definition:
National public communications and information services, energy, transportation, water conservancy, finance, public services, e-government and other important industries and fields, as well as key industries that may seriously endanger national security, national economy and people's livelihood, and public interests once they are damaged, lose function, or data leaks Information infrastructure, on the basis of the network security level protection system, implements key protection.
—— "Network Security Law"
What is the critical information infrastructure that we touch?
1. Websites: such as websites of party and government agencies, websites of enterprises and institutions, news websites, etc.
1. Websites of party and government organizations at or above the county level .
2. Key news websites.
3. Websites with an average daily visit volume exceeding 1 million .
4. Once a network security incident occurs, it may cause one of the following effects.
*Affecting the work and life of more than 1 million people;
*Affect the work and life of more than 30% of the population in a single city-level administrative region;
*Cause more than 1 million personal information leaked;
*Cause a large number of institutions and enterprises to leak sensitive information;
*Cause a large amount of national basic data such as geography, population, and resources to leak;
*Seriously damage the image of the government, social order, or endanger national security.
5. Others should be identified as critical information infrastructure.
2. Platforms: such as instant messaging, online shopping, online payment, search engines, e-mail, forums, maps, audio and video and other network service platforms.
1. The number of registered users exceeds 10 million , or the number of active users (logging in at least once a day) exceeds 1 million .
2. The average daily transaction order or transaction volume exceeds 10 million yuan.
3. Once a network security incident occurs, it may cause one of the following effects.
*causing direct economic losses of more than 10 million yuan;
* Directly affect the work and life of more than 10 million people ;
*Cause more than 1 million personal information leaked;
*Cause a large number of institutions and enterprises to leak sensitive information;
*Cause a large amount of national basic data such as geography, population, and resources to leak;
*Seriously damage social and economic order, or endanger national security.
4. Others should be identified as critical information infrastructure.
3. Production business categories: such as office and business systems, industrial control systems, large data centers , cloud computing platforms, TV broadcasting systems, etc.
1. The business systems of government agencies at or above the prefecture and city level for public services, or urban management systems related to medical care, security, fire protection, emergency command, production scheduling, and traffic command .
2. A data center with a scale of more than 1,500 standard racks.
3. Once a network security incident occurs, it may cause one of the following effects.
*Affect the work and life of more than 30% of the population in a single city-level administrative region;
*Affecting 100,000 people 's water, electricity, gas, oil, heating or transportation;
*Causing more than 5 deaths or serious injuries to more than 50 people;
* Directly causing economic losses of more than 50 million yuan;
*Cause more than 1 million personal information leaked;
*Cause a large number of institutions and enterprises to leak sensitive information;
*Cause a large amount of national basic data such as geography, population, and resources to leak;
*Seriously damage social and economic order, or endanger national security.
4. Others should be identified as critical information infrastructure.
Obligations to protect the security of critical information infrastructure
Article 34 Operators shall set up specialized agencies and responsible persons, network security education and training, disaster recovery and backup, emergency plans and drills, etc.
Article 59: If the operator refuses to make corrections or causes harm to network security, a fine of 100,000 to 1 million yuan will be imposed, and the person directly responsible will be fined 100,000 to 100,000 yuan.
—— "Network Security Law"
Sensitive information storage
Article 37 Personal information and important data collected within the territory shall be stored within the territory. If it really needs to be provided overseas, a security assessment should be conducted.
Article 66 If the operator violates the regulations, the illegal income shall be confiscated, a fine of 50,000 to 500,000 yuan shall be imposed, the license shall be revoked, and the person directly responsible shall be fined 10,000 to 100,000 yuan.
—— "Network Security Law"
Risk detection and evaluation
Article 38 The operator organizes at least one safety risk inspection and evaluation every year, and reports the evaluation situation and improvement measures to the relevant departments.
Article 59: If the operator refuses to make corrections or causes harm to network security, a fine of 100,000 to 1 million yuan will be imposed, and the person directly responsible will be fined 100,000 to 100,000 yuan.
—— "Network Security Law"
definition:
National public communications and information services, energy, transportation, water conservancy, finance, public services, e-government and other important industries and fields, as well as key industries that may seriously endanger national security, national economy and people's livelihood, and public interests once they are damaged, lose function, or data leaks Information infrastructure, on the basis of the network security level protection system, implements key protection.
—— "Network Security Law"
What is the critical information infrastructure that we touch?
1. Websites: such as websites of party and government agencies, websites of enterprises and institutions, news websites, etc.
1. Websites of party and government organizations at or above the county level .
2. Key news websites.
3. Websites with an average daily visit volume exceeding 1 million .
4. Once a network security incident occurs, it may cause one of the following effects.
*Affecting the work and life of more than 1 million people;
*Affect the work and life of more than 30% of the population in a single city-level administrative region;
*Cause more than 1 million personal information leaked;
*Cause a large number of institutions and enterprises to leak sensitive information;
*Cause a large amount of national basic data such as geography, population, and resources to leak;
*Seriously damage the image of the government, social order, or endanger national security.
5. Others should be identified as critical information infrastructure.
2. Platforms: such as instant messaging, online shopping, online payment, search engines, e-mail, forums, maps, audio and video and other network service platforms.
1. The number of registered users exceeds 10 million , or the number of active users (logging in at least once a day) exceeds 1 million .
2. The average daily transaction order or transaction volume exceeds 10 million yuan.
3. Once a network security incident occurs, it may cause one of the following effects.
*causing direct economic losses of more than 10 million yuan;
* Directly affect the work and life of more than 10 million people ;
*Cause more than 1 million personal information leaked;
*Cause a large number of institutions and enterprises to leak sensitive information;
*Cause a large amount of national basic data such as geography, population, and resources to leak;
*Seriously damage social and economic order, or endanger national security.
4. Others should be identified as critical information infrastructure.
3. Production business categories: such as office and business systems, industrial control systems, large data centers , cloud computing platforms, TV broadcasting systems, etc.
1. The business systems of government agencies at or above the prefecture and city level for public services, or urban management systems related to medical care, security, fire protection, emergency command, production scheduling, and traffic command .
2. A data center with a scale of more than 1,500 standard racks.
3. Once a network security incident occurs, it may cause one of the following effects.
*Affect the work and life of more than 30% of the population in a single city-level administrative region;
*Affecting 100,000 people 's water, electricity, gas, oil, heating or transportation;
*Causing more than 5 deaths or serious injuries to more than 50 people;
* Directly causing economic losses of more than 50 million yuan;
*Cause more than 1 million personal information leaked;
*Cause a large number of institutions and enterprises to leak sensitive information;
*Cause a large amount of national basic data such as geography, population, and resources to leak;
*Seriously damage social and economic order, or endanger national security.
4. Others should be identified as critical information infrastructure.
Obligations to protect the security of critical information infrastructure
Article 34 Operators shall set up specialized agencies and responsible persons, network security education and training, disaster recovery and backup, emergency plans and drills, etc.
Article 59: If the operator refuses to make corrections or causes harm to network security, a fine of 100,000 to 1 million yuan will be imposed, and the person directly responsible will be fined 100,000 to 100,000 yuan.
—— "Network Security Law"
Sensitive information storage
Article 37 Personal information and important data collected within the territory shall be stored within the territory. If it really needs to be provided overseas, a security assessment should be conducted.
Article 66 If the operator violates the regulations, the illegal income shall be confiscated, a fine of 50,000 to 500,000 yuan shall be imposed, the license shall be revoked, and the person directly responsible shall be fined 10,000 to 100,000 yuan.
—— "Network Security Law"
Risk detection and evaluation
Article 38 The operator organizes at least one safety risk inspection and evaluation every year, and reports the evaluation situation and improvement measures to the relevant departments.
Article 59: If the operator refuses to make corrections or causes harm to network security, a fine of 100,000 to 1 million yuan will be imposed, and the person directly responsible will be fined 100,000 to 100,000 yuan.
—— "Network Security Law"