Are the "Cisco" really innocent?

Absrtact: As early as 2010, the US attack on Iran's nuclear facilities, the earthquake network virus, has led to the Iranian nuclear facilities more than 1000 centrifuges paralyzed. The virus is so powerful because almost every computer in Iran has a Microsoft Windows system installed. An information security

As early as 2010, the "Quake net" virus that attacked Iranian nuclear facilities in the United States had paralysed more than 1000 centrifuges in Iran's nuclear facilities. The virus is so powerful because almost every computer in Iran has a Microsoft Windows system installed.

An information security expert noted with concern that China is almost naked standing in front of the United States has been armed to the teeth, in the crisis, the United States "eight King Kong" may bring harm to China, the same as the fire of Yuanmingyuan "eight."

The difficulty of stealing is zero?

"We cannot say that some countries and manufacturers have done this, but purely technically, there are many ways and means to steal data without being detected, and the difficulty is almost Nil. "Shuguang company president Lichun told China Economic Weekly."

According to the military introduction, information system is divided into hardware and software two levels, hardware mainly including network interconnection, data processing and storage of three links; there are many layers of software, from micro-code in the processor, hardware control software, operating system, database to the application, if the manufacturer has the power, Have the ability to easily remove any data at any point, the technology is very simple, and users are not aware of the possibility.

For example, in the process of information calculation, the results are retained in your computer memory and hard drive, as long as the manufacturer in the chip to add a small piece of code, you can secretly retain a copy, and then you do not know when secretly a little sent out. This method of stealing data is similar to Trojan virus, but the difference is that this is a "original Trojan", you can not detect, but also can not be cleared. Of course, this is a very simple way, and there are many more complex methods that are more difficult to prevent.

Another example of some of the processor's "back door", in fact, is to add a small number of micro-code in the processor, which is not known to others, the channel of data transmission, when the manufacturer is interested in the back door open, your computer in which he is interested in the information transmitted. For example, some of the code is not public software (usually called "Closed system"), what is there is not known, people can not prove that there is no so-called "original Trojan horse." According to reporters, Microsoft has been questioned many times, and even triggered lawsuits.

"Now the prism door" is almost at all levels of hardware and software involved, because the so-called ' eight King Kong ' and some internet companies cover almost every level of information systems and links. "The army said.

Although some precautions may be taken for possible leaks, there are still holes to be drilled. "We are using some unsafe products in terms of security protection almost everywhere." Liu Hongyu, vice president of Ruijie Networks, told China Economic Weekly. Even if the physical isolation of a private network (that is, the network and extranet is physically disconnected), due to the frequent need for vendor software upgrades or hardware maintenance, once the infrastructure is through the "maintenance or service" channel Contact, it is very possible to have the risk of being monitored and leaked. ”

Are the "Cisco" really innocent?

After the Prism project was exposed, many of the companies implicated had said they had never been involved in the plan, trying to clear the relationship. In this regard, as a well-known domestic hardware manufacturer senior Zhang (alias) does not agree, he believes that these manufacturers are actually playing word games.

"In addition to unsolicited theft, such as the embedding of code to send user data to certain departments, there is another way is to passively leak, ' prism ' more like the latter." Because the IT system will have some loopholes, so there will be hackers, looking for vulnerabilities and then to steal data, of course, manufacturers will continue to patch to seal these vulnerabilities. But if these it vendors leave some loopholes for some agencies without blocking them, or open some authority to certain departments according to the authority of the country in which the enterprise is located, then the government can get the data information directly through the channel, the enterprise may have no idea what the government has done, and it seems to say that it is not involved. Prism ' plan. Zhang told China Economic Weekly.

With Cisco as the representative of the U.S. It giants in China's development is brilliant, but in stark contrast, China's information equipment companies in the United States is struggling. The eruption of the Prism Gate has reminded many of the events that have been blocked in the US by many Chinese companies last year.

There are two reasons why the two countries differ in their attitudes towards it enterprises: first, we have considered the requirements of the WTO too Zhang. China's accession to the WTO, in accordance with the commitment to accede to the Government Procurement Agreement (GPA), the government procurement of foreign and imported products gradually implement national treatment.

"At present, there is no government procurement field is not open." "Zhang said," Why the United States can clearly say that Lenovo computer is not allowed to enter the U.S. government, because it will affect U.S. information security. ”

Second, although the Central and national departments of information security is highly valued, but in the actual operation process, the problem will appear. Many local governments and departments will think: We are not confidential department, or even though the key areas, but only the procurement of foreign equipment used for ordinary office what is the relationship?

"Look at our military, the armed police system, the history of the use of a large number of imported information equipment, now, foreign equipment through the domestic packaging of some institutions, turned into a domestic product, openly into many key departments;" Many banks have data in Oracle and IBM machines; The National Weather Service's main business system is still running on IBM machines ... It's terrible. China's information portal is equivalent to being completely open, really naked. "Zhang said.

"In the process of information construction in the government and key industry sectors, it is true that there are relevant regulations that tend to be domestically produced products, but the mandatory is not very strong and easy to evade." If the purchaser submits the application, specifies the uniqueness and irreplaceable of the product design, after a certain process can purchase foreign equipment. "Liu Hongyu said.

Cloud computing, large data: the security of micro-information can not be ignored

"In the big data age, many seemingly unrelated data, sorted and analyzed, could become important confidential data that is more frightening than the highly confidential data leaked inside the walls." "The army said.

"Prism Door" brings China's information security to a more macro level, cloud computing and large data background, to pay more attention to data security, in the past we are only a small system or equipment to do risk assessment. However, once the local risk is added up, especially in the large data age, it may be possible to splice an important message through fragmented information. "said Ningjia, deputy director of the National Information Center Expert Committee.

"In the big data age, the flow of information on the Internet is increasingly dominating the operation and lifeblood of the country, and some seemingly unrelated data may reveal important information about the country in the context of the comprehensive and in-depth excavation of large data." "Liu Hongyu said.

For example, a common people's consumption data has little value, but if a billion, or even a few billion of ordinary people's consumption data is integrated, it may be related to the national economic development of many core indicators. In the context of cloud computing, the likelihood of this happening is very high.

The core of cloud computing is the concentration of data, the need to consolidate, to relate and share, a place with a highly concentrated amount of data, with a large data concept. The calendar forces believe that, in such a new technical background, both challenges and opportunities, because the past data scattered at 1 million points, it is very difficult to make sure that every point is not a problem, but in the cloud computing era, the country's large data can be concentrated on 1000 points, so that the possibility of security is greatly improved.

It is understood that the state authorities have begun to study the system of access to cloud computing, foreign enterprises can only be allowed to operate within the scope of the law.