1. Seven types of network security incidents
Network security incidents refer to incidents that cause harm to the network and information systems or the data in them due to human reasons, software and hardware defects or failures, natural disasters, etc., and negatively affect the society. They can be divided into harmful program incidents, network attack incidents, Information destruction incidents, information content security incidents, equipment and facility failures, catastrophic incidents and other incidents.
Harmful program events are divided into computer virus events, worm events, Trojan horse events, botnet events, mixed program attack events, malicious code events embedded in web pages, and other harmful program events.
Network attack events are divided into denial of service attack events, backdoor attack events, vulnerability attack events, network scanning eavesdropping events, phishing events, interference events and other network attack events.
Information destruction events are divided into information tampering events, information counterfeiting events, information leakage events, information theft events, information loss events and other information destruction events.
Information content security incidents refer to incidents that disseminate information prohibited by laws and regulations through the Internet, organize illegal associations, incite assemblies and parades, or hype sensitive issues, and endanger national security, social stability, and public interests.
Equipment and facility failures are divided into software and hardware failures, peripheral support facility failures, man-made sabotage accidents and other equipment and facility failures.
Catastrophic events refer to network security incidents caused by natural disasters and other emergencies.
Other incidents refer to network security incidents that cannot be classified into the above categories.
In the classification of network security events, with the development of technology, attack events in big data, cloud computing, and industrial control systems should be considered. For example, the industrial control system attack event refers to the operation failure of the industrial control system caused by the attack on the network, system and data that control the operation of production equipment. Level 2 and Level 4 network security incidents
The classification of network security incidents is based on the degree of loss of network and information systems, and the degree of loss of important sensitive information systems.
1. Important networks and information systems
Important networks and information systems refer to networks and information systems whose business is closely related to national security, social order, economic construction, and public interests.
The loss of network and information system refers to the damage to the software, hardware, functions and data of the system caused by the network security incident, which leads to the interruption of the system business, thus causing the loss to the organization where the incident occurred. The main consideration is to restore the normal operation of the system and eliminate the security incident The price to be paid for the negative impact is divided into particularly serious system loss, serious system loss, relatively large system loss and minor system loss, as explained below.
Particularly serious system loss: the system is paralyzed in a large area, causing it to lose its business processing capability, or the confidentiality, integrity, and availability of key system data are severely damaged, and it is necessary to restore the normal operation of the system and eliminate the negative impact of the security incident. The cost is huge and unbearable for the incident organization.
Serious system loss: causing long-term interruption or partial paralysis of the system, greatly affecting its business processing capabilities, or destroying the confidentiality, integrity, and availability of key system data, restoring the normal operation of the system and eliminating the negative impact of security incidents The price to be paid is huge, but it is affordable for the incident organization.
Larger system loss: causing system interruption, significantly affecting system efficiency, affecting the business processing capabilities of important information systems or general information systems, or destroying the confidentiality, integrity, and availability of important system data, and restoring the normal operation of the system and The cost of eliminating the negative impact of security incidents is high, but it is completely affordable for the incident organization.
Minor system loss: causing short-term interruption of the system, affecting system efficiency, affecting the system's business processing capability, or affecting the confidentiality, integrity, and availability of important system data, restoring the normal operation of the system and eliminating the negative impact of security incidents. The price to pay is small.
2. Important and sensitive information
Important and sensitive information refers to information that does not involve state secrets, but is closely related to national security, economic development, social stability, and corporate and public interests. Once such information is disclosed, lost, misused, tampered with or destroyed without authorization, the following consequences may result :
① Damage to national defense and international relations.
② Damage to national property, public interest, personal property or personal safety.
③ Influence the country to prevent and combat economic and military espionage, political infiltration, organized crime, etc.
④ Influencing administrative agencies to investigate and deal with illegal or dereliction of duty acts, or suspected illegal or dereliction of duty acts.
⑤ Interfering with government departments in conducting administrative activities such as supervision, management, inspection, and auditing in accordance with the law and impartially, and hindering government departments from performing their duties.
⑥ Harm the security of national key infrastructure and government information systems.
⑦ Affect market order, cause unfair competition, and disrupt market rules.
⑧ State secrets can be inferred.
⑨ Violation of personal privacy, business secrets and intellectual property rights.
⑩ Damage other interests and reputations of the country, enterprises and individuals.
3. Classification of network security incidents
According to the degree of loss, network security incidents are divided into four levels: particularly major network security incidents, major network security incidents, relatively large network security incidents, and general network security incidents.
(1) If one of the following situations is met, it is a particularly serious network security incident
① Important network and information systems suffer particularly serious system losses, resulting in large-scale paralysis of the system and loss of business processing capabilities.
② State secret information, important sensitive information, and key data are lost or stolen, tampered with, or counterfeited, posing a particularly serious threat to national security and social stability.
③ Other network security incidents that pose a particularly serious threat to national security, social order, economic construction, and public interests, and have a particularly serious impact.
(2) It is a major network security incident if it meets one of the following circumstances and does not reach a particularly serious network security incident
① Important network and information systems suffer serious system losses, resulting in long-term system interruption or partial paralysis, and business processing capabilities are greatly affected.
② State secret information, important sensitive information and key data are lost or stolen, tampered with, or counterfeited, posing a serious threat to national security and social stability.
③ Other network security incidents that pose a serious threat to national security, social order, economic construction, and public interests and have serious impacts.
(3) If it meets one of the following circumstances and does not reach a major network security incident, it is a major network security incident
① Important network and information systems suffer large system losses, causing system interruptions, significantly affecting system efficiency, and affecting business processing capabilities.
② State secret information, important sensitive information, and key data are lost or stolen, tampered with, or counterfeited, posing a serious threat to national security and social stability.
③ Other network security incidents that pose serious threats to national security, social order, economic construction, and public interests and cause serious impacts.
(4) In addition to the above-mentioned circumstances, cybersecurity incidents that pose a certain threat to national security, social order, economic construction, and public interests and cause certain impacts are general cybersecurity incidents.