With the outbreak of the new crown, the global economy, science and technology, political pattern and game rules rewritten, the post-new crown era of new infrastructure and scientific and technological innovation to drive economic recovery has become an important force to change the future. In this context, during the two sessions in 2020, the science and technology sector network security-related proposals have attracted the attention of the security industry, because whether new infrastructure, digital transformation or scientific and technological innovation, for the network security industry is an unprecedented "disruptive opportunity", this subversive performance is:

1. Information technology has transformed from an enabler of digital transformation to a driver of technological innovation, and the cybersecurity market has ushered in major changes.With the organization and complexity of cyber attacks in recent years, the digital transformation of enterprises and new infrastructure are facing new challenges, and the cyber security industry is facing a structural upgrade and change, mainly as follows: from passive defense to active defense; from edge security to endogenous security; "security priority", "security left shift", from the early stages of technology development, architecture design and risk management.

2. Traditional enterprises are more proactive in dealing with network security issues, and security and privacy protection capabilities are becoming one of the core competitiveness of digital enterprises.In the past, the top network security technology, talent, capital and practice were mainly Internet technology companies. However, during the two sessions, some traditional enterprises paid close attention to the topic of network security and privacy protection, and even took the initiative to propose network security regulations and data security issues, indicating that network security has become the focus of the digital transformation of traditional enterprises.

3. The new infrastructure needs the "big security" of the whole domain and the whole stack ".The scale of government investment in new infrastructure is as high as tens of trillions, which will have a profound impact on every enterprise in China. At the same time, the "security design" of new infrastructure will also have a significant impact on the "security gene" of the entire Chinese digital society. As the infrastructure of the digital economy, the new infrastructure faces much more network security risks and risk management difficulties than enterprise networks, network security will be upgraded from local, affiliated, edge, associated technology investment projects, to cloud computing, 5G, Internet of Things, artificial intelligence and other new infrastructure "endogenous", "global", "full stack" core technology.

The following is based on the network security-related proposals during the two sessions to sort out twelve hot topics of technological innovation and investment:

600 billion yuan Budget, Focus on Investment in "Two New and One Heavy" Construction

"We will focus on supporting the construction of 'two new and one heavy ', which not only promotes consumption and benefits people's livelihood, but also increases the stamina of the structure. The main points are: strengthening the construction of new infrastructure, developing a new generation of information network, expanding 5G applications, building charging piles, promoting new energy vehicles, stimulating new consumer demand and promoting industrial upgrading."

Summary of the 2020 Government Work Report

In Zhou Hongyi's view, network security is one of the most important basic technologies of new infrastructure, which must be deployed simultaneously in the process of new infrastructure promotion. Only by building a new infrastructure network security protection system can we ensure the smooth progress of the new infrastructure strategy and the healthy prosperity of the digital economy.

Specific recommendations are as follows:

(1) Using holistic thinking to plan the top-level design of the network security protection system for new infrastructure;

(2) Simultaneous construction of security infrastructure for new infrastructure, focusing on the construction of security protection capabilities for new infrastructure;

(3) Strengthen the security of big data platform and realize safe big data collaborative computing;

(4) Carry out normalized cyber security offensive and defensive confrontation exercises to continuously test and enhance the security capabilities of new infrastructure.

In the construction of new infrastructure network security, we should have a broad vision. The network form under the new infrastructure is different from the past, the network boundary may be more blurred, the correlation between each other will be stronger, so we can not be confined to a single point, line of protection, to broaden the vision, update thinking, from the depth and breadth of both to strengthen the work, build a new network security architecture, enhance the understanding of new threats under the new form and the ability to perceive and deal with, the formation of a wide-area, multi-level protection system.

With the advancement of "digital infrastructure", more businesses will serve the public in the form of "network APP", and the impact of network security will move from the original physical entity to the network virtual body, which will have a significant impact on the digital economy in the event of network security problems. Zhou Hanmin suggested that in the process of expanding the network security industry, more enterprises and scientific research institutes with technical capabilities and application scenarios should be allowed to participate in the network security construction of the digital economy. The leading security capabilities in different fields and different industries have become an important part of the national network security capability system. The introduction of digital economy "security infrastructure" standards has also become a topic of concern to the three CPPCC members. Zhou Hanmin also suggested that the relevant departments should organize a survey on the "security infrastructure" standard as soon as possible, extensively understand the accumulated and effective practices of enterprises in practice, and combine the development of the new generation of information and communication technology to provide reference for the construction of a complete security infrastructure.

It is suggested that attention should be paid to the safety construction concept of constructing safety ability from the source. Peng Jing believes that network security is not a problem to be dealt with afterwards, but a problem of improving "immunity" beforehand. It is necessary to strengthen the education and publicity of network security in the majority of enterprises and institutions, and set a red line for safe R & D and production. At the beginning of the digital infrastructure, we will simultaneously build security infrastructure and improve risk immunity.

Meng Dan made suggestions on improving the construction of the new infrastructure security system. He believes that network security is from the past "auxiliary" function into an important part of digital infrastructure, digital infrastructure in the construction of the beginning to consider the simultaneous construction of the security system, from passive prevention and control to active defense. Therefore, he suggested that the State Internet Information Office should take the lead, in conjunction with the Ministry of Industry and Information Technology, the Ministry of Public Security and other relevant departments, to link upstream enterprises with a high degree of digitization and national scientific research institutes with in-depth research on security systems and technologies. Comprehensive integration of research and application to build a complete security infrastructure.

Academician of Chinese Academy of Engineering Ni GuangnanIt also expresses the importance of security to "new infrastructure. In an interview, he said that to do a good job of "new infrastructure", a particularly important key word is network security, because a large number of "new infrastructure" belongs to the information field of infrastructure construction, if the network security is not done enough, it must not meet the requirements, network security is the top priority.

academician of the chinese academy of engineering wu hequan:Cybersecurity is no longer an after-the-fact problem, and the original methodology of selling boxes and firewalls alone obviously cannot solve the new challenges brought about by the new infrastructure, and it is necessary to deploy cybersecurity measures in tandem with the new infrastructure, rather than patching if something goes wrong.

academician of the chinese academy of engineering fang binxing:Cybersecurity depends on the new security issues brought about by new technologies, and the "new infrastructure" that brings new technologies will inevitably be accompanied by new security issues.

Topic 2: Developing the Industrial Internet

"Develop the industrial Internet and promote intelligent manufacturing. New business forms such as e-commerce online shopping and online services have played an important role in the fight against the epidemic, and we should continue to introduce supportive policies to comprehensively promote the" Internet "and create new advantages in the digital economy."

Summary of the 2020 Government Work Report

Specific recommendations are as follows:

(1) Strengthen the construction of industrial Internet security technology.

The introduction of industrial Internet security policies to enhance security action, increase national capital investment, speed up the construction of security technology means, take more measures to strengthen industrial support, and promote the improvement of industrial ecology.

(2) Promote the development of artificial intelligence-enabled industrial Internet security.

Guide the establishment of joint laboratories to promote technical research and compound talent training, promote the landing of artificial intelligence-enabled industrial Internet security practices, and promote the sustainable and adaptive evolution of artificial intelligence-enabled industrial Internet security.

In order to further strengthen the security of the industrial Internet and ensure that it becomes a reliable force driving the development of industrial production and the promotion of social value, we should vigorously promote the application and deployment of industrial Internet technology while paying attention to the research and development of network security defense technology that matches it. Promote the development of artificial intelligence-enabled industrial Internet security.

Specific recommendations are as follows:

(1) Guide the establishment of joint laboratories to promote technical research and the cultivation of compound talents;

(2) Promote the implementation of artificial intelligence-enabled industrial Internet security practices;

(3) Promote the sustainable and adaptive evolution of artificial intelligence-enabled industrial Internet security.

Topic 3: Protection of Personal Information

The work report of the Standing Committee of the National People's Congress pointed out in the next main work arrangement that the biosecurity law, personal information protection law, and data security law should be formulated around national security and social governance, and the Criminal Law Amendment (11) was passed to amend the Administrative Punishment Law, The People's Armed Police Law, etc.

Representative: Li Yanhong, member of the CPPCC National Committee

(1) Strengthen the protection of personal information during special periods such as epidemic prevention and control.

Establish an exit mechanism for personal information collected during the new coronary pneumonia epidemic, strengthen the normative management of collected data, and study and formulate standards and norms for the collection, storage and use of citizens' personal information during special periods.

(2) Under the background of big data application, it is urgent to ensure the security of personal information.

The first is to speed up the legislative process; the second is to set up a special regulatory body; the third is to establish the operating norms of the operating subject; the fourth is to give the information subject the power of self-protection.

Specific recommendations are as follows:

(1) Speed up the legislative process.Through special legislation, unify the protection of personal information in the public and private fields, clarify the principles, procedures, confidentiality and protection obligations of the operators to collect and use personal information, the legal responsibilities for improper use and ineffective protection, and the supervision methods and punishment measures of the regulatory authorities.

(2) The establishment of a special regulatory body.It is recommended to clarify in the legislation that specialized agencies are responsible for or take the lead in the protection of personal information, establish a unified system and norms, have the right to supervise the operating entities, and deal with violations.

(3) Establish the operating norms of the operating entity.For example, it is necessary to make it clear that the operator must collect, use and keep personal information in accordance with the law, have a clear and legitimate purpose, meet the requirements of "minimum and necessary", and have the express consent of the information subject; it is necessary to strengthen the management of employees, formulate rules for information collection, processing, transmission, disclosure and use, do a good job in process monitoring, and strictly investigate the responsibility of relevant personnel in the event of information leakage. At the same time, technical protection into the legal norms, to promote the operation of the main body to increase investment in technical protection.

(4) Give the information subject the power of self-protection.For example, to clarify the "right to self-determination of information", the information subject has the right to decide whether to inform or allow others to use their own information, and to establish an "informed consent" system. Only with the informed consent of the information subject, the operating subject can collect, store and use personal information; to give the "right to be forgotten", learn from the EU General Data Protection Regulations, when the information subject exercises the "right to be forgotten, the operating entity must not only delete the information it has, but also be responsible for the publicly disseminated information, and have the obligation to notify others to stop using and delete it.

Topic 4: Data Security

At the third session of the 13th National People's Congress, the work report of the Standing Committee of the National People's Congress pointed out that in 2020, important legislation such as the personal information protection law and the data security law will be formulated around national security and social governance.

Representative members: CPPCC National Committee member Tan Jianfeng

Tan Jianfeng believes that comprehensive policies should be implemented from multiple dimensions such as legislation, law enforcement, international cooperation, and industrial development to comprehensively promote the construction of a comprehensive national data security capacity system.

Specific recommendations are as follows:

(1) Strengthen data security professional legislation and special law enforcement;

(2) Actively carry out the docking of international rules on data and artificial intelligence security;

(3) Increase support to make the network security industry bigger and stronger;

(4) Establish a data circulation system that adapts to the development of artificial intelligence.

Representative members: Yang Yuanqing, deputy to the National People's Congress

Specific recommendations are as follows:

(1) Refine data security and privacy protection rules to protect the legitimate rights and interests of citizens;

(2) Clarify the ownership of data rights and promote the determination, circulation, trading and protection of data;

(3) Establish a system for the rational use of data to achieve a balance of interests between individuals and data users;

(4) Establish rules for the open sharing of public data and promote the rational use of public data;

(5) Complete establishment of China's cross-border data flow system to cope with international data competition.

Topic 5: National 5G Security

Representative members: Zhou Hongyi, member of the CPPCC National Committee

Therefore, Zhou Hongyi suggested that the significance and urgency of 5G network security should be examined from a strategic perspective, the top-level design of 5G security should be strengthened, and the National 5G Security Strategy should be formulated.

Topic 6: Internet of Things Security

Representative: Yan Wangjia, member of the CPPCC National Committee

Specific recommendations are as follows:

(1) It is recommended that relevant units initiate or accelerate the completion of the development of information security standards such as in-vehicle gateways and in-vehicle entertainment systems;

(2) It is recommended to add information security requirements to the Technical Conditions for Motor Vehicle Operation Safety, and clarify the information security risk assessment requirements and information system and data security requirements for intelligent networked vehicles and vehicle assisted driving systems;

(3) It is recommended to require information security testing before the sale of important parts of intelligent networked vehicles containing electronic systems, especially operating systems;

(4) It is recommended that a comprehensive information security risk assessment must be carried out before putting into use, including intelligent network-connected vehicles such as unmanned test vehicles, unmanned taxis, low-small slow-speed intelligent devices, traditional vehicles with auxiliary driving functions and new energy vehicles;

(5) It is recommended to establish a normalized information security detection and evaluation mechanism for intelligent network-connected vehicles such as unmanned test vehicles, unmanned taxis, low-small slow-speed intelligent devices, and electric vehicles;

(6) It is suggested that the risk assessment of the intelligent vehicle network should be carried out for the demonstration areas and closed experimental areas of the unmanned vehicles, intelligent network-connected vehicles, low-small and slow-speed intelligent equipment under construction or built nationwide, and a normalized assessment mechanism should be formed;

(7) It is recommended that for all foreign imported vehicle models currently in the domestic market, a comprehensive information security risk assessment should be conducted in accordance with laws and regulations such as the the People's Republic of China Cyber Security Law and the Personal Privacy Protection Regulations, and the cloud vehicle service system should be based on legal requirements. Migrate to China to prevent the leakage of personal privacy information of Chinese citizens.

Topic 7: Smart Cities

Representative: Yan Wangjia, member of the CPPCC National Committee

(1) the lack of smart city network security supervision responsibility;

(2) The relationship between smart city and information security development needs to be treated correctly;

(3) There are significant data security risks in smart cities;

(4) There are security risks in the extensive use of Internet of Things technology in smart cities;

(5) The risk of losing control of key technologies in smart cities.

Specific recommendations are as follows:

(1) Change the idea of smart city safety construction, from synchronous construction to safety first;

(2) Correctly handle the relationship between smart city and information security development;

(3) Ensure smart city data security protection;

(4) Formulate the direction of IoT security technology to encourage the introduction and innovation of key technologies in smart cities.

Representative: Li Yanhong, member of the CPPCC National Committee

Specific recommendations are as follows:

In this regard, the state should strengthen policy guidance and encourage local governments to increase exploration and investment. On the one hand, it should strengthen the exploration of urban intelligent transportation operator models, encourage qualified areas to try first, and on the other hand, it should speed up the collaborative and intelligent transformation of traffic network vehicles and roads. In addition, it is necessary to build a new generation of national intelligent traffic management platform to accelerate the formation of a safe and reliable modern traffic management system.

Representative members: Zhou Yunjie, deputy to the National People's Congress

Topic 8: Xinchuang Network Security Capacity Building

Representative members: Zhou Hongyi, member of the CPPCC National Committee

Topic 9: Blockchain Technology and Industrial Innovation and Development

Representative members: Zheng Jie, deputy to the National People's Congress

Specific recommendations are as follows:

(1) It is necessary to strengthen the construction of standards and norms, accelerate the development of key and urgent standards for blockchain and special standards for key industries, and actively guide and support the main body to participate in the research, formulation and promotion of blockchain international standards;

(2) It is necessary to strengthen key technology research, promote the innovative integration of blockchain and other new-generation information technologies such as 5G, AI, big data, and the Internet of Things, and accelerate the construction of independent and controllable blockchain underlying technology research and development platforms and infrastructure platforms;

(3) It is necessary to strengthen the supply of industrial policies, introduce the top-level design and overall plan for the development of blockchain as soon as possible, and strengthen the systematic layout of industries;

(4) It is necessary to strengthen the construction of the regulatory system, while resolutely cracking down on malicious violations, give emerging technologies a certain space for inclusive development, strengthen the security assessment of blockchain platform-level applications, and improve the compliance and standardization of blockchain technology and applications.

Topic 10: Improve network security emergency response capacity

Representative: Zhang Ye, member of the CPPCC National Committee

(1) Improve the national level network security emergency management system;

(2) Construction of a national network security emergency management and disposal platform;

(3) supporting the development of network security disposal emergency requisition measures;

(4) Research and carry out the necessary practical network security testing.

Topic 11: Network Security Emergency Response and Resource Reserve Mechanism

Representative: Xiao Xinguang, member of the CPPCC National Committee

Topic 12: Beijing should become a cyber security capital

Representative: Qi Xiangdong, member of the Beijing Municipal Committee of the Chinese People's Political Consultative Conference