Zhou Hongyi: Let "Hackers" Go To The Front Desk, Network Security Escort Innovation Future

Zhou Hongyi once told a real horror "story".

Last year, 360 discovered several cloud loopholes in a world-famous automobile brand. Through these loopholes, 360 security personnel can remotely control more than a million luxury cars of the brand after 2017, including opening the door, starting and stopping the engine.

360 submitted the loophole to the auto manufacturer, and the other party repaired the loophole in time.

The problem reflected in this "story" is that loopholes in the cloud of automobile manufacturers can directly cause damage to the physics of automobiles.

"My old job is to do network security, so my topic is always related to my old line." Zhou Hongyi, member of the National Committee of the Chinese people's Political Consultative Conference (CPPCC) and founder of 360 group, said in an interview with 21st century economic reporter on the eve of the two sessions in 2021. It is reported that since he was elected to the CPPCC National Committee in 2018, the proposals submitted by Zhou Hongyi for four consecutive years have focused on the network security industry.

Although the theme is fixed, Zhou Hongyi's focus is changing every year. According to the reporter's understanding, the network security issue mentioned by Zhou Hongyi this year is a new digital threat under the whole digital development of China in the future, specifically involving the security of Internet of vehicles and smart city. In addition, Zhou Hongyi also submitted a proposal for security experts and special technical talents in the industry.

Zhou Hongyi said that digitalization is redefining network security. The security vulnerability is unprecedented, and the network security risks are all over the digital scene. If we use one sentence to summarize the impact of digital economy on network security, we can say that "software redefines the world", which is a new challenge faced by the network security industry in the era of innovation.

List network security as standard configuration of intelligent car

In the whole year of last year, smart car is undoubtedly one of the most concerned industries. Zhou Hongyi submitted a proposal related to the safety of Internet of vehicles this year, which is the second time that he has paid attention to the safety of intelligent vehicles after 2019.

Zhou Hongyi said that the wave of China's car making in 2019 is not so high. In recent years, domestic and foreign car companies are becoming more and more lively. Traditional car manufacturers are trying to build smart cars, and many Internet companies are also making cross-border cars. However, the more heated the situation is, the more network security practitioners, the more they should have the responsibility to raise the security issues, to escort car companies and consumers.

In Zhou Hongyi's opinion, compared with the safety problems of mobile phones and computers, the safety of intelligent connected vehicles is more important. Because the intelligent Internet connected vehicle is like a "big mobile phone" with four wheels, which integrates a large number of cameras, radars, tachometers, navigators and other kinds of sensors, which leads to the security problems existing in the intelligent terminals in the past, which are also "transferred" to the smart cars.

Zhou Hongyi told reporters that at present, there are three security problems in smart cars: first, the security risks brought by the networking of intelligent vehicles are very big. Mobile phones, computers can be installed through the installation of anti-virus software, if there is a more serious problem, change the mobile phone, computer line. But cars can't. The vehicle can not have problems in the process of driving. Once there is a problem, there may be an accident in the light, and the car will be destroyed or killed if it is serious.

Secondly, behind the intelligent network coupling is the storage and use of data in the cloud. A large amount of driving data is collected and stored in the cloud, and instructions can be issued through the cloud. In such a case, once the cloud server of the automobile manufacturer is damaged or the vulnerability is exploited, the attacker can realize remote control of the car, including remote door opening, remote starting and remote flameout, which seriously threatens the safe driving of intelligent vehicles. Therefore, the safety problems of smart car suppliers can also bring disaster to the pond.

Third, there is a huge risk of data collection leakage in intelligent vehicles. Today's intelligent car driving on the road, can collect various data through sensors, cameras, such as speed, tire pressure, travel trajectory, along the way buildings, landmark information, and so on. These data are stored in the local or cloud, once leaked, users' privacy will be exposed, and road network data, navigation data, environmental images and other data with mapping attributes will also be collected and leaked in large quantities, which may even endanger the security.

Therefore, Zhou Hongyi suggested that the network security system should be listed as the standard configuration of smart cars like "safety belt", and the mandatory network security test of intelligent vehicles should be promoted. In addition, it is necessary to strengthen the data security supervision generated by the intelligent network connected vehicle.

According to Zhou Hongyi, at present, there are many new forces of car making and traditional car factories that have sought cooperation from 360. Zhou Hongyi said that safety is like an appetizer and an accessory in many industries. However, in the history of the automobile industry for hundreds of years, safety has always been the most important. All cars have to undergo various collision tests when they leave the factory. This is because cars are different from other accessories such as mobile phones. If nothing happens, it will happen. So with the advent of the era of software defined automobile, the Internet has become more and more important Network safety will also play a very important role in the automotive field.

Network security should be the base of smart city

When talking about the topic of smart city, Zhou Hongyi said that smart city is one of the most important scenarios of China's digital strategy. In the next five years, many local governments will improve their capabilities through the construction of smart cities. At the same time, urban digitization also brings unprecedented security risks to urban development.

In the context of smart city, the operation of the whole city and the infrastructure of the city, including water, electricity, gas, transportation, people's food, clothing, food, housing and transportation are all built on software. However, as long as it is software, there must be loopholes. If there is a vulnerability, it will be attacked by people, especially the Internet of things. It connects all kinds of infrastructure in the physical world with virtual cyberspace. In this case, all virtual attacks in cyberspace can become physical injuries.

Zhou Hongyi said that the biggest threat to urban security in the future will be advanced cyber attacks, because fully digitized cities can be out of control in an instant through advanced cyber attacks, which may lead to water, electricity and gas cut off. Therefore, for the city, network security should be the base of smart city. Without the escort of network security, the more fully and advanced the digital smart city is, the more vulnerable it will be in the face of network attacks.

As for how to ensure the security of smart city, Zhou Hongyi also put forward his own suggestions: first, establish a security consensus, and make the city level network security infrastructure as the standard configuration of smart city. "It is impossible to regard security as a vassal of a digital smart city. You can't buy firewalls and antivirus software when the city is built. You should plan the security architecture while planning the construction of digital city."

Second, it is necessary to change the decentralized practice of fighting separately in the past and carry out unified and safe operation of urban network security infrastructure. In the past, it was called "Whoever builds the network is responsible for it". But now, it is necessary to establish the city's security infrastructure and establish a city level security expert operation team on the basis of the urban security infrastructure. Through the operation of the security experts, the network security ability can be built into the public service ability like hydropower, coal and gas.

Zhou Hongyi said: we can imagine that if there is no water plant and power plant for public utilities, police and security personnel for public utilities, it is impossible for a city to develop. Generally speaking, while building a smart city in the future, it is necessary to establish a complete set of security infrastructure and security operation team of the city. In the future, the assessment of a city's smart city capability also depends on whether it can provide city level safe operation services.

Speak for the folk "white hat hackers"

In addition to the Internet of vehicles and smart city, Zhou Hongyi also submitted a proposal related to safety experts and special technical talents in the industry this year. He told reporters that talent is the top priority of network security. The special network security talents mentioned in this proposal are commonly known as "hackers". In the past, when "hackers" were mentioned, their attitudes were relatively negative and even stigmatized.

But in fact, there are some misunderstandings about hackers in the society, and sometimes they are resisted "regardless of black and white". In fact, many private security experts are "white hat hackers". They have been committed to helping enterprises to explore loopholes and make attacks and defenses. They are a bit like Xiake in the digital age and the information age.

Zhou Hongyi said that in terms of personnel training, although some network security talents can be trained by means of education, talent still plays a great role. Many "white hat hackers" are prodigies, geeks and partisans. Because of their low educational background, they have not undertaken national scientific research projects, published papers, can't evaluate their professional titles, can't settle down, and their children may face difficulties in entering school. Although many efforts have been made in recent years, these problems have not been completely solved.

Therefore, Zhou Hongyi suggested that the state could improve the understanding and recognition of these special talents through identification and incentive measures, enhance their sense of honor, attract them to contribute to the construction of a network power, and stand up at the critical moment of major network security incidents.

Specifically, Zhou Hongyi put forward three suggestions: first, to formulate a special network security personnel identification policy. It is suggested that the state should formulate and promulgate the standards for the identification of network security special talents with the ability as the guide and the achievement as the yardstick, so as to highlight the professionalism, innovation and practicability, and the ability to solve practical problems, such as big data security analysis ability, vulnerability mining and repair ability, apt attack detection and tracing ability, etc., and maintain the independence and development potential of such special talents. It is suggested to establish a targeted professional title evaluation institution and system, and make it clear that the professional title system is widely recognized in the society.

The second is to give personal tax preferential policies to qualified network security talents. It is suggested to increase the personal income tax exemption items for special talents of network security, and also give individual income tax reduction and exemption for income from outstanding contributions. For the qualified entrepreneurs and early employees in the emerging field of network security, their stocks and options shall be taxed according to the "capital gains" tax principle, and the personal income tax shall be paid according to the property transfer income in the actual realization link, so as to stimulate their entrepreneurial enthusiasm and encourage innovation and development.

Finally, it is necessary to encourage the qualified network security talents. It is suggested to open up a green channel for the introduction of special talents in the network security industry. Special care should be given to settle down, buy cars, buy houses and children's schooling, and special subsidies should be given to those who have made outstanding contributions. Beijing reports from Baiyang, the report group of the National People's Congress and the National People's Congress of Nanfang finance and economics all media group

?