北京邮电大学学报(社科版) ›› 2017, Vol. 19 ›› Issue (6): 54-62.

• 互联网治理与法律 • 上一篇    下一篇

信息共享机制下的网络安全信息界定

  

  1. 北京邮电大学 人文学院,北京100876
  • 收稿日期:2017-07-11 出版日期:2017-12-30

Definition of Network Security Information under Information Sharing Mechanism

  1. School of Humanities, Beijing University of Posts and Telecommunications,
    Beijing 100876,China
  • Received:2017-07-11 Online:2017-12-30

摘要:  关键信息基础设施的运行安全是网络安全的重要内容之一,新出台的《网络安全法》及《关键信息基础设施安全保护条例(征求意见稿)》强调了包括网络安全信息共享在内的关键信息基础设施保护制度。然而,这些法律法规并没有对网络安全信息的范围、内涵作出具体规定。构建共享制度具体内容的前置性条件是清晰的网络安全信息概念,概念的界定决定了共享形式和路径的选择。网络安全信息的认定应当以关键信息基础设施的运行安全为基础。概括式的定义能够指引相关主体正确判断需要共享的安全信息,对信息的内容和性质提出具体要求有助于真正实现信息的有效沟通和交流。此外,不宜作出兜底性条款的规定,这会将已经清晰的概念再度模糊化,存在侵犯相关主体法律权利的可能性。概念的具体规定应当能够说明关键信息基础设施的安全态势,这既包括潜在的网络安全威胁,也包括应对重大网络安全事件的应急响应。

关键词: 关键信息基础设施, 网络安全信息, 运行安全, 认定标准

Abstract:  Critical information infrastructure operation security is one of the important contents of cyber security Cyber Security Law and Critical Information Infrastructure Protection (Draft Regulations) emphasize critical information infrastructure protection system including cyber security information sharing However, China has not made specific provisions on the scope and connotation of the cyber security information Prerequisite condition for the construction of sharing system is to clarify the definition of cyber security information The definition decides the choice of sharing form and path Meanwhile, accreditation of cyber security information should be based on safety operation of the critical information infrastructure (CII) The generalized definition can guide the relevant subjects to correctly judge the security information that needs to be shared The specific requirements towards information content and nature could contribute to the effective communication In addition, miscellaneous provisions are not preferable because these provisions will blur the concepts, increasing the possibility of legal rights infringement Specific provisions of the concept should demonstrate the security situation of CII, including both potential cyber security threats and emergency response to major cyber security incidents

Key words:  critical information infrastructure, cyber security information, operation safety, accreditation standards

中图分类号: