illustration: Recently, the Alibaba Security-ASRC Ecological Conference was held in Hangzhou. Representatives of more than 20 well-known domestic Internet companies, including BAT, reviewed the problems and challenges faced by network security in the past year, and shared ideas for ecological security governance.
"123456, 111111, 123123..., through 10 simple passwords, you can control more than 10% of the devices on the Internet." Because the network infrastructure is too fragile, the Internet security loopholes such as IoT in the new network environment are exploited by black and gray products. The phenomenon is becoming more frequent.
On March 31, representatives of more than 20 well-known Internet companies including Alibaba, Tencent, Baidu, Weibo, Didi, etc., gathered in Hangzhou around the common network security issues. At ASRC (Alibaba Security Response Center, Alibaba Security Response Center ) at the Ecological Conference, reviewed the problems and challenges faced by the network security industry in the past year, and conspired with ecological security governance ideas.
It is understood that the ASRC Ecological Conference, as a grand event in the industry, aims to build a safe, borderless and competition-free platform, so that various Internet companies can work together to seek the development of the security industry.
This year, the conference mainly focused on issues including application security (WEB security, vulnerability mining), emergency response, AI artificial intelligence security construction, network black and gray production confrontation, IoT security, emerging technologies and talent training.
The organizer, Ali Security-ASRC, said that in response to related issues, the conference will unite capable and responsible participants through methods such as "increasing the bonus for finding bugs", "cooperating with domestic and foreign white hats", and "paying attention to the training of white hat talents". Work together to enhance cyberspace security capabilities.
Cybersecurity challenges are everywhere
At present, the security issues and challenges faced by the Internet industry mainly include system vulnerability security issues; data information leakage security issues;
The members of the Anheng Information team who participated in the conference introduced IoT security as an example, saying that it is precisely because the growth rate of IoT devices is too fast, but the corresponding infrastructure and security protection capabilities are very weak, and attackers are increasingly specialized in batch attacks. This leads to frequent security incidents in the IoT field.
Industry insiders pointed out that in the era of the Internet of Everything, data collected at all times, information chains circulating at high speeds, and increasingly blurred data center boundaries have all brought new problems to network security protection. At the same time, the criminal model of Internet black and gray production has also begun to show the characteristics of specialization, professionalization, cross-platform, etc., making governance more difficult. However, the security protection capabilities of various industries are uneven.
Zheng Junfang, chief risk officer of Alibaba Group, said when attending the conference that security is no trivial matter, and the domestic network security situation is becoming complex and severe, and it is imminent to promote the improvement of the security level of the entire industry. Therefore, there is an urgent need for the entire security industry to unite and coordinate governance.
"There is no competition in the field of security, but we have a common cyber black and gray enemy." Zhang Yudong, senior director of Alibaba Security Department, pointed out that white hats have played a very important role in the development of the entire security industry. Alibaba will unswervingly continue to operate the SRC (emergency response center) well, and will always respect the white hats in the industry. Technologists, value technology, and believe in algorithm-driven ideas, as this represents state-of-the-art productivity.
ASRC attaches importance to white hat talents and calls for the construction of a white industrial chain of cyber security
Caption: Zheng Junfang, Chief Risk Officer of Alibaba Group, said at the ASRC Ecological Conference, "I hope that more white hats will work with us to protect more consumers, jointly improve the safety level of the entire industry, and make technology more emotional."
"Co-governance by industry, just like doing public welfare," Zheng Junfang said, white hat is also a kind of public welfare behavior. In her opinion, white hats have the ability and kindness to participate in the governance of social problems.
"Alibaba hopes to serve 2 billion consumers around the world, create 100 million jobs, and serve 10 million profitable companies. I also hope that more white hats will work with us to protect more consumers and improve the safety level of the entire industry. Make technology more meaningful." Zheng Junfang said.
The solution of technical problems is always inseparable from technical talents, but at present, the lack of talents is a major shortcoming restricting the development of network security. According to publicly reported data, currently only 126 colleges and universities in China have set up 143 cybersecurity-related majors, accounting for only 10% of the 1,200 polytechnic colleges and universities. There are only more than 30,000 information security professionals trained by college education, while cybersecurity talents The total demand is more than 700,000 people, and the gap is as high as 95%.
At the same time, the current situation of network security talents is unreasonable in structure, uneven distribution of talents on the supply side, and insufficient reserve of practical talents, all of which are difficult to support the development of the industry.
2018年,ASRC也将针对这些行业面临的重、难点问题持续发力。如在技术化、全球化、生态化、多元化等趋势下,ASRC会继续大额提升发现漏洞的奖金,激发白帽子积极性。同时,计划通过线下活动等形式,联动国内国际白帽子,与高校等合作加大网络安全人才的培养力度。
据悉,ASRC的技术场景也会通过众测、情报、黑白盒、攻防等逐渐多元化,引导让大家用新的思考开拓新的格局,共同构建网络安全白色产业链。
会议当天下午,ASRC还牵头与腾讯、滴滴、百度等业内知名的二十多家企业SRC组织了《XSRC2018安全运营讨论会议》,会上总结了业内各公司应急响应中心过去一年的运营工作,各家企业SRC代表相继发言,讨论如何在新的一年进行产业联合活动、共建产业生态、携手共治互联网安全,这也是行业应急响应中心第一次聚首进行相关讨论,开创行业先河,表明阿里安全携手共治的决心。
阿里聚安全(http://jaq.alibaba.com)由阿里巴巴安全部出品,面向企业和开发者提供互联网业务安全解决方案,全面覆盖移动安全、数据风控、内容安全、实人认证等维度,并在业界率先提出“以业务为中心的安全”,赋能生态,与行业共享阿里巴巴集团多年沉淀的专业安全能力。