measures for the administration of water conservancy network security issued by the ministry of water resources (for trial implementation)

Posted by trammel at 2020-04-08

19:30, August 17, 2019 source: Ministry of water resources website

In order to implement the general secretary Xi Jinping's strategic thinking of network power, according to the "People's Republic of China network security law", the Ministry of water resources network office organized the "water conservancy network safety management measures (Trial Implementation)" (hereinafter referred to as the "measures"), and recently issued through trial. E Jingping, Minister of the Ministry of water resources, attaches great importance to the formulation of the measures, has repeatedly given instructions and instructions, proposed to grasp the "key" of finding problems by practical means and the "key" of punishment, highlighted the problem orientation, and formulated the measures around the main line of "what to do - who to do - how to do - how to punish if not well done".

The measures include six chapters: General principles, network security planning and construction, network operation security, monitoring, early warning and emergency response, supervision, assessment and accountability, and supplementary provisions. The measures pointed out that the water conservancy network security follows the policy of "active utilization, scientific development, management according to law, and safety assurance", establishes three mechanisms: timely detection of loopholes, timely and effective disposal of loopholes and strict accountability, ensures that the network security level protection system is implemented simultaneously in the water conservancy informatization planning and construction, and defines the network security responsibility in the operation stage. Centering on the links of investigation, reform and punishment, the measures strengthen the use of objective and effective methods such as attack and defense drill, penetration test and online monitoring to find problems; conduct in-depth evaluation and analysis of the causes of problems, take measures such as repairing loopholes, system upgrading, deployment of protective measures, and improvement of management system for effective disposal and rectification; clarify the main body and principle of responsibility investigation, and refine the order Rectification, warning interview, notification and criticism as well as suggestions on administrative sanctions and organizational treatment and other investigation methods will combine the importance of water conservancy network security protection object with the severity of network security incidents to quantify the investigation items. For those who cause serious losses and harm and do not change after repeated education, they will be punished severely until they are investigated for administrative and legal responsibilities.

The method highlights the problem orientation. For 41.5% of the problems found in the attack and defense drill of the Ministry of water resources this year, which are caused by the failure to implement the requirements of network security level protection in the planning and construction stage of information projects, and 58.5% of the problems caused by the inadequate management in the operation stage, targeted and effective solutions are defined. At the same time, through the two chapters of "network security planning and construction" and "network operation security", the measures defines the specific tasks and responsible units, establishes the safety management and control specifications for the whole life cycle of information system, effectively solves the above problems, and ensures that the measures are practical and effective. Ye Jianchun, vice minister, stressed the need to strengthen the implementation of the measures, and asked the network information office of the Ministry to select some units directly under the Ministry to carry out the network security penetration test in the near future. For the problems found in the penetration test, on the basis of the notification of rectification, combined with the on-site inspection of network security, the responsibility shall be investigated according to the measures.

The measures provide guidelines and basis for the strong supervision of network security in the water conservancy industry, which is an important measure to improve the water conservancy network security assurance system and enhance the ability of water conservancy network security protection.