On August 9, the 11th Internet Security Conference (ISC 2023) Security Operation Practice Forum was held in Beijing. This forum is hosted by Saining Network Security and co-organized by the Organizing Committee of the ISC Internet Security Conference. The forum invites leaders, technical experts, and scholars from various related industries to discuss in depth the new challenges, new technologies, and new practices faced by enterprises in safety operations, and to promote the industry's better implementation of safety operation construction. At the same time, Saining Network Security has released a security verification and evaluation system on the forum, which effectively guarantees that key units can improve their security combat capabilities and help security operations improve quality and efficiency.
To get the full version of the live broadcast of the forum, please follow the "Saining Wangan Video Account" to watch the live replay!
Huang Yiling, secretary-general of the Zhongguancun Huaan Critical Information Infrastructure Security Protection Alliance, presided over the opening ceremony. She said that network security is an important national strategy, and key information security is also an important part of national security. It is the responsibility of every network security practitioner to protect key information infrastructure security. Common goal.
Huang Yiling, Secretary-General of Zhongguancun Huaan Critical Information Infrastructure Security Protection Alliance
Leader's speech
Wu Jiangxing, an academician of the Chinese Academy of Engineering, pointed out in his speech that the widespread application of information technology and the development of cyberspace have greatly promoted the prosperity and progress of the economy and society, but at the same time brought new security risks and challenges. The road to the protection of Guanji is long and arduous, and verification and evaluation is a key task that requires in-depth research and investment.
Wu Jiangxing, academician of the Chinese Academy of Engineering
Subsequently, He Jianwu, deputy director of the Zhongguancun Science City Management Committee, said in his speech that Zhongguancun Science City actively develops the construction of the network security industry, gathers the network security industry ecology, selects network security technologies and products with real core technologies, and deploys national laboratories. Support the construction of national network security and promote the transformation of excellent achievements.
He Jianwu, Deputy Director of Zhongguancun Science City Management Committee
Keynote Speech
In the keynote speech, Li Qiuxiang, director and associate researcher of the Information Security Level Protection Evaluation Center of the First Research Institute of the Ministry of Public Security, proposed that security testing should be transformed from security compliance to security evaluation capabilities, and achieve key-based overall protection and dynamic protection collaborative defense. In the future, we hope to carry out testing and evaluation work together with the industry to provide safe and effective operation assistance for network and information system operators.
Li Qiuxiang, director and associate researcher of the Information Security Level Protection Evaluation Center of the First Research Institute of the Ministry of Public Security
Liu Jian, deputy director of the Information Industry Information Security Evaluation Center of the Fifteenth Research Institute of China Electronics Technology Group Corporation, said in his keynote speech that the evolution from security operation compliance to actual combat is a process of improving the maturity of an organization in terms of security management. It involves moving from simply adhering to compliance requirements to a hands-on operation with proactive defense, real-time monitoring, and agile response capabilities. Liu Jian, Deputy Director of the Information Industry Information Security Evaluation Center
of the Fifteenth Research Institute of China Electronics Technology Group Corporation
The electric power industry is a basic industry related to the national economy and the people's livelihood. Xiao Hongyang, director of network security evaluation and senior evaluation of the Information and Communication Institute of China Electric Power Research Institute, pointed out in his speech that it is very important to strengthen the network security evaluation of key information infrastructure of electric power, which requires technical and management Strengthen research in two aspects, actively promote the formulation and revision of relevant evaluation standards, and the development of evaluation tools and methods.
Xiao Hongyang, Senior Evaluator, Director of Evaluation, Network Security Office, ICT Institute, China Electric Power Research Institute
The field of Internet of Vehicles security is a converging technical field that spans multiple professional fields. Liang Liwen, vice president of H3C Safety R&D Department, said in his speech that H3C is committed to reshaping the value of the Internet of Vehicles industry chain, strengthening the source of intelligent transportation development, Consolidate the foundation of the Internet of Vehicles security industry and build the foundation of Internet of Vehicles security talents.
Liang Liwen, Vice President of Safety R&D Department of H3C
Wu Huajia, Huawei's security solution architect, said in his speech that critical infrastructure is essentially a bottom-line thinking, and what it builds is a kind of resilient security, which requires the joint efforts of the operation management system, trust system, and defense system to form a resilient guarantee architecture. The deployment of a zero-trust security solution is a long-term and continuous process that needs to be gradually transformed in light of the company's own situation.
Wu Huajia, Huawei Security Solution Architect
Jin Xiangyu, the founder of Cyber Hearing, started with the development history of security verification and evaluation technology, and looked forward to the application scenarios of key infrastructure for new technologies in security verification and evaluation. He said that in recent years, many new products and solutions have appeared in the field of security verification. It will quickly cover the traditional vulnerability scanning and penetration testing market.
Cyber Listen founder Jin Xiangyu
Shi Wei, product director of Saining Network Security, pointed out in his keynote speech that based on the verification and evaluation of the digital twin range, a digital twin environment parallel to the production environment can be constructed to meet the requirements for personnel security capabilities, business system security, and security protection equipment. Longitudinal Stereotype Validation Assessment Requirements.
Shi Wei, Product Director of Saining Network Security
Jia Shizhun, senior engineer of Pengcheng Laboratory, pointed out in his speech that the security evaluation method based on Pengcheng shooting range is a new direction for information system security evaluation, and it is also a useful attempt to standardize penetration testing. In the future, the automatic attack scheme based on shooting range will be continuously optimized and the attack path will be enriched. library, and jointly promote the application of standards and methods with the industry.
Jia Shizhun, Senior Engineer of Pengcheng Laboratory
Based on the attacker's perspective, BAS identifies the defensive weaknesses of the security protection system and verifies the effectiveness of the protection capabilities by simulating attacks against assets such as border networks, internal networks, and terminal machines. Lin Juwei, senior security architect of 360 Digital Security Group, said in his speech that the security protection capability verification and evaluation method based on BAS technology will become an indispensable part of security operations in the next five years.
Lin Juwei, Senior Security Architect of 360 Digital Security Group
In the future, Saining Network Security will continue to increase product research and development and technology upgrades in the field of security verification and evaluation. Based on the two core technologies of simulation and offense and defense, it will take actual combat as an important orientation to improve the security assurance capabilities of key units, and continue to study digital twin shooting ranges and In the future, new technologies and artificial intelligence technologies will be integrated and developed, and all parties will work together to protect the security of key information infrastructure and jointly help improve the quality and efficiency of security operations.