亿赛通 — ESAFENET http://www.esafenet.com/
芯盾时代 — TRUSFORT http://www.trusfort.com/
齐治科技 — QIZHI TECHNOLOGY https://www.shterm.com/
安华金和 — DBSEC https://www.dbsec.cn/
观安信息 — Information & Data Security Solutions Co., Ltd. https://www.idss-cn.com/
指掌易 — ZHIZHANGYI https://www.zhizhangyi.com/ 威努特 — WINICSSEC http://www.winicssec.com/
中孚信息 — Zhongfu http://www.zhongfu.net/
竹云 — BambooCloud http://www.bamboocloud.cn/
联软科技 — LEAGSOFT https://www.leagsoft.com/
天行网安 — TOPWALK http://www.topwalk.com/
可信华泰 — HTTC INFO TECH https://www.httc.com.cn/
吉大正元 — JIT http://www.jit.com.cn/
美创科技 — MEICHUANG http://www.mchz.com.cn/
三零卫士 — 30wish http://www.30wish.net/
瀚思科技 — HanSight https://www.hansight.com/
金盾软件 — Goldencis http://www.goldencis.com/ 锐安科技 — Run Technologies http://www.bjrun.com/
青藤云安全 — QINGTENG https://qingteng.cn/ 中油瑞飞 — Richfit http://www.richfit.com/
鼎普科技 — TIPS http://www.tipfocus.com/
交大捷普 — Jump http://www.jump.net.cn/
安信天行 — ANXINTIANXING https://www.axtx.com.cn/
安全狗 — SAFEDOG http://www.safedog.cn/
上讯信息 — SUNINFO http://www.sxis.com/
INDUSTRY’S POTENTIALS
博智软件 — ELEX http://www.elextec.com/
东软 — Neusoft https://www.neusoft.com/cn/ 百卓网络 — Byzoro http://www.byzoro.com/ 众人科技 — Peoplenet http://people2000.mobi/ 国舜股份 — Unisguard http://www.unisguard.com/ 启迪国信 — NationSky https://www.nationsky.com/ 长城网际 — Cyberspace Great Wall http://www.cecgw.com.cn/
志翔科技 — ZSHIELD INC http://www.zshield.net/ 盛邦安全 — WebRAY http://www.webray.com.cn/ 安胜 — ANSCEN http://www.anscen.cn/ 华途科技 — Vamtoo http://www.huatusoft.com/ 长亭科技 — CHAITIN https://www.chaitin.cn/zh/
天空卫士 — SkyGuard http://www.skyguard.com.cn/
Source: AQNIU.COM
56
Issue: 005; August 2019
LEADERS
奇安信 — QI-ANXIN https://www.qianxin.com/ 启明星辰 — Venustech — http://www.venusense.com/
Cyber Security of China PLAYING LEADING ROLE
绿盟科技 — NSFOCUS http://www.nsfocus.com.cn/ 深信服 — SANGFOR http://www.sangfor.com.cn/ 天融信 — TOPSEC http://www.topsec.com.cn/ 新华三 — H3C http://www.h3c.com/ 亚信安全 — AsiaInfo https://www.asiainfo-sec.com/
山石网科 — Hillstone https://www.hillstonenet.com.cn/ 安天 — ANTIY https://www.antiy.com/
360 — 360 https://www.360.cn/ 腾讯 — Tencent https://www.tencent.com/ 百度安全 — Baidu Security https://anquan.baidu.com/
知道创宇 — KNOWNSEC http://www.knownsec.com/
京东云 — JDCloud https://www.jdcloud.com/
网御星云 — LeadSec http://www.leadsec.com.cn/
卫士通 — Westone http://www.westone.com.cn/
中国电信(云堤) — Damddos http://www.damddos.com/
飞天诚信 — FEITIAN http://www.ftsafe.com.cn/
恒安嘉新 — EVERSEC http://eversec.com.cn
太极安全 — TAIJI http://www.taiji.com.cn/
蓝盾股份 — BLUEDON http://www.bluedon.com/
中国通服 — CHINA COMSERVICE http://www.chinaccs.com.cn/
迪普科技 — DPtech http://www.dptech.com/
天地和兴 — TIANDIHEXING http://www.tdhxkj.com/
梆梆安全 — BANGCLE https://www.bangcle.com/
中睿天下 — Zorelworld http://www.zorelworld.com/ 中安威士 — VISUALSEC http://www.csbit.cn/ 天际友盟 — Tianji Partners https://www.tj-un.com/ 江民科技 — JIANGMIN http://www.jiangmin.com/ 烽台科技 — FENGTAI TECHNOLOGY http://www.fengtaisec.com/
Issue: 005; August 2019
阿里云 — Alibaba Cloud https://www.aliyun.com/
安恒信息 — DBAPPSecurity https://www.dbappsecurity.com.cn/
美亚柏科 — Meiya PICO https://300188.cn/
INDUSTRY’S POTENTIALS
华为 — HUAWEI https://www.huawei.com/cn/
帕拉迪 — PLDSEC http://www.pldsec.com/index.php 安数云 — Datacloudsec http://www.datacloudsec.com
网易易盾 — NETEASE YIDUN http://dun.163.com/ 北信源 — VRV http://www.vrv.com.cn/
PLAYING LEADING ROLE
数字认证 — BJCA https://www.bjca.cn/ 任子行 — SURFILTER http://www.1218.com.cn/ 立思辰安全 — LANXUM http://security.lanxum.com/ 中兴通讯 — ZTE https://www.zte.com.cn/china/ 信安世纪 — Infosec http://www.infosec.com.cn/
57
Cyber Innova on & Cyber Start-Ups
Recommenda on of Outstanding Enterprises in Characteris c Segmenta on Field Note: The enterprises from this list do not appear in the Top 100 matrix chart, but are outstanding enterprises in a certain segment of cybersecurity, a total 20. Each grade is on a 5-point scale. Product Technology:
Database Security ANKKI From an ini al database audit, it is shown to have expanded to database security line products with rapid growth.
Next-genera on Applica on Security Anbai Technology A new genera on of applica on security company featuring RASP. The core team has years of web security experiences with a leading product philosophy.
d-Ear Technologies With a combina on of academic research and business development capabili es, the company is likely to grow into a highly valued technology company in a general direc on of biometric technology.
Staff Structure:
Industry Users:
Encrypted Traffic Analysis
Development Direc on
Viewintech The only startup in China that focuses on encrypted traffic analysis. The core team members are senior technical talents in the industry.
Terminal Security Huorong A new genera on of an -virus so ware technology representa ve firm, the company is good at virus analysis technology incorpora ng EDR of an -virus technology.
Voiceprint Recogni on
Cyberspace Asset Mapping Huashunxinan It is the first startup company in China to propose the concept of cyber space asset mapping, with a certain scale of cybersecurity related data accumula on.
AI+ industrial Security Cloud Fortress Cybersecurity Talent Training + Awareness Educa on FIT2CLOUD The company is a world-renowned open source springboard machine with high technical reputa on and a large number of users in the open source community.
GOOANN Ins tute One of the earliest teams in China to focus on cybersecurity personnel training and enterprise-level cyber security awareness, it has a good reputa on with an extensive influence.
6 Cloud
Automa c A ack and Defense
Extending the concept of threat immunity to industrial Internet security, the company has independent AI algorithms with model research teams, and integrates an understanding of security intelligence from the architectural level.
It is the first start-up company in China aiming at automa c intrusion simula on, which fits the current general trend of a ack and defense drills.
Moyunsec Technology
Qinglianyun
Spoofing Defense + Code Security
IOT Security
Moresec The core team is made up of Alibaba Cloud’s senior security experts, and the first company in China introduces a decep ve defense concept.
It is an early domes c start-up company focusing on smart devices and Internet of things. Its methodology and technical system have been established with an addi onal verifica on.
VEDA
Cloud Security Next-genera on Data Security Imuuzi It is the earliest security start-up advoca ng datafloworiented in China, and the founding team has a profound understanding of enterprise security.
Yunanbao It is the first startup company in China to propose the concept of “waterproof fortress” (security-driven intelligent data analysis pla orm), and its core team has a profound understanding of cloud architecture.
Next-genera on SOC Penetra on Tes ng Clover Sec A leader in security service capabili es in western China, the company has many years of experience in security a ack and defense, and a senior contributor to major security emergency response pla orms in China.
58
Dynamic Defense
It is the first start-up enterprise in China to advocate the dynamic defense concept of network equipment. The founder is the first-class security offensive and defensive senior talent in China.
Online Interac ve Security Threat Hunter It is a start-up that provides threat intelligence support for online interac ve security. The core team has a deep understanding of Internet interac ve business and comba ng dark produc on.
Offensive and Defensive Pla orm CyberPeace The company is based on large-scale compe on resources to build simula on laboratory, training pla orm, compe on pla orm and network shoo ng range. It is the earliest start-up enterprise focusing on a ack and defense pla orm in China.
Cybersky The company’s core team comes from the senior SOC team of leading domes c firms, with years of technical and business experience and accumula on.
Cloud An -DDoS Cloudaemon The company is building a new cloud an -DDoS system, which can dynamically increase or decrease the mi ga on module. It fills market gap for an -DDoS technology in China.
Issue: 005; August 2019
Notable Early Stage U.S, Cybersecurity Rounds In 2019 by CRUNCHBASE NEWS Company Name Blue Hexagon
Crunchbase Descrip on Blue Hexagon offers an on-device machine learning-based malware detec on so ware.
Lead Investors
Round Type/Amount Raised(USD)
Al meter,Benchmark
$31M Series B
Bishop Fox
The largest private professional services firm focused on offensive security tes ng.
Forge Capital
$25M Series A
deepwatch
Cloud-based Managed Security Services Pla orm(MSSP).
ABS Capital Partners
$23M Series A
Fortanix
Fortanix solves cloud security and privacy using Run me Encryp on(R) technology build upon Intel SGX.
Intel Capital
$23M Series B
SpyCloud,inc.
SpyCloud offers early warning solu ons to business to prevent compromises on employees and customer account.
M12
$21M Series B
RiskLens
RiskLens is a provider of cyber risk management so ware that empowers business execu ves to manage organiza ons.
Paladin Capital Group
$20.6M Series B
Obsidian Security
AI powered cybersecurity company focused on hybrid-cloud environments.
Wing Venture Capital
$20M Series B
Aporeto
Cloud-na ve security for contaniers and microservices.
Comcast Ventures
$20M Series B
Dell Technologies Capital
$17M Series B
General Catalyst
$16.5M Series A
Cequence Security
Cequence has developed an Applica on Security Pla orm to protect web, mobile,and API applica ons.
Armorblox
Armorblox uses deep learning and natural language understanding to protect enterprise communica ons.
Ordr
Ordr is a company developing a netwok-level cybersecurity pla orm.
TenEleven Ventures
$16.5M Series A
Sqreen
Sqreen is a monitoring and protec on pla orm made to be incredibly powerful yet very easy to use,
Greylock Partners
$14M Series A
Valley Capital Partners
$13.2M Series A
Partech
$11.7M Series A
Stella Cyber Inc,
Odaseva
Stellar Cyber is a security analy cs provider.
Odaseva develops cloud-based so ware solu ons.
Issue: 005; August 2019
59
Cyber Innova on & Cyber Start-Ups
Israel Top 10 Most Promising Cybersecurity Startups Israel is a nation full of booming tech startups. In fact, according to the 2018 Global Startup Ecosystem Report, Tel Aviv has more startups per capita than anywhere else in the world, earning it the reputation of being the Silicon Valley of the Middle East, or better known as Silicon Wadi. A list of Most Promising Israeli Cybersecurity Startups for 2019, compiled by CyberDB.
XM CYBER
SILVERFORT Corporate networks are going through dramatic changes due to IT revolutions like cloud, IoT and BYOD. With countless devices and services connected to each other without clear perimeters, users must be authenticated before accessing any sensitive resources. Silverfort delivers strong authentication across complex corporate networks and cloud environments, without requiring any software agents, proxies or local configurations. Silverfort seamlessly enables adaptive multi-factor authentication for all sensitive users, devices and resources, including systems that don’t support it today, such as IoT devices, homegrown applications, critical infrastructure and more. Silverfort enables enterprises to prevent data breaches, comply with regulatory requirements and migrate sensitive assets securely to the cloud.
Noam Erez, XM Cyber, CoFounder and CEO
In order to prevent cyber-attacks, organizations should identify in advance attack vectors that hackers will utilize to compromise their critical assets. Moreover, security holes should be remediated as soon as they are created and before attackers utilize them. XM Cyber’s multi-award-winning breach and attack simulation (BAS) platform identifies continuously attack vectors and prioritizes remediation. The platform provides organizations with a clear understanding, at any given time, of where and how hackers will compromise their crown jewels. XM Cyber was founded by executives from the Israeli cyber intelligence community and has offices in the US, UK, Israel and in Australia.
Website: https://www.silverfort.com/
Hed Kovetz, Silverfort, CEO, Co-Founder
Website: https://xmcyber.com/
60
Issue: 005; August 2019
SIXGILL Cybersecurity companies often rely on manual or semi-automatic processes to gather and analyze intelligence, creating a lengthy, expensive and ineffective intelligence cycle that fails to mitigate threats. Founded in 2014, Sixgill provides cyber threat intelligence solutions based on coverage of exclusiveaccess to deep and dark web sources, to enterprises around the world including Fortune 500 companies, financial institutions, and law enforcement agencies. In 2017, Sixgill was awarded a “Top 10 Most Innovative and Promising Companies of the World” at the Netexplo/UNESCO Paris conference and was included in the Disrupt 100. In 2016, Sixgill was named one of the “Top 5 Most Innovative Companies” at CyberTech Tel Aviv. Website: https://www.cybersixgill.com/
SALT SECURIT Y
Sharon Wagner, Sixgill, CEO
Salt Security protects the APIs at the core of every SaaS, web, mobile, microservices and IoT application. Its API Protection Platform is the first patented solution to prevent the next generation of API attacks, using behavioral protection. Deployed in minutes, the AI-powered solution automatically and continuously discovers and learns the granular behavior of APIs and requires no configuration or customization to ensure API protection. The company was founded in 2016 by alumni of the Israeli Defense Forces (IDF) and serial executives in cybersecurity and in 2019 was selected as a finalist for the RSA Innovation Sandbox. Website: https://salt.security/
Roey Eliyahu, Salt Security, CEO and CoFounder
Issue: 005; August 2019
61
Cyber Innova on & Cyber Start-Ups
INTEZER Intezer’s Genetic Malware Analysis technology identifies code reuse among trusted and malicious software to detect advanced cyber threats. The technology determines whether a file is trusted or malicious, while also classifying the malicious file to its relevant malware family and providing information about the level of sophistication and the threat actor behind the attack, within seconds. The company also offers a free community edition where users can detect code reuse to obtain insights about malware families and threat actors. Fortune 500 companies leverage Intezer to automate their malware analysis and classification and reduce false positives — improving security operations and accelerating incident response. The company’s technology has provided crucial insights in several high profile cyber attacks before leading engines and government agencies, including APT28, MirageFox, NotPetya and WannaCry. Intezer was named a Cybersecurity Excellence Awards 2019 winner for Best Cybersecurity Company and Cyber Defense Magazine Infosec 2019 award winners for Cutting Edge Malware Analysis and Incident Response. The company was named an SC Awards USA finalist in the category of Newcomer Security Company of the Year. Website: https://www.intezer.com/
PROTEGO Serverless applications require unique security solutions. Founded in 2017, Protego’s comprehensive SaaS solution helps organizations embrace serverless technology securely. The Platform: • Saves developers & DevSecOps time by automating application hardening & governance within existing pipelines. • Provides CloudAppSec with serverless app visibility & seamless run-time security with function self protection. Protego won the 2019 Cybersecurity Excellence Awards for Best Startup and was named a 2019 Company to Watch by SDTimes Magazine. In 2018, Protego won an Innovator Award from SC Magazine, received Frost & Sullivan’s Global New Product Innovation Award, and won most innovative initiative at the CyberTech Tel Aviv Conference. Website: https://www.protego.io/
Itai Tevet, Interzer, CEO
Tsion(TJ) Gonen, Protego, CEO and Co-Founder
62
Issue: 005; August 2019
SEPIO Sepio is disrupting the cyber-security industry by uncovering hidden hardware attacks. Sepio Prime provides security teams with full visibility into their hardware assets and their behavior in real time. A comprehensive policy enforcement module allows administrators to easily define granular device usage rules and continuously monitor and protect their infrastructure. Leveraging a combination of physical fingerprinting technology together with device behavior analytics, Sepio’s software-only solution offers instant detection and response to any threat or breach attempt coming from a manipulated or infected element. Sepio Systems recently was awarded by Frost & Sullivan the Best Practice and Technology Leadership award for RDM (Rogue Device Mitigation) market. Website: https://www.sepio.systems/
Yossi Appleboum, Sepio, CEO
REBLAZE Founded in 2012, Reblaze is a cloud-based, fully managed protective shield for sites and web applications. Hostile traffic is blocked in the cloud, before it reaches the protected network. Reblaze is a comprehensive web security solution, providing a next-gen WAF, DoS and DDoS protection, bot mitigation, scraping prevention, CDN, load balancing, and more. The platform offers a unique combination of benefits. Machine learning provides accurate, adaptive threat detection. Dedicated Virtual Private Clouds ensure maximum privacy. Top-tier infrastructure assures maximum performance. Fine-grained ACLs enable precise traffic regulation. An intuitive web-based management console provides real-time traffic control. A one-month trial offer allows you to assess Reblaze with no cost, risk, or obligation. Website: https://www.reblaze.com/
Eyal Hayardeny, Reblaze, CEO and Founder
Issue: 005; August 2019
63
Cyber Innova on & Cyber Start-Ups
REGULUS CYBER Regulus Cyber oers Defense for Sensors used in Automotive, Maritime and Aviation. Being the first company focusing entirely on sensor security solutions that protect commonly used sensors for both manned and unmanned systems. The product called Pyramid is oering real-time protection against jamming and spoofing attacks. These attacks can disable or hack sensors such as GNSS, LiDAR, Radar and other mission-critical components. Regulus Pyramid has won several awards including AUVSI Excellence 1st place cybersecurity winner and The Cyberstorm Startup Competition and received $6.3 million in funding from leading VCs in Israel and Silicon Valley. Website: https://www.regulus.com/
MORPHISEC Yonatan Zur, Regulus, CEO and Co-Founder
Morphisec fundamentally changes the cybersecurity scene by shifting the advantage to defenders, keeping them ahead of attacks with moving target defense. Emerging from the national cyber security center and from some of the sharpest cyber security minds in Israel, Morphisec provides the ultimate threat prevention by making sure attackers never find the targets they seek. Website: https://www.morphisec.com/
Ronen Yehoshua, Morphisec, CEO & Board member
64
Issue: 005; August 2019
Indexing the Dark Web by 2020 Stealth Since 2014, One Project Is Capturing Petabytes of Data to Combat Cybercrime by GENE YOO, Resecurity CEO
Today, it’s not enough to know what’s happening in your network. Organizations must have situational intelligence as to what’s happening outside their environment, too: who is targeting them, how are they behaving and who is working together to put the company at risk? That context is critical to combating cybercrime. Without context, intelligence is useless. Resecurity, a cybersecurity company that delivers in-depth analysis layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web, has undertaken a six-year effort to index that information and put it in context. We are creating the first comprehensive index of the dark web. On track for completion by 2020, the project, which began in stealth mode in 2014 and dives deeper into the hidden recesses of the internet than any previous undertaking, is expected to yield multiple petabytes of data that law enforcement agencies and cybersecurity clients can use to thwart cybercrime and investigate threat actors. This massive amount of data, all of which can be acted upon, will be key to facilitating the investigation of complex cybercrime cases. The dark web — those track-
Issue: 005; August 2019
less parts of the internet that traditional search engines do not index and where individuals mask their identities through powerful anonymization tools — is home to innumerable hidden marketplaces, communities, groups and forums used to traffic in illegal goods and services — from child pornography, drugs and weapons to tools for malware and ransomware distribution, even stolen data that can affect national security. By definition the dark web is a completely uncontrolled and unregulated cross-border ecosystem. It poses a problem whose scale is growing rapidly due to cross-border legislation as well as technical barriers affecting law enforcement. This gives cybercriminals enough freedom to perform illegal activities in cyberspace that affect all elements of our society.
65
Cyber Innova on & Cyber Start-Ups
The consequences of cybercrime originating from the dark web impact nearly every industry and cost the global economy as much as $600 billion — about 0.8 percent of global GDP. Security industry experts project that companies around the world could incur costs and lost revenue amounting to more than $5 trillion over the next five years due to cyberattacks. There have been attempts in the past to scan the dark web, but the tools that were available when those efforts were undertaken were extremely primitive. They generated a lot of false positives and noise — and not a lot of truly actionable intelligence. To deliver the maximum visibility into the dark web, to get to the point where we can associate a particular threat actor with his real identity, we need to apply the power of data science and big data, which is exactly what we’re doing at Resecurity. To analyze and store that much dynamic data in a retrospective form, we rely on a range of advanced big data, data science and AI technologies. Trained machine learning models and artificial intelligence engines
66
recognize relevant content by category and mine meaningful information about threat actors and their operations in a near real time. It captures and processes millions of dark web postings every day, including textual, graphical and binary information (containing attachments and other important artifacts), as well as metadata associated with the postings and the posting sources. Then, cyberthreat intelligence analysts and cybercrime investigators interacting with the data captured by Resecurity can view information by thematic niche, community size (total number of actors and published postings), update and activity dynamics, risk perspective, and more to understand how to prioritize the key threat sources for more systematic monitoring. Based on years of experience and our current work with international governments and law enforcement agencies, ReSecurity’s Hunter Unit pulls and analyzes the best data, and delivers it in the most actionable format. The bottom line: this project, when completed, will be a critical tool helping law enforcement to make the world a safer place. Wherever those bad actors are, we’ll find them.
Issue: 005; August 2019
CEO Corner
A Conversation with
Bret Hartman Vice President and Chief Technology Officer, Security Business Group Cisco Systems, Inc.
Bret Hartman is Vice President and Chief Technology Officer of Cisco’s Security Business Group where he and his team are focused on the future direc on of the industry and the role Cisco plays in preparing its customers for the security landscape of tomorrow. As a trusted security advisor, Bret has over thirty years of experience building informa on security infrastructures, including cloud, virtualiza on, SOA, Web Services, policy development and management, and security modeling and analysis. Bret has spoken at dozens of security industry events, and prior to Cisco held senior management roles at RSA, EMC, IBM, DataPower, Hitachi, and Concept Five. Bret has co-authored security industry specifica ons, security technology books, and a patent for enterprise applica on security integra on. Bret holds a B.S. in Computer Science and Engineering from MIT and an M.S. in Computer Science from the University of Maryland.
Issue: 005; August 2019
67
CEO Corner What are the greatest challenges facing the cyber security industry today? What would keep most CISOs awake at night? As the CTO of the Security Business Group at Cisco, I meet with customers from all over the world, many of whom are chief information security officers. What keeps CISOs up at night is no different from what keeps us all up--the “unknowns.” Earlier this year, Cisco released the CISO Benchmark Study, with responses from 3,200 security decision makers representing key global regions. In that report, user behavior (e.g., clicking malicious links in email or websites) ranked highest for CISOs with 56% citing it as a concern. In addition, 79% of respondents said it was somewhat or very challenging to orchestrate alerts from multiple vendor products, which is an increase from 74% in 2018. Too many vendors, not integrated with each other, makes it difficult to respond to the volume of alerts received. It should be no surprise, then, that only 50.7% of alerts were responded to, compared with 55.6% in 2017. Unknown threats reside in uninvestigated alerts. Even so, today organizations are responding to fewer alerts than ever. The concerns are real, but there are steps CISOs can take to better prepare their organizations. Some recommendations include: PREPARE: There are proven processes that organizations can employ to reduce their exposure and extent of breaches. Prepare with drills, employ rigorous investigativ methods, and know the most expedient methods of tive recove recovery. ORCHES ORCHESTRATE: Orchestrate responses to incidents across disparat disparate tools to move from detection to response faster aster and with less manual coordination COLLABORA COLLABORATE: BORATE: The only way to understand the und of a business case is to collaborate derlying security needs Netwo across silos – between IT, Networking, Security and Risk/ Compliance groups.
Gartner estimates that by 2021, 17% of the av average orgadigita business nization’s revenues will be devoted to digital wil produce initiatives; and by 2022, content creators will t aid of AI more than 30% of their digital content with the indicatin automation content-generation techniques, indicating is all around us. From a security and rrisk perspective, what is your take on this? p From a security and risk perspective, there are two trends that I refer to as trust and trick that we’re watching closely.
Trusting the data: In regards to analytics, if bad data comes in – no matter how good the analytics are – bad results will come out. It’s very important for any kind of an-
68
alytics to ensure the integrity and accuracy of the data it uses. You can have the greatest AI techniques in the world, but if the data has been tampered with, those techniques are useless. Tricking the AI engine: There is the idea that AI can be used as a weapon, or for bad intentions. The notion of evading machine learning engines is a trend that has the industry thinking more about the tools we use to defend companies. Tools use analytics and analytics are always a target, therefore companies should consider counter-measures ahead of any attack. Would you please share your viewpoint on Digital Risk Management? How does the organization prepare for it? Digital risk management is an important area for CISOs and Boards of Directors to focus on as they help companies manage enterprise risk. A major risk facing companies today is the complexity of managing multiple vendors and solutions. The more companies can simplify through a common architecture with products that work together, at scale and across the globe, the better positioned they will be to address potential threats. In addition, companies need a global perspective to do digital risk management. It’s not just about what’s needed in the context of your business or your company solely. In my experience, that approach ultimately leads to failure because the company misses the threat that is coming from the other side of the globe. Gartner predicts that worldwide spending on information security products and services will reach $124B in 2019, growing 8.7% from 2018. In which area of the products/services do you foresee the most growth? The move to the cloud is the biggest area of growth. For years, most companies were able to have a single place for all security on the network with a complete security stack deployed within a corporate data center at headquarters. Today, networks are becoming decentralized. The perimeter is expanding as more applications move to the cloud, the number of mobile/roaming workers increases and more devices connect to the network. Companies are starting to rethink security and extend it to protect at the branch edge and cloud edge. The expanded perimeter brings with it new risks, everything is at bigger scale. Users are not protected by the traditional security stack: there are potential gaps in visibility and coverage, there is exposure of sensitive information (inadvertently or maliciously) and users can install and use risky apps on their own devices. The definition of enterprise security is changing and, in response, compa-
Issue: 005; August 2019
nies are adjusting the way they manage security. An example of what Cisco is doing is our clouddelivered network security service, Cisco Umbrella. It protects users on any device, no matter where they’re located. Umbrella protects users from accessing malicious domains, IPs, and URLs. It blocks this traffic over any port or protocol when users are on or off the corporate network. This is true even when the VPN is off. In addition, Stealthwatch delivers comprehensive security monitoring and analytics for fast, effective incident responses. At Cisco, our approach is to start with best-ofbreed products protecting the network, endpoint, applications and cloud. We use trust verification as a foundational piece to ensure only the right people gain access. Each product is backed with industry-leading Talos threat intelligence to block more threats to keep organizations safer. We provide automated responses to advanced threats and streamline operations with integrated threat and security management throughout our security portfolio. Lastly, we build our products to work with the other technologies our customers have in place for integrated security responses, even outside of Cisco.
In my view, the most important part of a CTO’s responsibility is to anticipate technology trends and do the work today to make sure we have the right products when our customers need them. The best way to anticipate those trends is to learn from and listen to customers. I’m fortunate to lead a team of some of the most talented security technologists in the world. Our team has a deep understanding of the intricacies of companies, large and small, and a pulse on the latest technologies. We’re hyper-focused on customer needs and constantly working on innovations that will allow our customers to be more agile and build customized security environments, with less complexity and more visibility than ever before. Our goal is to give companies the freedom to focus on the management of their business, not the security of it. What are your latest reads you could share with our readers? Talos blog – keep up on latest threats and analyses https://blog.talosintelligence.com/
Cisco has a long tradition of being innovative and finding the most innovative startups. What is the most innovative digital technology on your radar to acquire? My role as CTO of the Security Business Group is to look ahead 2-4 years … what challenges are on the horizon and how can we help our customers adjust their security posture to meet the new demands. My team works to identify potential targets for strategic technology partnerships, investments and acquisitions at Cisco. Right now, one of the tech trends I’m most excited about is the monumental shift we’re seeing in security from a centralized network environment where there is a single place to enforce policy and protection to a decentralized/zero trust environment where security is enabled at the data center, cloud, branch–essentially, anywhere. As a company, you want to protect employees regardless of where they are working and what services they are using, but this makes for a much larger attack surface. An example of what Cisco is doing in regards to this shift is Duo Security, an acquisition Cisco made last year. Duo Security is the leading provider of unified access security and multi-factor authentication delivered through the cloud. Duo verifies the identity of users and the health of their devices before granting them access to applications.
“Threat of the Month” – With its finger on the pulse of threat intelligence trends, Cisco distills their learnings and expertise into content pieces to be served up on a regular basis on their security portal. These timely pieces will help readers stay abreast of what could threaten their business, and learn from the latest research and analysis to better safeguard their organizations Businesses can stay on top of threat intelligence developments by subscribing to Cisco’s “Threat of the Month” and learn to safeguard themselves with the latest in cyber security.
简体中文 Simplified Chinese
https://www.cisco.com/c/m/zh_cn/products/security/offers/threat-of-the-month.html
繁体中文 (台湾) Traditional Chinese (Taiwan)
https://www.cisco.com/c/m/zh_tw/products/security/offers/threat-of-the-month.html
繁体中文 (香港) Traditional Chinese (Hong Kong)
https://www.cisco.com/c/m/zh_hk/products/security/offers/threat-of-the-month.html
英文 English
What would be your advice for most CTOs in the tech industry?
Issue: 005; August 2019
https://www.cisco.com/c/m/en_hk/products/security/offers/threat-of-the-month.html
69
CEO Corner
CISCO’s TALOS - an elite group of security experts devoted to providing superior
C
isco Talos is the threat intelligence organization at the center of the Cisco Security portfolio. Talos derives its name from the Greek automaton whose sole purpose was protecting the shores of Crete from invaders and pirates. As with our namesake, we are an elite group of security experts devoted to providing superior protection to customers with our products and services. Talos encompasses six key areas: Threat Intelligence & Interdiction, Detection Research, Engine Development, Vulnerability Research & Discovery, Communities, and Global Outreach.
Threat Intelligence & Interdiction handles correlating and tracking threats so that Talos can turn threat data and simple indicators into actionable, context-rich threat intelligence. Rapid identification of threats and threat actors gives Talos unique abilities to protect our customers quickly and effectively.
70
Detection Research conducts vulnerability and malware analysis and creates the detection content for all of Cisco Security products. This includes unpacking, reverse engineering, and developing proof-of-concept code to ensure each threat is addressed in the most efficient, effective, and contextually relevant way possible.
Engineering & Development encompasses efforts to ensure our various inspection engines stay current and maintain their ability to detect and address emerging threats. This team is responsible for all the detection content that powers Cisco Anti-Spam, Cisco Outbreak Filters, Talos Email and Web Reputation, Web Categorization, SpamCop, and many other products. Comprised of developers, QA engineers, security researchers, operations engineers, and data analysts, Engineering & Development work together to develop systems and tools leveraged by all Cisco products.
Issue: 005; August 2019
Vulnerability Research & Discovery develops programmatic and repeatable ways to identify highpriority security vulnerabilities in the operating systems and common software customers use daily, including platforms like ICS and IoT systems. This team works with vendors to responsibly disclose and patch more than 200 vulnerabilities a year — before threat actors can exploit them — reducing the overall attack surface available. In addition to closing potential attack vectors, this activity allows Talos to maintain skill sets that mirror those of adversaries.
Communities consists of Talos design, education and knowledge management, marketing and media, open-source, and web development teams. Broadly speaking, this team handles the visual, editorial, and public-facing messaging of Talos and our open-source solutions. Design creates the branding, graphics, and visual assets for the Talos organization and open-source products. Education and kKnowledge management handles documentation, policies and procedures of all things Talos. They also interface with Cisco Learning on certifications and courses and internal training initiatives. Marketing and media handles the planning, production and promotion of Talos and
Issue: 005; August 2019
open-source research, content, and media eorts. The web team manages the design and features on TalosIntelligence.com, as well as the websites for our other open-source communities and internal tools. Communities serves as the general public interface to the Talos organization.
Global Outreach disseminates Talos intelligence to customers and the global security community via published research and speaking engagements. They conduct specialized research, looking out to the edges of the threat landscape to identify new trends and monitor persistent threats and work alongside Talos intel and research teams responding to critical events. The team is stationed globally and communicates findings through customer meetings, conference presentations, the Talos blog, webinars, press interviews, and various media outlets.
71
CEO Corner
A Message to Our Audiences
Global Cybersecurity, Listen to the Voice of Beijing by QI XIANG DONG, Qi An Xin Technology Company
B
eijing is the capital of China, but it is also one of the biggest metropolitan areas in the world. Cyberspace is a virtual space of human activity shared by the global community, and China, one of the world’s largest nations, maintains close and constant connectivity to the world. Listening to the voice of Beijing and understanding China, our goal is to reach out to the global cyber community to build a peaceful, safe and harmonious cyberspace. Cyber incidents have become more widespread and frequent, seriously threatening our society’s operation and each nation’s stability. On May 7, 2019, about 10,000 government computers were hacked in Baltimore, US, and the system was paralyzed for three weeks. On the
72 72
Issue: 005; August 2019
20th, Norwegian aluminum manufacturer Hydro suffered a large-scale cyberattack and several factories had to switch to manual operation mode. On March 7, the Venezuelan power system was attacked, and 18 of the country’s 23 states were interrupted. These breaches and others led countries to reassess and reevaluate their nation’s level of protection. Many nations have rolled out their cyber policies and regulations, highlighting the importance of national cybersecurity strategies. Some of these are listed here. “Personal Information Departure Safety Assessment Measures (1st edition)”, released on 13 June 2019 in Beijing. On that same day, the “IoT Equipment Security Improvement Act” was passed in Washington, D.C. “Data Security Management Measures (1st edition)” was released on May 28th in Beijing and “Information Security Technology Network Security Level Protection - Basic Requirements”, released on May 13th in Beijing. Additionally, “The Prevention of False Information and Network Manipulation Act” was passed on May 8th in Singapore. We have now entered into a new era of the fourth industrial revolution of science and technology. New technologies such as artificial intelligence, big data, and cloud computing have become a part of our economy, society, and personal life. While these new technologies are transforming our lives with more efficiency and convenience, they have also brought with them escalated cyber threats. Since its inception, Qi An Xin Group has been committed to making the network safer and the world a better place. On April 29, Qi An Xin officially departed from the 360 brand and independently developed its own Qi An Xin brand. On May 10, Qi An Xin introduced China Electronic Information Industry Group Co., Ltd. (CEC) as its strategic shareholder. Together, we aim to defend the security and stability of cyberspace. It is the journey, not the destination, that is important in maintaining the security and stability of the global cyberspace and we will be here every step of the way. It is far from enough to rely solely upon the strength of each enterprise itself; it is necessary to develop a synergy among governments, social organizations and institutions in order to build a better, and safer, global cyber community. The 2019 Beijing Cyber Security Conference is jointly organized by Qi An Xin and China Electronics (CEC) to promote communication and collaboration among the global cyber community. I welcome you all to join us at the National Convention Center for the Beijing Cybersecurity Conference (BSC) on August 21-23, Hear the voice of Beijing, and build security into our DNA.
Issue: 0 005; 05; August us 2019
73
FFeatured Fe eCyber atur at ureed dEvent Ar Ar cle clee
Information and Trust are Your Currencies A Summary of Infosec London 2019
by SUNNY SUN
74
T
here seems to be a universal sentiment experienced on the Expo floor by even the most seasoned attendees: one tends to be overwhelmed by a feeling of too much to see, too much to comprehend, and too many people with whom to meet and connect. You feel lost in the busy, buzzing of the exhibition floor, especially for an industry newcomer, like me. This year’s Infosec, kicked o on June 4th in Olympia, London, with the large crowds encompassing 400+ exhibitors, each showcasing its security capabilities and solutions, and 19,000 visitors, each busy networking and trying to take it all in. Both exhibitors and visitors alike actively pursued a common goal--to build connections and trust.
Issue: 005; August 2019
Below are some of my takeaways from the recent Infosec London.
SECURIT Y IS BOTH TECHNOLOGY AND HUMAN FACTORS, relying on trust and avoiding human errors. With an overwhelming amount of digital information flowing in and out of devices and network systems, plus data residing in the cloud, advanced tools will be needed to navigate ever-increasingly complex systems, and to comply, enable, and guard each gateway to safety. In essence, security has become an immensely complex issue.
CYBER TALENTS ARE IN SHORT SUPPLY: Cybersecurity has taken on a new meaning in recent years due to complex and increased breaches and in-
Issue: 005; August 2019
cidents, large and small. One positive aspect of these breaches/incidents are the raised awareness at C-levels, although they can become the issues that keep the company executives awake at night. However, cyber talent is in short supply, with an estimated 200,000 shortfall in the US alone. I had a quick chat with Bruce Spector, Director at Baltimore Cyber whose mission to train cyber talent and place them in cyber companies for better Incident responses. Funded by the US federal government, the agency has graduated 200 students thus far, with 80% being placed in various cybersecurity organizations.
SOCIAL MEDIA SECURIT Y IS INCREASINGLY IMPORTANT. With the power and influence of social media comes risk in the digital sphere. Here comes to ZeroFox, another Baltimore-based company that oers social media security protection to organizations outside of
75
Cyber Event
their networks using targeted data collection plus artificial intelligence-driven analysis engines.
INCIDENTS ARE UNAVOIDABLE, SECURIT Y TEAM REQUIRES TO PERIODICALLY EXERCISE MUSCLES FOR BETTER RESPONSES. Forum of Incidents and Response Security Team FIRST is a nonprofit and membership-based organization that was established in the 90s, aiming for global collaboration by creating a Forum of Incident Response and Security Team (FIRST). I had the opportunity to chat with Chris Gibson, the newly appointed Executive Director, an industry veteran that will lead the FIRST to another level of reach and development. Chris believes in collaborations at global scale, as he indicated when incidents occurred, there isn’t country boundary, and we need to act, and trust is the key in
76
the time of crisis. The FIRST organization has a wide spectrum of organizations, from large to small, and diversify, and participated by many countries around global. The FIRST has been conducted in many regions, such as in Europe, North America, Africa, and Southeast Asia. The upcoming FIRST has attracted many talents and 1000 people to come to exchange information, to train, to exercise, in order to sharp their skills for instant and well managed responses to the unavoidable incidents. They also empower or educate those underdeveloped regions to participate in. Chris believes you need to prepare for the crisis, exercise your muscles, to respond well to the crisis. With the increasing complexity of the digital world, you do have to expect breaches, no matter how secure of your system, the big enterprises do experience a large scale of the breaches, but if the team prepares well, the impact can be minimized or to be none; for those who haven’t prepared well or experienced enough you do learn lessons in the hard way.
Issue: 005; August 2019
The advice from Chris, is to know your system well, current or from the past, not to omit any things in your radius and train your team members. The positive is the more awareness at the CEO level of the key role of incident response team played, due to the increasing breaches. However, the system or the entire digital space become more and more complicated and vulnerable, we have to be on a high alert to detect, guard, and respond.
EARLY DETECTION AND RESPONSE ARE THE KEY CyberInt is an Israeli company that has built a platform specializing in early detection and response to breaches and threats. Establish 10 years ago, the company’s vision is to gather intelligence threat information early on in order to analyze them and develop applicable models. Their method is: taking an outside-in approach. In all, the three-day event was packed with timely and relevant insights and solutions, and it was apparent that the cybersecurity industry is going strong.
Issue: 005; August 2019
One of the main goals of my trip, in addition to learning of the latest technological tools and solutions to combat and prevent cyber incidents, was to uncover potential opportunities to narrow or even close the gap in cybersecurity’s misperceptions and approaches that exist between the East and West. Despite the differences in languages, cultures, values, market environments and even political systems, we all occupy a common ground to operate in this ever-expanding digital space and it is the obligation of all to safeguard this space to keep it secure. I have always believed that communication is the key to reaching an understanding, and mutual understanding is a good first step toward building trust. Without basic trust, there won’t be constructive behaviors and results. We live in a world where “information and trust are the currencies for companies,” says John Chambers, former executive chairman and CEO of Cisco Systems. This statement holds a great truth and great wisdom. Trust and collaboration is the way to go to jointly build a constructive digital space. Truly, it should be the guiding principle for all enterprises, large and small.
77
Cyber Event
Why Israel? Why Cybertech Tel Aviv? Israel is a country of innovation, with wide experience in cybersecurity because of its unique cultural and geo-political circumstances. According to Sam Bocetta of the Times of Israel, Israeli startups shine in the $92 billion cybersecurity market. Israel has emerged as a leader in the cybersecurity space with over one billion dollars of investment put into the sector, representing an increase of 47% from the previous year. The country’s position in the market is second only to the United States and is expected to continue its impressive growth pattern. The average venture capitalist deal in 2018 was $6 million USD per company. To date, there are approximately 450 cybersecurity corporations operating in Israel, closely connected with global market development.
Cybertech Tel Aviv is a B2B networking platform serving as the go-to place to make business deals and to learn the latest technological innovations, challenges, and solutions. It features top executives, government officials, and leading decision-makers from a wide range of sectors including critical infrastructure, insurance, retail, health, government, defense, R&D, manufacturing, automotive, and more!
Cybertech’s main focus is to create business and networking opportunities, along with forming new alliances with government, industry, and academia.
Cybertech Tel Aviv attracts thousands of attendees each year, including C-Level executives, investors, professionals, and government officials, from over 80 countries worldwide. The event provides an outstanding platform to facilitate business deals, and a place for investors to find the next big breakthroughs, for companies looking to implement new technologies, and for many others who are interested in the world of cyber.
It is a perfect platform to learn, to connect, to partner, and to get the best of the cybersecurity innovations from Israel and to go global!
Cybertech provides:
180+ 200+ 90+ 160+ 18,000 850
cybersecurity topics discussions from many high profile industry leaders, such as Cloud, IoT, Blockchain, Fintech, Machine Learning, Quantum Computing
industry players will showcase their latest cyber technologies and solutions
leading start ups
delegations
visitors
pre-scheduled B2B meetings
CyberTech offers a special sponsorship package. For details, please contact Nikki, cybertechasia@126.com; or Wechat: nikki159
78
Issue: 005; August 2019
It is an industry must-attend event, second to none in the region, taking place on January 28-30, 2020 Tel Aviv, Israel. The organizer, Mr. Amir Rapaport, said: The Zhong Guan Cun Technology Park’s sponsorship of Chinese cybersecurity companies joining the Cybertech Israel 2020 in Tel Aviv enters us into a new chapter of collaboration between China and Israel,” and “we welcome many more to join Cybertech Israel to witness Israel’s strong cyber innovations and collaboration.” In addition, a special cyber innovation program is designed for those who would like to experience Israel’s cyber innovation successes and visit cyber startups; meanwhile understanding this rich history and cultural nation through touring its old city of Jaffa and Jerusalem.
A tentative 5-day special cyber innovation tour: Day 1-2. Tel Aviv Cyber Innovations Visit cyber security lab center and meetups including start-ups, cloud security, data security, mobile security, industrial security, infrastructure security, terminal security, application security cyber space security etc.
Day 4: Masada – A World UNESCO Heritage Site An ancient fortress situated on top of an isolated rock plateau, akin to a mesa, overlooking the Dead Sea. The Herod the Great built two palaces on the mountain and fortified Masada between 37 and 31 BCE. The majestic plateau holds both ancient mysterious and tragically heroic story.
Day 3: Jerusalem, Ancient History and Culture The Old City + Mount of Olives + Mahne Yehuda market The Old City of Jerusalem, a prime destination for visitors coming to tour Israel, occupies an important place in the hearts and minds of Jews, Muslims and Christians alike. From the Western Wall, the focal point of Jewish hopes and prayers, to Islamic Dome of the Rock and the Al-Aksa Mosque atop the Temple Mount and the Church of the Holy Sepulcher, a tour of Jerusalem’s old city helps understand the unique need for coexistence amongst Jerusalem’s religiously diverse residents. Located on the eastern slopes of the Jerusalem mountains and set in relative isolation separated from the Temple Mount and the City of David by the Kidron Valley, the Mount of Olives is named after the olive trees that covered its grounds in Biblical times.
Day 5: Dead Sea
A must-see destination when on a tour to the Holy Land, the Mount of Olives provides quite a few attractions in the way of chapels and monasteries. None of these attractions is more breathtaking, however, than the view seen from atop the Mount of Olives. Indeed, standing at the top of the mountain, the city of Jerusalem spread out below, one can all but feel the Biblical tales come alive. From up here wilderness and urbanity come together, merging a view of the Old City with the Kidron Valley, Mount Moriah with the Temple Mount and Mount Zion with the modern structures of contemporary Jerusalem.
The Dead Sea is famous for its superlatives - lowest, saltiest, harshest, and also claims a fascinating history, reaching back to the times of Abraham. The lowest place on earth, the Dead Sea (431m below sea level) brings together breathtaking natural beauty, compelling ancient history and modern mineral spas that soothe and pamper every fibre of your body.
The Machane Yehuda market, also called the shuk, is one of the most beautiful markets and familiar icons in Israel. The market it located in Jerusalem, the capital of Israel, and its character adds to the city’s unique flavor. The Machane Yehuda Market represents the heart of Jerusalem, nowadays and in the foreseeable future. In a unique way, Machane Yehuda integrates the old and the new. A bustling marketplace and a neighborhood, it intertwines food, drinks, shopping, bars and restaurants. Despite being a touristic destination, the market has maintained its most important characteristic: it remains authentic – as can be sensed by all the flavors and aromas, seen in its colorfulness and heard in the traders’ interaction with the crowds.
Israel, a country blended with ancient wisdom & modern charm is waiting for you to be discovered!
Issue: 005; August 2019
79
We are the Pla orm the Bridge
and the Communica on Channel
to promote Your Business Solu ons in Cyber Space Asia
We offer: Latest Product News Cyber Security Solu ons Leading Industry Expert Insights Yearly Data Breach Inves ga on Report
CyberAsia is the media pla orm to give your voice the support and resonance to be heard. We are where your customers are - EVERYWHERE - Trade Shows & Conferences, Email Marke ng, Magazine Ads (Digital and/ or Print), Social Media, TV Commercials, Website.