The core driving force for the development of the Xinchuang industry is the independence of the underlying IT structure. In order to promote the localization of key information infrastructure systems as soon as possible, on the one hand, the country continues to introduce relevant policies, coordinate resources from all parties, and provide strong policy support. On the other hand, It is also orderly promoting the localization of important information infrastructure in various key industries.
Up to now, the localization of key industries represented by the government, state-owned enterprises, and finance has achieved phased results. Therefore, the security management of domestic cyberspace assets is facing new demands and challenges.
Localization support policies have been launched one after another
Provide strong policy support
Since 2019, the country has proposed the Xinchuang industry, which is replaced by localization, and then issued a number of policies and regulations to promote the construction of technology industries:
In September 2021, the "Critical Information Infrastructure Security Protection Regulations" came into effect. Article 19 clearly stipulates that key base operators should give priority to purchasing safe and reliable network products and services; purchasing network products and services that may affect national security , and should pass a security review in accordance with national network security regulations.
In June 2022, the State Council issued the "Guiding Opinions on Strengthening the Construction of Digital Government", proposing to improve the level of self-control. Strengthen independent innovation, accelerate key core technology research in the field of digital government construction, strengthen safe and reliable technology and product applications, and effectively improve the level of self-control.
In February 2023, the Central Committee of the Communist Party of China and the State Council issued the "Overall Layout Plan for the Construction of Digital China", pointing out that the key capabilities of digital China should be strengthened. The first is to build a self-reliant and self-reliant digital technology innovation system. The second is to build a credible and controllable digital security barrier.
The promulgation of the above-mentioned numerous regulations and plans has provided strong policy support for the localization of key information infrastructure, and also demonstrated the country's determination for localization.
The localization of key industries is advancing in an orderly manner
Localization substitution gradually fully implemented
At present, key information infrastructure industries including party and government, special departments and finance, telecommunications, energy, electricity, medical care, education, transportation, public utilities and other key information infrastructure industries have begun to promote the localization of important business systems in an orderly manner, with finance and state-owned enterprises as the core example:
The financial field has always been one of the important areas for localization substitution. In 2020, the state announced the first batch of pilot financial institutions for localization, including major state-owned banks, top brokerages, exchanges, etc., a total of 47, requiring new Increase 5% of IT procurement to achieve localization, and achieve 15% in the second year. After that, two more batches of institutions entered the pilot program, with a total of nearly 150 institutions. By the end of 2021, the proportion of localized procurement of pilot institutions has exceeded the requirements of the policy, and the task has been completed beyond expectations.
For state-owned enterprises and central enterprises, at the end of September 2022, the State-owned Assets Supervision and Administration Commission issued the important Guozifa No. 79 document, stipulating that all state-owned enterprises and central enterprises must complete the domestic replacement of important information systems in accordance with the replacement requirements in 2027, and the replacement of domestic cyberspace assets is entering a critical period , gradually fully implemented.
In the context of localization
Cyberspace Asset Security Management Requirements
Domestic equipment and systems are widely used to support key businesses, and their level of security management is directly related to the business security of key industries, and even to national security and social stability. Therefore, the large-scale deployment of domestic equipment and systems is also a Cyberspace asset security management puts forward higher requirements:
1
Active discovery and identification of domestic cyberspace assets:
It is necessary to actively detect and identify localized equipment and systems, and automatically add them to a unified asset list to form an asset ledger to facilitate unified and efficient management. If the method of manual registration is still adopted, it is extremely prone to statistical omissions and low efficiency.
2
Unified real-time monitoring and security management:
Localized equipment and systems are often used in key infrastructure, so it is necessary to detect and monitor in real time the vulnerability risks such as loopholes and weak passwords in advance, so as to eliminate risks in the bud and ensure the security of key business applications carried by them. safety.
3
The localization process can be visualized:
The country’s emphasis on the process of localization replacement undoubtedly draws attention to every step of localization. It is necessary to reflect the process of localization of assets within the entire organization in a timely manner. extremely high requirements.
ZoomEye Pro fully upgraded
Meet the needs of Xinchuang asset management
Based on the above requirements, ZoomEye Pro has been fully upgraded to support automatic identification of 60 types of localized assets and fingerprints of thousands of models, and can quickly conduct risk surveys on vulnerabilities and other vulnerabilities of localized assets, making localized assets visible , Manageable, and fully meet the needs of localized asset safety management.
01
Automatic identification and classification of domestic cyberspace assets:
ZoomEye Pro has now added four major categories of hardware devices, operating systems, system software and databases, and thousands of localized network space asset fingerprints, including routing and switching equipment, office automation, web application protection systems, switches, network cameras, network 64 sub-categories such as printers and network storage devices have realized the comprehensive identification of domestically produced cyberspace assets.
ZoomEye Pro can now identify mainstream hardware devices such as: Hikvision, Dahua, Huawei cameras, ZTE, Ruijie, Tenda routers, ZTE, Huawei, H3C, Ruijie switches, etc.; operating systems such as: Tongxin UOS , Kirin, Huawei Euler, etc.; system software such as: Zhongwang, Lianda, Hejia, Fanwei, Suda and other office automation systems;
02
Domestic cyberspace assets mark:
Based on the identification and comparison of asset fingerprints, ZoomEye Pro can mark localized equipment on the basis of identification for subsequent management and statistics. At the same time, if there are special equipment in the industry that cannot be identified for the time being, it also supports customers to automatically add labels Marking in the same way, ZoomEye Pro can manage it in a unified manner with no difference from the equipment that automatically recognizes the mark.
03
Domestic cyber asset management:
Based on identification and marking, finally ZoomEye Pro can conduct unified security management on all cyberspace assets, including localized equipment. And based on the comprehensive identification of assets, it can count the proportion of localized assets in the total assets, so that customers can see their own localization process at a glance, and there is no need to make statistics in the form of tables, and it also avoids the accuracy and comprehensiveness of manual statistics. lack of sexuality.
Another important aspect of asset security management is the identification and management of its risks. ZoomEye Pro can respond to new vulnerabilities driven by vulnerability intelligence for domestically produced equipment, detect and locate high-risk features related to domestically produced equipment, and provide rectification suggestions to Ensure continuous safety in the process of localization of equipment.
Through the identification, marking and unified management of domestic cyberspace assets, ZoomEye Pro can completely solve the purpose of including domestic cyberspace assets into the asset list, making domestic progress visible and unified security management.
Under the current overall trend of anti-globalization, the country’s confidence and determination to replace cyberspace assets with domestic products remains unchanged. As a professional manufacturer in the field of cyberspace asset security management, I know that Chuangyu will be based on the original intention and insist on following the footsteps of the country. Provide more and better localized network security products.
As a professional cyberspace asset security management system--ZoomEye Pro will also follow the trend, keep up with the localization process of Guanji customers, provide them with a more professional and practical asset security management system, and ensure the security of key information infrastructure assets. cyber security.