Photo via Pixabay.com

With China’s first cyber threat intelligence platform up and running, the nation’s cyber defense capability that has been ever growing in the past decade sees new strength.

The platform, known as CNTIC, or China National cyber Threat Intelligence Collaboration, was established in 2017 by Chinese government bodies and eight leading domestic cyber security companies, such as 360 Enterprise Security Group and NSFocus Information Technology (NSFOCUS). Top national institutes including the National Computer Network Emergency Response Technical Team, better known as CNCERT, also pooled their resources.

“The platform can solve problems like data isolation and fragmentation. Through data collection and analysis, high-value intelligence can be formed and shared among the nation for better cyber defense,” Liu Baoxu, director of CNTIC at the Institute of Information Engineering under the Chinese Academy of Sciences, told People’s Daily Overseas Social Media on the sideline of Threat Intelligence Ecology Conference in Beijing on Thursday.

According to Liu, CNTIC currently has access to 200 threat intelligence (TI) sources, with nearly 100 billion pieces of information available. While welcoming more data inputs, the platform has already started its services.

TI, according to Techopedia, is the in-depth analysis of potential computer and network security threats to an organization. The more information gathered, the easier for a company to take proper action against a threat. It goes beyond any particular company, since it can cast a wider net with more cooperation.

Under the guidance of CNCERT, the Threat Intelligence Ecology Conference was the first high-level conference on TI to be held in China, after years of seminar-level discussions on the topic.

The concept of TI came to China in 2015 amid the nation’s rising awareness of reacting proactively to cyber threats, instead of reacting passively to threats from ransomware and Trojan horses for instance.

The call to strengthen intelligence sharing was proposed by President Xi Jinping on April 19, 2016, during a seminar on cybersecurity and informatization.

President Xi said it is important to establish a unified and efficient network security risk reporting mechanism, an intelligence sharing mechanism, and a research and judgment disposal mechanism. Specifically, the president said that intelligence sharing mechanism should be co-established by government and enterprises to make full use of the vast amount of cybersecurity information.

One year later, on June 1, 2017, China’s first Cybersecurity Law came into effect, marking a momentous boost to the cyber industry. In October 2018, China also issued the nation’s first national standards on TI issues, sharing, and applications to further regulate the business and market.

However, some companies tend to withhold their data while asking for more from others. It is therefore important to build up a healthy threat intelligence ecology so that all parties concerned can enjoy their benefit, Liu noted.

In addition, Pan Guanyuan, a cybersecurity official with the Ministry of Public Security, said at the conference that AI cannot replace a high-level intelligence analyst, so it is urgent to train high-level TI analysts who are adept at data collection and analysis.

“National standards and the industry’s call for the construction of an ecology are to facilitate TI sharing across the industry. It is also international practice to set up a national-level TI platforms or form company alliances for TI sharing. The fact that China has attached greater significance to cyber defense from top to bottom over the years has gradually had an effect on society and the economy, with the nation’s cyber security awareness on the rise,” Austin Zhao Weijing, a research manager with IDC Consulting China, told People’s Daily Overseas Social Media.

“Compared with other countries, China’s TI platform construction holds some advantages, but compared to the United States, we remain relatively weaker, by which I mean we do not possess intelligence on a global basis, only domestically,” Wu Yunkun, president of 360 Enterprise Security Group, told People’s Daily Overseas Social Media.

Back in the early 2000s, cyber defense in China used to be checkup-oriented, as government bodies and companies only take actions in accordance to checkup requirements only. As the nation moves forward with information and internet technology, the complex and constant menaces facing everybody gradually turns passive defense into proactive measures, including situation awareness (SA), Wu introduced at the conference.

Currently, China’s cyber defense construction has entered a new stage where opportunities sprout along with new technologies, from cloud services and big data to the Internet of Things (IoT), according to Wu.

“This is where we are expected to outrun the others, that is, if we can make cybersecurity the priority during project design, construction, and management,” he added.