![Page 1: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/1.jpg)
IoT Security Policy and
Regulation Initiatives
in ChinaFan Dongyang, Huawei
![Page 2: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/2.jpg)
2
China Economy – Facilitating High-quality Growth
Going digital
E-commerce is on the rise – between 2006 and 2014,shipping leapt tenfold from 1 billion to 10 billion packages delivered. $14,3b sales Nov.11 2015 in Alibabaplatform, 60% increase from 2014
The new norm
Supply-side reform
ETSI IoT Security Workshop
GDP Growth Rate
![Page 3: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/3.jpg)
3
The National Strategies
Internet + • Develop e-commerce, industry
networks, and online banking, and raise the profile of Internet companies on the world stage.
• Boosting growth by infusing mobile Internet, cloud computing, big data, and IoTinto manufacturing and others.
Manufacture 2025• Enhance industry base, quality
and brand, break through in main areas.
• Promoting green production, streamline industry structure, transformation to services and globalization
• Action Plan for Promoting Development of Big Data• Previous: Special Action Plan for M2M Development (2013-2015)
Platform, Application, Technology, Security, Mechanism
ETSI IoT Security Workshop
![Page 4: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/4.jpg)
4
Cybersecurity
• Internet benefit for the country and people
• To proceed together with development
• Protection system for critical information infrastructure
• Core technologies• Innovation, harmonization, green,
open, and sharing
ETSI IoT Security Workshop
![Page 5: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/5.jpg)
5
Industry and Ministries
• MIIT (Ministry of Industry and Information Technologies) – Telecom + other
about 20 industries
• CAC (Cyberspace Administration of China, Office of the Central Leading
Group for Cyberspace of CCCP) – Cybersecurity and Informationization
• NDRC (National Development and Reform Commission)
• MOST (Ministry of Science and Technology)
• SAC (Standardization Administration of China)
ETSI IoT Security Workshop
![Page 6: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/6.jpg)
6
Industry Alliances
IIC China Team
Industry 4.0 Group
225
298
116 10 AII Members
Industry(225)ICT(29)University(8)Research(11)Security(6)Abroad(10)
Others• Strategy Alliance for M2M
Industry Technology Innovation
• M2M Standardization Group
• Smart City Standardization Group
ETSI IoT Security Workshop
![Page 7: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/7.jpg)
7
Non-governmental Organizations for Policies
• Self-regulation of data flow
Industry
• IOT Cloud Service and Terminal
standards
• Industry 4.0 public policy
• Internet + Car + Traffic Summit
• Energy Internet – opportunities
and challenges
• How to protect information
security in the Big Data time
• Information security impact on
China economy
Digital Forum
• Security of social network
• Way of China Cybersecurity
legislation
• IT industry Cybersecurity best
practices
• Industry control system security
workshop
ETSI IoT Security Workshop
![Page 8: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/8.jpg)
8
Available Law and Regulations• 2015 State Council - China Computer Information System Security Protection Regulation (first in 1994)
• 2007 MPS - Management Method for Information Security Protection for Classified Levels
• 2001 NPC Standing Committee – Resolution about Protection of Internet Security
• 2012 NPC Standing Committee – Resolution about Enhance Network Information Protection
• July 2015: National Security Law - ‘secure and controllable’ systems and data security in critical
infrastructure and key areas
• 2014 MIIT – Guidance on Enhance Telecom and Internet Security
• 2013 MIIT – Regulation about Telecom and Internet Personal Information Protection
• 2014 China Banking Regulatory Commission - Guidance for Applying Secure and Controllable Information
Technology to Enhance Banking Industry Cybersecurity and Informatization Development
ETSI IoT Security Workshop
![Page 9: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/9.jpg)
9
Law and Regulations in the Pipe Line
CAC: Administrative Measures on Internet Information Services
CAC Rules on Security Protection for Critical Information Infrastructure
Cybersecurity Law - second read June 2016
• Cyber Sovereignty• Security of Product and Service• Security of Network Operation (Classified
Levels Protection, Critical Infrastructure)• Data Security (Category, Personal
Information)• Information Security
ETSI IoT Security Workshop
![Page 10: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/10.jpg)
10
Standardization - CCSA
TC10 Ubiquitous Networks• Security Requirements for Ubiquitous Networks
• M2M Technical Specification (Release 1) - Security Solutions
• Baseline for classified protection of IOT perception
communication system
• Research on Physical layer security technology of Ubiquitous
Network Perceived Extension Layer
• Terminal embedded operating system security requirements of
the M2M
• Secure technology requirements for protocols of sensor layer of
M2M
• Research on the security of communication between vehicle and
Infrastructure
• Security Requirements Analysis for Smart City
TC8 Network and Information Security• Requirement for classified level security protection of
M2M information system
• Security framework and technical requirement for logistics
information service
• General requirement for M2M node authentication
TC11 Mobile Internet Application and Terminal• Research on information security problems and key
technologies of mobile internet vehicle
• Information security research for on-board intelligent terminal
ETSI IoT Security Workshop
![Page 11: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/11.jpg)
11
Standardization – TC260 (IT Security)
• Framework for critical information infrastructure
network security
• Technical requirement for Industrial network
protocol
• General reference model and requirements for
M2M security
• Technical requirement for M2M data
transmission security
• Technical requirement for M2M sensor gateway
• Technical requirement for M2M sensor device
• Technical requirement for information security of
smart connected devices
• Industrial control system security
• Management requirements
• Audit guidance
• Classification guidance
• Classification system security design guidance
• Protection technical requirement and test method
• Specified firewall technical requirements
• Isolation and information exchange system security technical
requirement
• Vulnerability detection technical requirement and test method
• Supervision security technical requirement and test method
ETSI IoT Security Workshop
![Page 12: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/12.jpg)
12
Standardization – Smart Manufacture
• Industrial control network security, and information security
• Security requirement for industrial automatic product
• Distributed Control System security protection, management, audit,
risk and vulnerability detection
• Security requirement for the programmable logic controller
• Network security specification of EPA(Ethernet for Plant Automation)
for industrial measurement and control system
• Secure and controllable information system – Electrical Power System
• Sensor network security: general technical specification, network
transmission security technical and test specification, etc.
Information SecuritySoftware, Device, Network, Data and security Protection
Information Security ManagementManagement and Supervision
ETSI IoT Security Workshop
![Page 13: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/13.jpg)
13
Summary
ETSI IoT Security Workshop 13
• The regulations for IoT Security are yet to come
• Intentions are for critical infrastructure, classified levels of security
protection, information security and core technologies
![Page 14: IoTSecurity Policy and Regulation Initiatives in China€¦ · $14,3b sales Nov.11 2015 in Alibaba platform, 60% increase from 2014 The new norm Supply-side reform ETSI IoT Security](https://reader033.vdocument.in/reader033/viewer/2022042311/5ed9e640a5592118f234328c/html5/thumbnails/14.jpg)
14
Open, Transparent, Cooperative
Thank You