The just concluded Fourth Plenary Session of the 19th Central Committee of the Communist Party of China made a major deployment to adhere to and improve the socialist system with Chinese characteristics, and promote the modernization of the national governance system and capacity. Data security governance is of great significance to the modernization of national governance system and governance capacity. It is of great significance for the security community to contribute to the development of the digital economy, promote the safe flow of data according to law, and maximize the value of mining and releasing data. Passwords play an important role in promoting the development of the digital economy and data security governance. To this end, the national password management department has carried out the following work in password governance.
1、 Password is the key core technology to maintain data security
Data is wealth, and security is valuable. Reducing the security risk of data flow, mining the value of data, and promoting the healthy development of the digital economy are inseparable from data security governance; The password is the key core technology to maintain data security and plays an irreplaceable role in the development of the escort digital economy.
First, ensure data security. So far, cryptographic technology is still the most effective, reliable and economical key core technology to ensure network and information security. Through measures such as identity authentication, trust management, access control, data encryption, trusted computing, ciphertext computing, data desensitization, etc. based on cryptographic technology, it can effectively solve the full life cycle security problems such as data generation, transmission, storage, processing, analysis, and use, and solve the basic network resources, information facilities, computing analysis, application services Network access and other security issues of the whole system can provide systematic and comprehensive security protection for the digital economy by solving the security problems of the whole industry chain in technology integration and industry integration. The second is to facilitate data integration. Password is an important means of transmitting value and trust in cyberspace. Through password based data identification, digital signature, digital content, property rights protection and other technologies, it provides a trust foundation for data resources to confirm rights, open, circulate and trade, builds a real and undeniable "digital contract", and realizes reliable, manageable and controllable interconnection, so as to break through the trust bottleneck of data financing, and realize on-demand sharing and secure interaction of data resources. Third, promote the development of digital economy. Passwords are strategic resources supporting national data security. The combination of cryptographic technology and data identification, digital signature and network identity can provide effective support for data traceability, behavior tracking and private information protection while ensuring the safe and orderly flow of data, provide judicial evidence for the supervision in the field of digital economy, provide powerful weapons for departmental supervision and combating crime, and improve the modernization level of national governance system and governance capability Improve the construction of supervision system to provide technical support.
2、 The Cryptography Law provides legal guarantee for data security governance
Password governance is an important component of digital economy security governance. The security governance of China's digital economy requires all parties involved in industry, university, research, application, measurement and management to carry out systematic governance, comprehensive governance and source governance under the guidance of the overall national security concept, so as to form a security governance pattern in which everyone is involved, responsible, responsible and shared. Strengthening password governance according to law is the foundation and premise of data security governance. On October 26, the 14th Meeting of the Standing Committee of the 13th National People's Congress adopted the Password Law of the People's Republic of China. President Xi Jinping signed Presidential Decree No. 35 and announced it, which will be officially implemented on January 1, 2020. This is the first comprehensive and basic law in the field of password in China. It is of great significance to standardize the application and management of passwords, and better play the role of passwords in maintaining national security, promoting economic and social development, and protecting the interests of the people. It also plays an important role in improving the efficiency of data security governance.
The spirit and main content of the Code Law can be summarized as "three insistences". First, we should adhere to the unity of the party's control of passwords and legal management. The fundamental principle of the Party's control of passwords was clearly written into the law, and the leadership system for password work was established in accordance with the law. Clearly implement the management according to law, bring the specific system of the party's password management into the track of the rule of law, and ensure that the party's major policy on password work takes root and is effectively implemented. Second, adhere to the unity of innovative development and ensuring security. On the one hand, it has established a series of institutional measures to promote the development of the password cause, and strives to create a good environment for the innovation of password technology, industrial development and application promotion. On the other hand, it is expressly prohibited to steal the information encrypted and protected by others, illegally invade the password security system, or use passwords to engage in illegal and criminal activities. At the same time, we will strengthen cyberspace password security, standardize the password application of key information infrastructure, promote the construction of a new cyberspace security system with password technology as the core and the cross integration of multiple technologies, and strive to ensure that passwords are guaranteed wherever the Party and national strategies are advanced. Third, we should streamline administration and delegate power and strengthen supervision. On the one hand, we will resolutely implement the reform requirements of "deregulation, regulation and service", further reduce the number of administrative licenses, relax market access, strengthen the supporting role of standardization, testing and certification, and promote the progress of cryptographic technology and industrial development. On the other hand, we should adhere to the combination of decentralization and regulation, transfer more administrative resources from pre approval to in-process and post supervision, and strive to build a password in-process and post supervision system with clear rights and responsibilities, fairness and impartiality, openness and transparency, simplicity and efficiency.
3、 Do a good job of password management of digital economy according to law
In terms of commercial password management, the Password Law fully reflects the transformation of government functions and the reform requirements of "decentralization, regulation and service", stipulates that the State encourages the research and development, academic exchanges, achievements transformation, promotion and application of commercial password technology, improves the unified, open, competitive and orderly commercial password market system, and encourages and promotes the development of commercial password industry. The Password Law also substantially reduced administrative licensing matters, further relaxed market access, and stipulated that commercial password research, production, sales, services, imports and exports, including foreign-funded enterprises, should be treated equally according to law. At the same time, the Password Law fully reflects the connection with the Network Security Law and other relevant laws, reflects the connection between the security evaluation of commercial password applications and the security detection and evaluation of key information infrastructure, and the network security rating evaluation system, attaches importance to playing the leading role of password standards and the supporting role of detection and authentication, and normalizes and strengthens the supervision during and after the event, We will effectively loosen the restrictions and reduce the burden for commercial password practitioners. These institutional measures will provide a solid legal guarantee for the security governance of the digital economy.
In recent years, China has successfully incorporated the cryptographic algorithm standard SM2/3/9 into the international ISO/IEC cryptographic standard; In October this year, the National Commercial Password Testing Center obtained the qualification of a password testing and certification institution issued by the National Accreditation Service; The pilot work of security assessment for password applications in important fields such as finance has been steadily carried out. With the booming development of new technology industries such as cloud computing, big data, artificial intelligence, blockchain, mobile Internet, and the Internet of Things, the research and development of cryptographic standards to meet the new needs, especially the research and development of cryptographic application technology standards in the field of data security, are underway, and escort the high-quality development of China's digital economy. All these have laid a solid foundation for the implementation of the Password Law. National strategies such as cyber power, digital China, and smart society have provided broad space for the development of digital economy. Modernization of national governance system and governance capability has put forward a new era proposition for password governance. Data security cannot be separated from password escort, and the development of digital economy needs password support. It is the common responsibility of the whole society to learn, publicize and implement the Password Law, improve password security awareness, improve the level of password application, promote the integrated development of password and the digital economy, and let the people get more sense of gain, security and happiness from the development of the digital economy. (Author He Liangsheng is Deputy Director of the State Encryption Administration)
