Tag Archives: China’s Informatization – 中國信息化

中國新的網絡安全法 // Internet Security Law of the People ‘s Republic of China

Table of Contents

Chapter 1 General Provisions

Chapter 2 Network Security Support and Promotion

Chapter 3 Network Operation Safety

Section 1 General Provisions

SECTION 2: Operational safety of key information infrastructures

Chapter 4 Network Information Security

Chapter 5 Monitoring Early Warning and Emergency Handling

Chapter VI Legal Liability

Chapter VII Supplementary Provisions

Chapter 1 General Provisions

The first order to protect network security , safeguard cyberspace sovereignty and national security , public interests , protection of citizens , legal persons and other organizations , to promote the healthy development of economic and social information , this law is enacted .

Article in the territory of People’s Republic of China construction , operation , maintenance and use of the network , as well as supervision and management of network security , this Law shall apply .

Third countries adhere to both network security and information technology development , follow the active use , scientific development , according to management , to ensure the safety policy , promote the network infrastructure construction and interoperability , to encourage innovation and application of network technology , to support the development of network security personnel , Establish and improve the network security system , improve network security protection .

Article 4 The State shall formulate and continuously improve the network security strategy , clearly define the basic requirements and main objectives of the network security , and put forward the network security policies , tasks and measures in the key areas .

Article 5 The State shall take measures to monitor , defend and dispose of network security risks and threats arising from the territory of the People’s Republic of China , protect the critical information infrastructure from attack , intrusion , interference and destruction , punish the network for criminal activities and maintain the network Space security and order .

Article 6 The State shall promote the network behavior of honesty and trustworthiness , health and civilization , promote the dissemination of socialist core values , and take measures to raise the awareness and level of cybersecurity in the whole society and form a favorable environment for the whole society to participate in promoting network security .

Article VII countries active in cyberspace governance , network technology research and standards development , the fight against international exchange and cooperation network and other crimes , to promote the building of peace , security , open , cooperative cyberspace , multilateral , democratic , transparent network Governance system .

Article VIII of the National Network Information Department is responsible for co-ordination network security and related supervision and administration . State Council department in charge of telecommunications , public security departments and other relevant authorities in accordance with this Law and other relevant laws , administrative regulations , responsible for network security and supervision and administration within their respective areas of responsibility .

Local people’s governments above the county level of network security and regulatory functions , determined in accordance with relevant state regulations .

Article IX network and service operators to carry out business activities , must abide by laws , administrative regulations , respect social ethics , abide by business ethics , honesty and credit , fulfill the obligation to protect network security , and accept the supervision of government and society , social responsibility .

Article X build , operate or provide network services through a network , it should be in accordance with laws , regulations and national standards and administrative regulations of mandatory requirements , technical measures and other necessary measures , to ensure network security , stable operation , to effectively deal with network security incidents , Prevent cyber criminal activities , maintain the integrity of network data , confidentiality and usability .

Article XI network-related industry organizations accordance with the constitution , strengthen self-discipline , to develop guidelines for network security behavior , guide members to strengthen network security , increase network security levels , and promote the healthy development of the industry .

Article XII of the State protection of citizens , legal persons and other organizations the right to use the network in accordance with law , the promotion of universal access network , improve network service levels , and provide safe , convenient network services , to protect the free flow of network information according to law and orderly .

Any person and organization using the network should abide by the constitutional law , abide by the public order , respect social morality , not endanger the network security , shall not use the network to endanger national security , honor and interests , incite subversion of state power , overthrow the socialist system , incitement to split the country , The destruction of national unity , the promotion of terrorism , extremism , the promotion of national hatred , ethnic discrimination , the dissemination of violence , obscene pornography , fabricating and disseminating false information to disrupt economic order and social order , and infringe upon the reputation , privacy , intellectual property and other legitimate rights and interests of others And other activities .

Article XIII countries to support research and development is conducive to healthy growth of minors networking products and services , punishing minors using the Internet to endanger physical and mental health activities according to law , to provide security for minors , healthy network environment .

Article 14 Any individual or organization shall have the right to report to the network , telecommunications , public security and other departments that are harmful to the safety of the Internet . The department that receives the report shall handle it in a timely manner and if it does not belong to the duties of the department , it shall promptly transfer the department to be handled .

The relevant departments shall keep the relevant information of the whistleblower and protect the legitimate rights and interests of the whistleblower .

Chapter 2 Network Security Support and Promotion

Article 15 The State shall establish and improve the network security standard system . The department in charge of standardization of the State Council and other relevant departments under the State Council shall, in accordance with their respective duties , organize and formulate and revise the national standards and industry standards for network security management and network products , services and operation safety .

National support enterprises , research institutions , colleges and universities , network-related industry organizations to participate in network security national standards , industry standards .

Article 16 The State Council and the people’s governments of provinces , autonomous regions and municipalities directly under the Central Government shall make overall plans , increase investment , support key network security technology industries and projects , support the research and development and application of network security technology , promote safe and reliable network products and services , Protection of network technology intellectual property rights , support enterprises , research institutions and colleges and universities to participate in national network security technology innovation projects .

Article 17 The State shall promote the construction of a social security service system for network security and encourage the relevant enterprises and institutions to carry out safety services such as network security certification , testing and risk assessment .

Article 18 The State encourages the development of network data security protection and utilization technology to promote the opening of public data resources and promote technological innovation and economic and social development .

State support innovative network security management , the use of new network technologies , enhance network security level .

Article XIX governments at all levels and relevant departments should organize regular network security education , and guidance , and urge the relevant units to do network safety publicity and education work .

The mass media should be targeted to the community for network security publicity and education .

Article 20 The State shall support enterprises and institutions of higher education , vocational schools and other educational and training institutions to carry out network safety-related education and training , and adopt a variety of ways to train network security personnel and promote the exchange of network security personnel .

Chapter 3 Network Operation Safety

Section 1 General Provisions

Article 21 The State shall implement a system of network security protection . Network operators should be in accordance with the requirements of the network security level protection system , perform the following security obligations , to protect networks from interference , damage or unauthorized access , preventing data leakage or stolen , tampered with :

( 1 ) to formulate internal safety management systems and operating procedures , to determine the network security responsible person , the implementation of network security protection responsibility ;

( 2 ) to take precautions against computer viruses and network attacks , network intrusion and other hazards of network security behavior of technical measures ;

( 3 ) to take technical measures to monitor and record the operation status of the network and the network security incident , and to keep the relevant network log in accordance with the regulations for not less than six months ;

( D ) to take data classification , important data backup and encryption and other measures ;

( 5 ) other obligations stipulated by laws and administrative regulations .

Article 22 The network products and services shall conform to the mandatory requirements of the relevant national standards . Network products , service providers may not set up malicious programs ; found their network products , services, security defects , loopholes and other risks , should immediately take remedial measures , in accordance with the provisions of the timely notification of the user and report to the relevant authorities .

The providers of network products and services shall provide continuous maintenance of their products and services ; they shall not terminate the provision of safety maintenance within the time limit prescribed by the parties or the parties .

Network products , services with the collection of user information function , the provider should be clear to the user and obtain consent ; involving the user’s personal information , but also should comply with this law and the relevant laws and administrative regulations on personal information protection requirements .

Article 23 The network of key equipment and network security specific products should be in accordance with national standards of mandatory requirements , qualified by the agency safety certification or qualified safety testing to meet the requirements after , before they sell or provide . The State Network letter department in conjunction with the relevant departments of the State Council to develop and publish network key equipment and network security products directory , and promote safety certification and safety testing results mutual recognition , to avoid duplication of certification , testing .

Article 24 The network operator shall handle the services such as network access , domain name registration service , fixed telephone and mobile telephone , or provide services such as information release and instant messaging , and enter into an agreement with the user or confirm the service when , should be required to provide true user identity information . If the user does not provide the true identity information , the network operator shall not provide the relevant service .

National implementation trusted identity network strategy , to support research and development of safe , convenient electronic authentication technology , to promote mutual recognition between different electronic authentication .

Article 25 network operators shall develop network security emergency response plan , timely disposal system vulnerabilities , computer viruses , network attacks , security risks and other network intrusions ; in the event of the occurrence of the harm network security , immediately launched the emergency plan , take the appropriate remedial measures , and report to the relevant authorities in accordance with the provisions .

Article 26 to carry out certification of network security , detection , risk assessment and other activities , released to the public system vulnerabilities , computer viruses , network attacks , network intrusions and other network information security , should comply with the relevant provisions of the State .

Article 27 No individual or organization may not engage in illegal intrusion into networks of others , interfere with the normal function of the network of others , active network data theft and other hazards network security ; not provide specifically for the network in the invasion , interfere with the normal function of the network and protective measures , theft Network data and other activities that endanger the network security activities , tools ; knowing that others engaged in activities that endanger network security , not to provide technical support , advertising , payment and settlement help .

Article 28 The network operators shall provide technical support and assistance to the public security organs and the state security organs to safeguard the national security and the investigation of crimes according to law .

Article 29 The State supports between network operators to collect information on network security , analysis , reporting and emergency response and other aspects of cooperation , to improve the security capabilities of network operators .

Relevant industry organizations to establish and improve network security norms and mechanisms for cooperation in this sector , to strengthen the analysis and evaluation of network security risks , regularly risk warning to the members , to support , to assist members to deal with network security risks .

Article 30 Network and Information Department and relevant information acquired in the performance of network security protection responsibilities , only for the need to maintain network security , shall not be used for other purposes .

SECTION 2: Operational safety of key information infrastructures

Article 31 The state public communication and information services , energy , transportation , water conservancy , finance , public services , e-government and other important industries and fields , as well as other once destroyed , the loss of functionality or data leakage , could seriously endanger national security , people’s livelihood , the critical information infrastructure of public interest , on the basis of network security protection system on , special protection . The specific scope and safety protection of key information infrastructure shall be formulated by the State Council .

The country encourages network operators outside key information infrastructures to participate voluntarily in critical information infrastructure protection systems .

Article 32 in accordance with the division of duties prescribed by the State Council , responsible for the protection of critical information infrastructure security departments are working to formulate and implement the industry , the art of critical information infrastructure security planning , guidance and supervision of the safe operation of critical information infrastructure protection Work .

Article 33 The construction of the critical information infrastructure to support business should ensure it has a stable , continuous operation performance , and technical measures to ensure the safety synchronized planning , simultaneous construction , simultaneous use .

Article 34 In addition to the provisions of Article 21 of this Law , critical information infrastructure operators shall perform the following security obligations :

( A ) set up a special safety management and safety management agency in charge of people , and the negative security background screening of responsibility and the key staff positions ;

( 2 ) regularly carry out network security education , technical training and skills assessment for employees ;

( Iii ) disaster recovery of critical systems and databases ;

( D ) the development of network security incident contingency plans , and regular exercise ;

( 5 ) other obligations stipulated by laws and administrative regulations .

Article 35 Where a operator of a key information infrastructure purchases a network of products and services that may affect the safety of the State , it shall pass the national security review organized by the State Network Department in conjunction with the relevant departments of the State Council .

Article 36 of the critical information infrastructure of network operators purchasing products and services , shall sign a confidentiality agreement with the security provider in accordance with the provisions , clear security and confidentiality obligations and responsibilities .

Article 37 Personal information and important data collected and produced by operators of key information infrastructure operators in the territory of the People’s Republic of China shall be stored in the territory . Due to business needs , do need to provide to the outside , should be in accordance with the State Network letter department in conjunction with the relevant departments of the State Council to develop a safety assessment ; laws and administrative regulations otherwise provided , in accordance with its provisions .

Article 38 critical information infrastructure operator shall himself or entrust their network security services and the possible risk of network security test and evaluation carried out at least once a year , and will assess the situation and improve the detection measures submitted to the responsible Key information Infrastructure Security protection work .

Article 39 The State Network Letters shall coordinate the relevant departments to take the following measures for the protection of key information infrastructures :

( A ) the security risk of critical information infrastructure will be random testing , suggest improvements , can be entrusted network security services when necessary for the existence of network security risk assessment to detect ;

( 2 ) to organize the operators of key information infrastructures on a regular basis to conduct network security emergency drills to improve the level and coordination capability of responding to network security incidents ;

( 3 ) to promote the sharing of network security information between the relevant departments and operators of key information infrastructures and relevant research institutions and network security services ;

( Four ) emergency response network security incidents and recovery network functions, etc. , to provide technical support and assistance .

Chapter 4 Network Information Security

Article 40 network operators should collect information on its users strictly confidential , and establish and improve the user information protection system .

Article 41 Where a network operator collects or uses personal information , it shall follow the principles of lawfulness , reason and necessity , publicly collect and use the rules , expressly collect and use the purpose , manner and scope of the information and agree with the collectors .

Services unrelated to the personal information of the network operator shall not collect its offer , shall not violate laws , administrative regulations and bilateral agreements to collect , use of personal information , and shall be in accordance with laws , administrative regulations and the agreement with the user , process save Of personal information .

Article 42 network operators shall not be disclosed , tampering , destruction of personal information it collects ; without the consent of the collectors , may not provide personal information to others . However , except that processing does not recognize a particular person and can not be recovered .

The network operator shall take technical measures and other necessary measures to ensure that the personal information collected by it is safe to prevent leakage , damage and loss of information . Or may occur in the event of leakage of personal information , damage , time lost the case , it should take immediate remedial measures , in accordance with the provisions promptly inform the user to the relevant competent authorities report .

Article 43 personal discovery network operators violate laws , administrative regulations or bilateral agreements to collect , use their personal information , the right to require network operators to delete their personal information ; find network operators to collect , store their personal The information is wrong , the right to require the network operator to be corrected . The network operator should take action to remove or correct it .

Article 44 No individual or organization may steal or acquire personal information in any other illegal manner and may not illegally sell or illegally provide personal information to others .

Article 45 The departments and their staff members with network security supervision and administration according to law , must be aware of personal information in carrying out their duties , privacy and trade secrets strictly confidential , shall not disclose , sell or illegally available to others .

Article 46 No individual or organization shall be responsible for the use of network behavior , not set up to commit fraud , to teach criminal methods , production or sale of prohibited items , sites illegal and criminal activities of controlled items, etc. , communication groups , should not be used Internet publishing involves the implementation of fraud , the production or sale of prohibited items , control of goods and other criminal activities of the information .

Article 47 network operators should strengthen the management of information published by its users , we found that laws , administrative regulations prohibit the release or transfer of information , should immediately stop the transmission of the information , to take measures to eliminate the disposal, etc. , to prevent the diffusion of information , save The relevant records and report to the relevant authorities .

Article 48 electronic information sent by any individual and organization , application software provided , shall set up a malicious program , shall not contain laws , administrative regulations prohibit the release or transfer of information .

Send electronic information service providers and application software download service provider , shall perform the safety management obligations , know that the user is under the aforesaid acts , it should stop providing services , to take measures to eliminate the disposal, etc. , keep the relevant records , and the relevant authorities Report .

Article 49 The network operators shall establish information such as complaints and reporting systems for network information security , announce complaints and report methods, and promptly accept and handle complaints and reports on the security of network information .

Supervision and inspection network operators to network and Information Department and relevant departments according to law , shall cooperate .

Article 50 National Grid and other departments concerned to fulfill the letter of network information security supervision and administration according to law , found legal , information and administrative regulations prohibit the release or transfer , should be required to stop the transmission network operator , to take measures to eliminate the disposal, etc. , keep the relevant records ; the above information comes from outside the People’s Republic of China , it shall notify the relevant agencies to take technical measures and other necessary measures to interrupt transmission .

Chapter 5 Monitoring Early Warning and Emergency Handling

Article 51 The State shall establish a network security monitoring and early warning and information communication system . The national network letter department should coordinate the relevant departments to strengthen the network security information collection , analysis and notification work , in accordance with the provisions of unified release of network security monitoring and early warning information .

Article 52 is responsible for critical information infrastructure security affairs , shall establish and improve the industry , network security monitoring and early warning and communications systems in the art , and network security monitoring and early warning information submitted in accordance with the provisions .

Article 53 National Grid and Information Department to coordinate relevant departments to establish and improve network security risk assessment and emergency response mechanisms , the development of network security emergency response plan , and regular exercise .

Responsible for key information infrastructure security work departments should develop the industry , the field of network security incident contingency plans , and regularly organize exercises .

Network security emergency response plan should be in accordance with the degree of harm after the incident , the network security incidents were graded sphere of influence and other factors , and provides the appropriate emergency measures .

Article 54 of network security event that occurs when the risk increases , the provincial people’s governments shall, in accordance with statutory authorities and procedures , and the characteristics of the network security risks and possible harm , take the following measures :

( A ) asked the relevant authorities , institutions and personnel timely collection , reporting information , strengthening the monitoring of network security risks ;

( Two ) organizational departments , agencies and professionals , network security risk assessment information for analysis , predicting the likelihood of events , the scope and extent of harm ;

( C ) to the community release network security risk early warning , release to avoid , reduce the harm measures .

Article 55 of network security incidents , should immediately start emergency response plan network security , network security incident investigation and assessment , require network operators to take technical measures and other necessary measures , to eliminate safety hazards , prevent harm to expand , and in a timely manner Publish public-related warning messages to the community .

Article 56 above the provincial level people’s governments in the implementation of network safety supervision and management responsibilities , found that there is a big security risk or network security incidents , be in accordance with the authority and procedures of the legal representative of the network operator’s Person or main person in charge . The network operator shall take measures as required and carry out rectification and rectification to eliminate the hidden danger .

Article 57 because of network security incidents , the occurrence of unexpected events or production safety accidents , should be in accordance with the ” Emergency Response Law of People’s Republic of China “, ” Production Safety Law of People’s Republic of China ,” the relevant laws and so on , disposal and administrative regulations The

Article 58 for the maintenance of national security and public order , require major emergency incidents disposal of social security , the State Council decision or approval , can take temporary measures such as limiting network traffic in a particular area .

Chapter VI Legal Liability

Article 59 Where the network operator fails to perform the obligations of the network security protection stipulated in Article 21 and Article 25 of this Law , the relevant competent department shall order it to make corrections and give a warning ; refusing to correct or cause harm to the network security and other consequences of , at 100,000 yuan fine of $ 10,000 or more , the person directly responsible for the 50,000 yuan fine of $ 5,000 or more .

If the operator of the key information infrastructure fails to perform the obligations of the network security protection as prescribed in Article 33 , Article 34 , Article 36 and Article 38 of this Law , the relevant competent department shall order it to make corrections and give a warning ; refuse to correct or cause harm network security consequences , at 1,000,000 yuan fine of $ 100,000 or more , the person directly responsible for at 100,000 yuan fine of $ 10,000 or more .

Article 60 in violation of the first paragraph of Article 22 of this Law , (2) and the first paragraph Article 48 , any of the following acts , ordered by the competent department of corrections , give a warning ; refuse to correct Or cause harm to the network security and other consequences , at 50,000 yuan to more than 500,000 yuan fine , the person in charge directly responsible for more than 10,000 yuan more than 100,000 yuan fine :

( A ) set up malicious programs ;

( Two ) of their products , security flaws services , risk exposure and other remedial measures are not taken immediately , or failing to promptly inform the user of the report to the relevant authorities ;

( 3 ) to terminate the security of its products and services .

Article 61 network operators who violate the provisions of Article 24 first paragraph , did not require users to provide real identity information , or provide related services for the user does not provide real identity information , by the competent authorities ordered to make corrections ; or refuse to correct the circumstances are serious , at five hundred thousand fine of $ 50,000 or more , and may be ordered by the competent authorities to suspend the relevant business , ordered to stop , to close the site , revoke the relevant business license or business license revoked , directly responsible for The person in charge and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan .

Article 62 in violation of Article 26 of this Law , to carry out certification of network security , detection , risk assessment and other activities , or to the public distribution system vulnerability , computer viruses , network attacks , network intrusions and other network security information , by the relevant the competent department shall order correction , given a warning ; refuse to correct or circumstances are serious , at 100,000 yuan fine of $ 10,000 or more , and may be ordered by the competent authorities to suspend the relevant business , ordered to stop , to close the site , revoked or related business license revoke the business license , the persons in charge and other directly responsible personnel directly responsible for 50,000 yuan fine of $ 5,000 or more .

Article 63 violation of Article 27 of this Law , engaged in activities that endanger network security , or to provide dedicated program to endanger network security activities , tools , technical support, or to endanger the security of network activity for others , advertising , payment settlement and other help , not constitute a crime , the public security authorities confiscate the illegal income , 5 days detention , can fine of over 50,000 yuan to 500,000 yuan fine ; the circumstances are serious , at least five days 15 days of detention , and may impose a fine of not less than 100,000 yuan but not more than one million yuan .

Units with the conduct of , the public security authorities confiscate the illegal income , at a fine of one million yuan more than 100,000 yuan , and directly in charge and other directly responsible personnel shall be punished in accordance with the preceding paragraph .

Violation of Article 27 of this Law , subject to administrative penalties for public security personnel , shall not engage in network security management and network operators work in key positions within five years ; people subject to criminal punishment , he may not engage in key positions in operations and network security management network Work .

Article 64 A provider of a network operator , a network product or service shall , in violation of the provisions of Article 22 , paragraph 3 , and Article 41 to Article 43 of this Law , violate the right of the personal information to be protected according to law , ordered to make corrections by the competent authorities , can be a warning or a fine according to the seriousness single office , confiscate the illegal income , illegal income more than doubled a fine of ten times , there is no illegal income , at a fine of one million yuan , directly responsible Supervisors and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan ; if the circumstances are serious , they may order to suspend the relevant business , suspend business for rectification , close the website , revoke the relevant business license or revoke the business license .

Violation of the provisions of Article 44 of this Law , theft or other illegal means to obtain , illegally sell or illegally provide personal information to others , does not constitute a crime , the public security organs confiscated the illegal income , and more than double the illegal income ten times If there is no illegal income , a fine of not more than one million yuan shall be imposed .

Article 65 of the critical information infrastructure of operators in violation of the provisions of Article 35 of this Law , used without safety review or not to review the security of the network through a product or service , by the competent authorities ordered to stop using , at the purchase amount More than ten times the fine ; the person directly in charge and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan .

Article 66 critical information infrastructure operators in violation of the provisions of Article 37 of this Law , outside the network data storage , or network data provided to the outside , ordered to make corrections by the competent authorities , be given a warning , confiscate the illegal income , of fifty yuan fine of $ 50,000 or more , and may be ordered to suspend the business , ordered to stop , to close the site , revoke the relevant business license or revoke the business license ; in charge and other directly responsible personnel directly responsible yuan and not Fine of not more than 100,000 yuan .

Article 67 in violation of the provisions of Article 46 of this Law , the website set up for the implementation of criminal activities , distribution group , or use the Internet release of information related to the implementation of criminal activities , does not constitute a crime , the public security organs 5 days detention , can impose a fine of 100,000 yuan ; the circumstances are serious , at least five days custody for 15 days or less , you can fine of over 50,000 yuan to 500,000 yuan fine . Close the website for the implementation of criminal activities , communication groups .

If the unit has the preceding paragraph , the public security organ shall be fined not less than 100,000 yuan but not more than 500,000 yuan , and shall be punished in accordance with the provisions of the preceding paragraph for the person directly in charge and other directly responsible persons .

Article 68 network operators in violation of the provisions of Article 47 of this Law , legal , administrative regulations prohibit the release or transfer of information transmission is not stopped , to take measures to eliminate the disposal, etc. , keep the relevant records , ordered by the competent department of corrections , given a warning , confiscation of illegal gains ; refuse to correct or circumstances are serious , at 500,000 yuan more than 100,000 yuan , and can be ordered to suspend the relevant business , ordered to stop , to close the site , revoke the relevant business license or business license revoked , A fine of not less than 10,000 yuan but not more than 100,000 yuan shall be imposed on the person directly in charge and other directly responsible persons .

Electronic messaging services provider , application software download service providers , non-compliance and safety management obligations specified in the second paragraph of Article 48 of this Law , in accordance with the preceding paragraph shall be punished .

Article 69 network operators in violation of the provisions of this Act , any of the following acts , by the competent authorities shall order rectification ; refuse to correct or circumstances are serious , at 500,000 Yuan more than 50,000 yuan , directly responsible for the charge and other directly responsible personnel , at one million yuan to 100,000 yuan fine :

( A ) not in accordance with the requirements of the relevant departments of the law , administrative regulations prohibit the release or the information’s transmission , taken to stop transmission , disposal measures to eliminate such ;

( 2 ) refusing or hindering the supervision and inspection carried out by the relevant departments according to law ;

( 3 ) refusing to provide technical support and assistance to the public security organs and the state security organs .

Article 70 issued or transmitted in Article 12 (2) and other laws , administrative regulations prohibit the release or transfer of information , in accordance with relevant laws , penalties and administrative regulations .

Article 71 of this Law prescribed offenses , in accordance with relevant laws , administrative regulations credited to the credit files , and to be publicized .

Article 72 Where an operator of a government organ of a state organ fails to perform its obligations under the provisions of this Law , it shall be ordered by its superior organ or the relevant organ to make corrections , and the directly responsible person in charge and other directly responsible persons shall be punished according to law .

Article 73 Network and Information Department and relevant departments in violation of the provisions of Article 30 of this Law , the information acquired in the performance of network security protection responsibilities for other purposes , given to the persons in charge and other directly responsible personnel directly responsible according to law Punish .

The network department and the relevant departments of the staff neglected duty , abuse of power , favoritism , does not constitute a crime , according to the law to give punishment .

Article 74 Whoever , in violation of the provisions of this Law , causes damage to others , shall bear civil liability according to law .

Violation of the provisions of this Law , constitute a violation of public security management behavior , according to the law to give security management punishment ; constitute a crime , shall be held criminally responsible .

Article 75 The organs , organizations and individuals engaged in activities , such as attack , intrusion , interference or destruction , which violate the key information infrastructure of the People’s Republic of China , cause serious consequences, and shall hold legal liabilities according to law ; the public security departments and relevant departments of the State Council the institution may decide , organize , to freeze property or other necessary personal sanctions .

Chapter VII Supplementary Provisions

Article 76 The meaning of the following terms in this Law :

( A ) network , refers to a computer or other information terminals and associated equipment consisting of the information collected in accordance with certain rules and procedures , storage , transmission , switching , the system processing .

( Two ) network security , refers to taking the necessary measures , to prevent attacks on the network , intrusion , interference , destruction and illegal use and accidents , the network is in a state of stable and reliable operation , integrity, and protect network data , privacy , The ability to be available .

( C ) network operators , refers to the network of owners , managers and network service providers .

( D ) network data , refers to the network through the collection , storage , transmission , processing and production of various electronic data .

( Five ) personal information , refer to various identification information can be used alone or in combination with other natural personal identity information electronically recorded or otherwise , including but not limited to a natural person’s name , date of birth , ID number , personal biometric information , Address , telephone number and so on .

Article 77 The storage , processing network information involving state secrets operational security , in addition shall comply with this Act , shall also comply with privacy laws , administrative regulations .

Article 78 security protection of military networks , otherwise provided by the Central Military Commission .

Article 79 of this Law since 2017 6 June 1 from the date of implementation .

Original mandarin Chinese:

目录

第一章总则

第二章网络安全支持与促进

第三章网络运行安全

第一节一般规定

第二节关键信息基础设施的运行安全

第四章网络信息安全

第五章监测预警与应急处置

第六章法律责任

第七章附则

第一章总则

第一条 为了保障网络安全，维护网络空间主权和国家安全、社会公共利益，保护公民、法人和其他组织的合法权益，促进经济社会信息化健康发展，制定本法。

第二条 在中华人民共和国境内建设、运营、维护和使用网络，以及网络安全的监督管理，适用本法。

第三条 国家坚持网络安全与信息化发展并重，遵循积极利用、科学发展、依法管理、确保安全的方针，推进网络基础设施建设和互联互通，鼓励网络技术创新和应用，支持培养网络安全人才，建立健全网络安全保障体系，提高网络安全保护能力。

第四条 国家制定并不断完善网络安全战略，明确保障网络安全的基本要求和主要目标，提出重点领域的网络安全政策、工作任务和措施。

第五条 国家采取措施，监测、防御、处置来源于中华人民共和国境内外的网络安全风险和威胁，保护关键信息基础设施免受攻击、侵入、干扰和破坏，依法惩治网络违法犯罪活动，维护网络空间安全和秩序。

第六条 国家倡导诚实守信、健康文明的网络行为，推动传播社会主义核心价值观，采取措施提高全社会的网络安全意识和水平，形成全社会共同参与促进网络安全的良好环境。

第七条 国家积极开展网络空间治理、网络技术研发和标准制定、打击网络违法犯罪等方面的国际交流与合作，推动构建和平、安全、开放、合作的网络空间，建立多边、民主、透明的网络治理体系。

第八条 国家网信部门负责统筹协调网络安全工作和相关监督管理工作。国务院电信主管部门、公安部门和其他有关机关依照本法和有关法律、行政法规的规定，在各自职责范围内负责网络安全保护和监督管理工作。

县级以上地方人民政府有关部门的网络安全保护和监督管理职责，按照国家有关规定确定。

第九条 网络运营者开展经营和服务活动，必须遵守法律、行政法规，尊重社会公德，遵守商业道德，诚实信用，履行网络安全保护义务，接受政府和社会的监督，承担社会责任。

第十条 建设、运营网络或者通过网络提供服务，应当依照法律、行政法规的规定和国家标准的强制性要求，采取技术措施和其他必要措施，保障网络安全、稳定运行，有效应对网络安全事件，防范网络违法犯罪活动，维护网络数据的完整性、保密性和可用性。

第十一条 网络相关行业组织按照章程，加强行业自律，制定网络安全行为规范，指导会员加强网络安全保护，提高网络安全保护水平，促进行业健康发展。

第十二条 国家保护公民、法人和其他组织依法使用网络的权利，促进网络接入普及，提升网络服务水平，为社会提供安全、便利的网络服务，保障网络信息依法有序自由流动。

任何个人和组织使用网络应当遵守宪法法律，遵守公共秩序，尊重社会公德，不得危害网络安全，不得利用网络从事危害国家安全、荣誉和利益，煽动颠覆国家政权、推翻社会主义制度，煽动分裂国家、破坏国家统一，宣扬恐怖主义、极端主义，宣扬民族仇恨、民族歧视，传播暴力、淫秽色情信息，编造、传播虚假信息扰乱经济秩序和社会秩序，以及侵害他人名誉、隐私、知识产权和其他合法权益等活动。

第十三条 国家支持研究开发有利于未成年人健康成长的网络产品和服务，依法惩治利用网络从事危害未成年人身心健康的活动，为未成年人提供安全、健康的网络环境。

第十四条 任何个人和组织有权对危害网络安全的行为向网信、电信、公安等部门举报。收到举报的部门应当及时依法作出处理；不属于本部门职责的，应当及时移送有权处理的部门。

有关部门应当对举报人的相关信息予以保密，保护举报人的合法权益。

第二章网络安全支持与促进

第十五条 国家建立和完善网络安全标准体系。国务院标准化行政主管部门和国务院其他有关部门根据各自的职责，组织制定并适时修订有关网络安全管理以及网络产品、服务和运行安全的国家标准、行业标准。

国家支持企业、研究机构、高等学校、网络相关行业组织参与网络安全国家标准、行业标准的制定。

第十六条 国务院和省、自治区、直辖市人民政府应当统筹规划，加大投入，扶持重点网络安全技术产业和项目，支持网络安全技术的研究开发和应用，推广安全可信的网络产品和服务，保护网络技术知识产权，支持企业、研究机构和高等学校等参与国家网络安全技术创新项目。

第十七条 国家推进网络安全社会化服务体系建设，鼓励有关企业、机构开展网络安全认证、检测和风险评估等安全服务。

第十八条 国家鼓励开发网络数据安全保护和利用技术，促进公共数据资源开放，推动技术创新和经济社会发展。

国家支持创新网络安全管理方式，运用网络新技术，提升网络安全保护水平。

第十九条 各级人民政府及其有关部门应当组织开展经常性的网络安全宣传教育，并指导、督促有关单位做好网络安全宣传教育工作。

大众传播媒介应当有针对性地面向社会进行网络安全宣传教育。

第二十条 国家支持企业和高等学校、职业学校等教育培训机构开展网络安全相关教育与培训，采取多种方式培养网络安全人才，促进网络安全人才交流。

第三章网络运行安全

第一节一般规定

第二十一条 国家实行网络安全等级保护制度。网络运营者应当按照网络安全等级保护制度的要求，履行下列安全保护义务，保障网络免受干扰、破坏或者未经授权的访问，防止网络数据泄露或者被窃取、篡改：

（一）制定内部安全管理制度和操作规程，确定网络安全负责人，落实网络安全保护责任；

（二）采取防范计算机病毒和网络攻击、网络侵入等危害网络安全行为的技术措施；

（三）采取监测、记录网络运行状态、网络安全事件的技术措施，并按照规定留存相关的网络日志不少于六个月；

（四）采取数据分类、重要数据备份和加密等措施；

（五）法律、行政法规规定的其他义务。

第二十二条 网络产品、服务应当符合相关国家标准的强制性要求。网络产品、服务的提供者不得设置恶意程序；发现其网络产品、服务存在安全缺陷、漏洞等风险时，应当立即采取补救措施，按照规定及时告知用户并向有关主管部门报告。

网络产品、服务的提供者应当为其产品、服务持续提供安全维护；在规定或者当事人约定的期限内，不得终止提供安全维护。

网络产品、服务具有收集用户信息功能的，其提供者应当向用户明示并取得同意；涉及用户个人信息的，还应当遵守本法和有关法律、行政法规关于个人信息保护的规定。

第二十三条 网络关键设备和网络安全专用产品应当按照相关国家标准的强制性要求，由具备资格的机构安全认证合格或者安全检测符合要求后，方可销售或者提供。国家网信部门会同国务院有关部门制定、公布网络关键设备和网络安全专用产品目录，并推动安全认证和安全检测结果互认，避免重复认证、检测。

第二十四条 网络运营者为用户办理网络接入、域名注册服务，办理固定电话、移动电话等入网手续，或者为用户提供信息发布、即时通讯等服务，在与用户签订协议或者确认提供服务时，应当要求用户提供真实身份信息。用户不提供真实身份信息的，网络运营者不得为其提供相关服务。

国家实施网络可信身份战略，支持研究开发安全、方便的电子身份认证技术，推动不同电子身份认证之间的互认。

第二十五条 网络运营者应当制定网络安全事件应急预案，及时处置系统漏洞、计算机病毒、网络攻击、网络侵入等安全风险；在发生危害网络安全的事件时，立即启动应急预案，采取相应的补救措施，并按照规定向有关主管部门报告。

第二十六条 开展网络安全认证、检测、风险评估等活动，向社会发布系统漏洞、计算机病毒、网络攻击、网络侵入等网络安全信息，应当遵守国家有关规定。

第二十七条 任何个人和组织不得从事非法侵入他人网络、干扰他人网络正常功能、窃取网络数据等危害网络安全的活动；不得提供专门用于从事侵入网络、干扰网络正常功能及防护措施、窃取网络数据等危害网络安全活动的程序、工具；明知他人从事危害网络安全的活动的，不得为其提供技术支持、广告推广、支付结算等帮助。

第二十八条 网络运营者应当为公安机关、国家安全机关依法维护国家安全和侦查犯罪的活动提供技术支持和协助。

第二十九条 国家支持网络运营者之间在网络安全信息收集、分析、通报和应急处置等方面进行合作，提高网络运营者的安全保障能力。

有关行业组织建立健全本行业的网络安全保护规范和协作机制，加强对网络安全风险的分析评估，定期向会员进行风险警示，支持、协助会员应对网络安全风险。

第三十条 网信部门和有关部门在履行网络安全保护职责中获取的信息，只能用于维护网络安全的需要，不得用于其他用途。

第二节关键信息基础设施的运行安全

第三十一条 国家对公共通信和信息服务、能源、交通、水利、金融、公共服务、电子政务等重要行业和领域，以及其他一旦遭到破坏、丧失功能或者数据泄露，可能严重危害国家安全、国计民生、公共利益的关键信息基础设施，在网络安全等级保护制度的基础上，实行重点保护。关键信息基础设施的具体范围和安全保护办法由国务院制定。

国家鼓励关键信息基础设施以外的网络运营者自愿参与关键信息基础设施保护体系。

第三十二条 按照国务院规定的职责分工，负责关键信息基础设施安全保护工作的部门分别编制并组织实施本行业、本领域的关键信息基础设施安全规划，指导和监督关键信息基础设施运行安全保护工作。

第三十三条 建设关键信息基础设施应当确保其具有支持业务稳定、持续运行的性能，并保证安全技术措施同步规划、同步建设、同步使用。

第三十四条 除本法第二十一条的规定外，关键信息基础设施的运营者还应当履行下列安全保护义务：

（一）设置专门安全管理机构和安全管理负责人，并对该负责人和关键岗位的人员进行安全背景审查；

（二）定期对从业人员进行网络安全教育、技术培训和技能考核；

（三）对重要系统和数据库进行容灾备份；

（四）制定网络安全事件应急预案，并定期进行演练；

（五）法律、行政法规规定的其他义务。

第三十五条 关键信息基础设施的运营者采购网络产品和服务，可能影响国家安全的，应当通过国家网信部门会同国务院有关部门组织的国家安全审查。

第三十六条 关键信息基础设施的运营者采购网络产品和服务，应当按照规定与提供者签订安全保密协议，明确安全和保密义务与责任。

第三十七条 关键信息基础设施的运营者在中华人民共和国境内运营中收集和产生的个人信息和重要数据应当在境内存储。因业务需要，确需向境外提供的，应当按照国家网信部门会同国务院有关部门制定的办法进行安全评估；法律、行政法规另有规定的，依照其规定。

第三十八条 关键信息基础设施的运营者应当自行或者委托网络安全服务机构对其网络的安全性和可能存在的风险每年至少进行一次检测评估，并将检测评估情况和改进措施报送相关负责关键信息基础设施安全保护工作的部门。

第三十九条 国家网信部门应当统筹协调有关部门对关键信息基础设施的安全保护采取下列措施：

（一）对关键信息基础设施的安全风险进行抽查检测，提出改进措施，必要时可以委托网络安全服务机构对网络存在的安全风险进行检测评估；

（二）定期组织关键信息基础设施的运营者进行网络安全应急演练，提高应对网络安全事件的水平和协同配合能力；

（三）促进有关部门、关键信息基础设施的运营者以及有关研究机构、网络安全服务机构等之间的网络安全信息共享；

（四）对网络安全事件的应急处置与网络功能的恢复等，提供技术支持和协助。

第四章网络信息安全

第四十条 网络运营者应当对其收集的用户信息严格保密，并建立健全用户信息保护制度。

第四十一条 网络运营者收集、使用个人信息，应当遵循合法、正当、必要的原则，公开收集、使用规则，明示收集、使用信息的目的、方式和范围，并经被收集者同意。

网络运营者不得收集与其提供的服务无关的个人信息，不得违反法律、行政法规的规定和双方的约定收集、使用个人信息，并应当依照法律、行政法规的规定和与用户的约定，处理其保存的个人信息。

第四十二条 网络运营者不得泄露、篡改、毁损其收集的个人信息；未经被收集者同意，不得向他人提供个人信息。但是，经过处理无法识别特定个人且不能复原的除外。

网络运营者应当采取技术措施和其他必要措施，确保其收集的个人信息安全，防止信息泄露、毁损、丢失。在发生或者可能发生个人信息泄露、毁损、丢失的情况时，应当立即采取补救措施，按照规定及时告知用户并向有关主管部门报告。

第四十三条 个人发现网络运营者违反法律、行政法规的规定或者双方的约定收集、使用其个人信息的，有权要求网络运营者删除其个人信息；发现网络运营者收集、存储的其个人信息有错误的，有权要求网络运营者予以更正。网络运营者应当采取措施予以删除或者更正。

第四十四条 任何个人和组织不得窃取或者以其他非法方式获取个人信息，不得非法出售或者非法向他人提供个人信息。

第四十五条 依法负有网络安全监督管理职责的部门及其工作人员，必须对在履行职责中知悉的个人信息、隐私和商业秘密严格保密，不得泄露、出售或者非法向他人提供。

第四十六条 任何个人和组织应当对其使用网络的行为负责，不得设立用于实施诈骗，传授犯罪方法，制作或者销售违禁物品、管制物品等违法犯罪活动的网站、通讯群组，不得利用网络发布涉及实施诈骗，制作或者销售违禁物品、管制物品以及其他违法犯罪活动的信息。

第四十七条 网络运营者应当加强对其用户发布的信息的管理，发现法律、行政法规禁止发布或者传输的信息的，应当立即停止传输该信息，采取消除等处置措施，防止信息扩散，保存有关记录，并向有关主管部门报告。

第四十八条 任何个人和组织发送的电子信息、提供的应用软件，不得设置恶意程序，不得含有法律、行政法规禁止发布或者传输的信息。

电子信息发送服务提供者和应用软件下载服务提供者，应当履行安全管理义务，知道其用户有前款规定行为的，应当停止提供服务，采取消除等处置措施，保存有关记录，并向有关主管部门报告。

第四十九条 网络运营者应当建立网络信息安全投诉、举报制度，公布投诉、举报方式等信息，及时受理并处理有关网络信息安全的投诉和举报。

网络运营者对网信部门和有关部门依法实施的监督检查，应当予以配合。

第五十条 国家网信部门和有关部门依法履行网络信息安全监督管理职责，发现法律、行政法规禁止发布或者传输的信息的，应当要求网络运营者停止传输，采取消除等处置措施，保存有关记录；对来源于中华人民共和国境外的上述信息，应当通知有关机构采取技术措施和其他必要措施阻断传播。

第五章监测预警与应急处置

第五十一条 国家建立网络安全监测预警和信息通报制度。国家网信部门应当统筹协调有关部门加强网络安全信息收集、分析和通报工作，按照规定统一发布网络安全监测预警信息。

第五十二条 负责关键信息基础设施安全保护工作的部门，应当建立健全本行业、本领域的网络安全监测预警和信息通报制度，并按照规定报送网络安全监测预警信息。

第五十三条 国家网信部门协调有关部门建立健全网络安全风险评估和应急工作机制，制定网络安全事件应急预案，并定期组织演练。

负责关键信息基础设施安全保护工作的部门应当制定本行业、本领域的网络安全事件应急预案，并定期组织演练。

网络安全事件应急预案应当按照事件发生后的危害程度、影响范围等因素对网络安全事件进行分级，并规定相应的应急处置措施。

第五十四条 网络安全事件发生的风险增大时，省级以上人民政府有关部门应当按照规定的权限和程序，并根据网络安全风险的特点和可能造成的危害，采取下列措施：

（一）要求有关部门、机构和人员及时收集、报告有关信息，加强对网络安全风险的监测；

（二）组织有关部门、机构和专业人员，对网络安全风险信息进行分析评估，预测事件发生的可能性、影响范围和危害程度；

（三）向社会发布网络安全风险预警，发布避免、减轻危害的措施。

第五十五条 发生网络安全事件，应当立即启动网络安全事件应急预案，对网络安全事件进行调查和评估，要求网络运营者采取技术措施和其他必要措施，消除安全隐患，防止危害扩大，并及时向社会发布与公众有关的警示信息。

第五十六条 省级以上人民政府有关部门在履行网络安全监督管理职责中，发现网络存在较大安全风险或者发生安全事件的，可以按照规定的权限和程序对该网络的运营者的法定代表人或者主要负责人进行约谈。网络运营者应当按照要求采取措施，进行整改，消除隐患。

第五十七条 因网络安全事件，发生突发事件或者生产安全事故的，应当依照《中华人民共和国突发事件应对法》、《中华人民共和国安全生产法》等有关法律、行政法规的规定处置。

第五十八条 因维护国家安全和社会公共秩序，处置重大突发社会安全事件的需要，经国务院决定或者批准，可以在特定区域对网络通信采取限制等临时措施。

第六章法律责任

第五十九条 网络运营者不履行本法第二十一条、第二十五条规定的网络安全保护义务的，由有关主管部门责令改正，给予警告；拒不改正或者导致危害网络安全等后果的，处一万元以上十万元以下罚款，对直接负责的主管人员处五千元以上五万元以下罚款。

关键信息基础设施的运营者不履行本法第三十三条、第三十四条、第三十六条、第三十八条规定的网络安全保护义务的，由有关主管部门责令改正，给予警告；拒不改正或者导致危害网络安全等后果的，处十万元以上一百万元以下罚款，对直接负责的主管人员处一万元以上十万元以下罚款。

第六十条 违反本法第二十二条第一款、第二款和第四十八条第一款规定，有下列行为之一的，由有关主管部门责令改正，给予警告；拒不改正或者导致危害网络安全等后果的，处五万元以上五十万元以下罚款，对直接负责的主管人员处一万元以上十万元以下罚款：

（一）设置恶意程序的；

（二）对其产品、服务存在的安全缺陷、漏洞等风险未立即采取补救措施，或者未按照规定及时告知用户并向有关主管部门报告的；

（三）擅自终止为其产品、服务提供安全维护的。

第六十一条 网络运营者违反本法第二十四条第一款规定，未要求用户提供真实身份信息，或者对不提供真实身份信息的用户提供相关服务的，由有关主管部门责令改正；拒不改正或者情节严重的，处五万元以上五十万元以下罚款，并可以由有关主管部门责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照，对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

第六十二条 违反本法第二十六条规定，开展网络安全认证、检测、风险评估等活动，或者向社会发布系统漏洞、计算机病毒、网络攻击、网络侵入等网络安全信息的，由有关主管部门责令改正，给予警告；拒不改正或者情节严重的，处一万元以上十万元以下罚款，并可以由有关主管部门责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照，对直接负责的主管人员和其他直接责任人员处五千元以上五万元以下罚款。

第六十三条 违反本法第二十七条规定，从事危害网络安全的活动，或者提供专门用于从事危害网络安全活动的程序、工具，或者为他人从事危害网络安全的活动提供技术支持、广告推广、支付结算等帮助，尚不构成犯罪的，由公安机关没收违法所得，处五日以下拘留，可以并处五万元以上五十万元以下罚款；情节较重的，处五日以上十五日以下拘留，可以并处十万元以上一百万元以下罚款。

单位有前款行为的，由公安机关没收违法所得，处十万元以上一百万元以下罚款，并对直接负责的主管人员和其他直接责任人员依照前款规定处罚。

违反本法第二十七条规定，受到治安管理处罚的人员，五年内不得从事网络安全管理和网络运营关键岗位的工作；受到刑事处罚的人员，终身不得从事网络安全管理和网络运营关键岗位的工作。

第六十四条 网络运营者、网络产品或者服务的提供者违反本法第二十二条第三款、第四十一条至第四十三条规定，侵害个人信息依法得到保护的权利的，由有关主管部门责令改正，可以根据情节单处或者并处警告、没收违法所得、处违法所得一倍以上十倍以下罚款，没有违法所得的，处一百万元以下罚款，对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款；情节严重的，并可以责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照。

违反本法第四十四条规定，窃取或者以其他非法方式获取、非法出售或者非法向他人提供个人信息，尚不构成犯罪的，由公安机关没收违法所得，并处违法所得一倍以上十倍以下罚款，没有违法所得的，处一百万元以下罚款。

第六十五条 关键信息基础设施的运营者违反本法第三十五条规定，使用未经安全审查或者安全审查未通过的网络产品或者服务的，由有关主管部门责令停止使用，处采购金额一倍以上十倍以下罚款；对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

第六十六条 关键信息基础设施的运营者违反本法第三十七条规定，在境外存储网络数据，或者向境外提供网络数据的，由有关主管部门责令改正，给予警告，没收违法所得，处五万元以上五十万元以下罚款，并可以责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照；对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

第六十七条 违反本法第四十六条规定，设立用于实施违法犯罪活动的网站、通讯群组，或者利用网络发布涉及实施违法犯罪活动的信息，尚不构成犯罪的，由公安机关处五日以下拘留，可以并处一万元以上十万元以下罚款；情节较重的，处五日以上十五日以下拘留，可以并处五万元以上五十万元以下罚款。关闭用于实施违法犯罪活动的网站、通讯群组。

单位有前款行为的，由公安机关处十万元以上五十万元以下罚款，并对直接负责的主管人员和其他直接责任人员依照前款规定处罚。

第六十八条 网络运营者违反本法第四十七条规定，对法律、行政法规禁止发布或者传输的信息未停止传输、采取消除等处置措施、保存有关记录的，由有关主管部门责令改正，给予警告，没收违法所得；拒不改正或者情节严重的，处十万元以上五十万元以下罚款，并可以责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照，对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

电子信息发送服务提供者、应用软件下载服务提供者，不履行本法第四十八条第二款规定的安全管理义务的，依照前款规定处罚。

第六十九条 网络运营者违反本法规定，有下列行为之一的，由有关主管部门责令改正；拒不改正或者情节严重的，处五万元以上五十万元以下罚款，对直接负责的主管人员和其他直接责任人员，处一万元以上十万元以下罚款：

（一）不按照有关部门的要求对法律、行政法规禁止发布或者传输的信息，采取停止传输、消除等处置措施的；

（二）拒绝、阻碍有关部门依法实施的监督检查的；

（三）拒不向公安机关、国家安全机关提供技术支持和协助的。

第七十条 发布或者传输本法第十二条第二款和其他法律、行政法规禁止发布或者传输的信息的，依照有关法律、行政法规的规定处罚。

第七十一条 有本法规定的违法行为的，依照有关法律、行政法规的规定记入信用档案，并予以公示。

第七十二条 国家机关政务网络的运营者不履行本法规定的网络安全保护义务的，由其上级机关或者有关机关责令改正；对直接负责的主管人员和其他直接责任人员依法给予处分。

第七十三条 网信部门和有关部门违反本法第三十条规定，将在履行网络安全保护职责中获取的信息用于其他用途的，对直接负责的主管人员和其他直接责任人员依法给予处分。

网信部门和有关部门的工作人员玩忽职守、滥用职权、徇私舞弊，尚不构成犯罪的，依法给予处分。

第七十四条 违反本法规定，给他人造成损害的，依法承担民事责任。

违反本法规定，构成违反治安管理行为的，依法给予治安管理处罚；构成犯罪的，依法追究刑事责任。

第七十五条 境外的机构、组织、个人从事攻击、侵入、干扰、破坏等危害中华人民共和国的关键信息基础设施的活动，造成严重后果的，依法追究法律责任；国务院公安部门和有关部门并可以决定对该机构、组织、个人采取冻结财产或者其他必要的制裁措施。

第七章附则

第七十六条 本法下列用语的含义：

（一）网络，是指由计算机或者其他信息终端及相关设备组成的按照一定的规则和程序对信息进行收集、存储、传输、交换、处理的系统。

（二）网络安全，是指通过采取必要措施，防范对网络的攻击、侵入、干扰、破坏和非法使用以及意外事故，使网络处于稳定可靠运行的状态，以及保障网络数据的完整性、保密性、可用性的能力。

（三）网络运营者，是指网络的所有者、管理者和网络服务提供者。

（四）网络数据，是指通过网络收集、存储、传输、处理和产生的各种电子数据。

（五）个人信息，是指以电子或者其他方式记录的能够单独或者与其他信息结合识别自然人个人身份的各种信息，包括但不限于自然人的姓名、出生日期、身份证件号码、个人生物识别信息、住址、电话号码等。

第七十七条 存储、处理涉及国家秘密信息的网络的运行安全保护，除应当遵守本法外，还应当遵守保密法律、行政法规的规定。

第七十八条 军事网络的安全保护，由中央军事委员会另行规定。

第七十九条 本法自2017年6月1日起施行。

Communist Party of China referring URL:

http://www.npc.gov.cn/npc/xinwen/2016-11/07/content_2001605.htm

China's Informatization - 中國信息化

China’s Civilian & Military Informatization Development Strategy 国家信息化战略中的军民结合

01/04/2016 admin Leave a comment

China’s Civilian & Military Informatization Development Strategy

国家信息化战略中的军民结合

“中辦發〔2006〕11號各省、自治區、直轄市黨委和人民政府，中央和國家機關各部委，解放軍各總部、各大單位，各人民團體：《2006—2020年國家信息化發展戰略》已經黨中央、國務院同意，現印發給你們，請結合實際認真貫徹落實。”

中共中央辦公廳

國務院辦公廳

“Affecting all Chinese provinces, autonomous regions, municipalities directly under the Communist Party of China, all committees and governments, central ministries and state organs, the People’s Liberation Army headquarters, major units, and people’s organizations:” This 2006–2020 National Informatization Development Strategy applies effective immediately”

[Foreign military and civilian strategy [1] ]

(A) legal form of integrating the armed forces to implement the strategy

The United States and other developed countries attach great importance to integrating the armed forces of institutional strengthening to the people, as a national strategy and to promote it in the form of legislation. After the Cold War, according to changes in the international situation, the US Congress and the Department of Defense issued a “National Defense Authorization Act ( 1993 ) “and” streamlining of the Federal Acquisition Act ( 1994 ), “affirmed the principle of legal form of military and civilian integration. The United States has enacted the “Defense transition strategy”, “National Security Strategy of Science and Technology ( 1995 ) “and” National Defense Science and Technology Strategy ( 2000 ) “, the strategic goal is:” to create a both to meet military requirements and meet the business needs of advanced national technology and industrial base. ” US Department of Defense in 2003, released in a new version of DOD5000.1 , stressing that “give priority to civilian products, technology and services”, provides that “to the extent feasible, the task can be modified requirements to facilitate civilian products, technology and services,” the procurement . British Ministry of Defense in 2001 for the promulgation of the 21 century national defense science and innovation strategy, clearly the long-term development of national defense science and technology point of view, the Ministry of Defence must attract the world advanced technology in the civilian sector to participate in defense research and development, accelerate weapons Update pace. French 1994 annual defense white paper also clearly announced that “the defense industry to consider the direction of the dual-use and military research and civilian research to combine as far as possible.”

(B) to promote the development of dual-use technology from both the investment and organization

The main countries in the world to start and accelerate new revolution in military affairs and military information technology, which is to implement the military strategy of the important people skills background. US Department of Defense in 1995 and published in “dual-use technology, aimed at obtaining affordable cutting-edge technology of the national defense strategy” and proposed to have important military needs but also has the potential transfer of dual-use technology, do need government intervention, clear by the government to invest in development. In 1998 the US Department of Defense promulgated the “National Defense Authorization Act”, asked the military to increase investment in the development of dual-use technology, and provides dual-use technology sharing principle of project funds. From the 20 century, 90 years began, the United States has implemented a variety of special programs to support the development of dual-use technology. In recent years, a substantial increase in the US defense budget, the 2007 fiscal year reached 5064 billion US dollars, compared with 2003, an increase of one-third of the defense budget in the 30-40% invested in the defense industry, it is worth noting that the US Department of Defense 20 Century 90 ‘s end total annual investment in IT is about 500 billion dollars in 2006 increased in 742 million US dollars, focus on supporting the development of dual-use of information technology. US Defense Advanced Research Projects Agency ( DARPA ) attaches great importance to the development and application of dual-use technology, which is half of the office responsible for the development of dual-use technology.

In order to facilitate the implementation of civil-military integration, the United States in 1993, including the establishment of the armed forces and the Ministry of Commerce, the Department of Energy, Department of Transportation, the National Aeronautics and Space Administration (year NASA ) and the National Science Foundation ( NSF ) and other units’ defense technology transition committee ” . The United States also developed a joint research and development agreement ( CRADA ), to support the development of federal technology transfer to the private sector, encouraging joint investment with industry to develop dual-use technologies and projects. If we say that the era of mechanization technologies accounted for all military and civilian technology military equipment 30-40% , then the era of military and civilian integration of information technology will account for 80-90% . In enhancing the economic competitiveness of key technologies and key defense technologies listed in the US Department of Defense Department of Commerce elected in respect of about 80% overlap. British Ministry of Defense and Trade and Industry jointly invest in the development of dual-use technology, including a number of areas, including aviation, the British set up a special bureau defense technology transfer, scientific research institutions engaged in management of civil defense projects and funding contracts, using competitive mechanisms to encourage having strong technical force of civilian institutions to develop military technology. France through the implementation of the space program, space program, nuclear programs and electronic, information and communication plans a number of projects to develop dual-use technology. Japanese defense procurement is mainly aimed at using defense contracts as a means to promote the development of advanced technologies, especially having a civilian or dual use of advanced technologies.

Accelerate the development of dual-use technologies in the military, while information technology and services in the national economy, resulting in huge economic benefits, a study reported that the US Congress, the second application of space technology, each invested one dollar, we can produce seven dollars efficiency [2] . 2006 early American NASA Goddard Space Flight Center will be awarded the development of a simple, safe and low cost of the patent license single-walled carbon nanotube manufacturing method of ISM company, formed a production capacity of single-walled carbon nanotubes, these Nanotubes can be widely used in various fields of medical, fuel cells, video displays, solar batteries, etc., to promote the economic development of the United States [3] .

Management and equipment procurement mechanisms (iii) the reform of research projects, encourage enterprises to participate in civilian research and production equipment

Civilian high-tech enterprise innovation system and a flexible, quick response, the results of many. Supporting civilian enterprises to develop products for the military, it has become the guidelines of the US military. 2003 introduced the “defense industrial transformation roadmap,” emphasized the need to change the main contractor control defense market situation, through the bidding and government procurement forms to encourage enterprises to participate in civilian research and production equipment, guide and encourage enterprises to master the innovative technology into the civil defense thereby forming the size of both, the new defense market structure of many vendors. For example, the US communications equipment maker Motorola Inc. have independent military communications equipment manufacturing sector, both the production of Boeing civil aviation with the machine also produces military aircraft, Lockheed – Martin, the company’s main business is system integration, aviation, aerospace and technical services, are dual-use technology. To support SMEs, the United States has enacted the Small Business Innovation program. The US scientists, engineers, nearly half of military-related research, about one-third of enterprises and military production, whereas the Ministry of Defence orders for the total order amount accounts for 90% . British military research facilities management reform measures, encourage the use of military research facilities in the civilian sector technology development. France set up an integrated project team from the Department of Defense Weaponry Department, the military services Staff, industry composition, management of weapons and equipment procurement program development and projects. French Defense Weaponry Department promptly inform the military to SMEs development plan, acquisition plan set aside 10% for small and medium enterprises, to encourage them to participate in the competitive procurement of weapons and equipment. German weaponry annual plan by the General Armament Department operations departments, the services bureau, defense technology and industry cooperation Acquisition Department developed together. Germany developed a “Federal Republic of Germany ordered assignments principles” clearly defined weaponry defense contractor general contractor in the task, the task must be assigned to military orders to subcontractors by means of competition, in the form of legislation to protect small and medium enterprises to participate in defense research mission competition. Note that the Japanese government has the military capacity to foster private enterprise, the Japanese are eligible to receive military orders of enterprises has reached two thousand, basically formed a technologically advanced, wide range and great potential of military research and production system. Russia’s two ways to establish the defense industry system integration of military and civilian, in the implementation of the defense industry group, the formation of large-scale military company at the same time, part of the military enterprises demutualization, privatization, so that military enterprises retain the core military production capacity at the same production civilian.

A greater proportion of military production undertaken by civilian enterprises, contribute to the formation of military bidding competition mechanism, thereby reducing costs, improving quality and production of military enterprises to civilian products companies face appeared, facilitate international technical exchange and absorption of foreign advanced technology. Military through purchase orders, to strengthen cooperation with the civilian high-tech enterprises, to provide abundant funds or venture capital, which has become a developed country WTO era important mode of government to support their strategy of industrial development, enhance international competitiveness, in addition, military and technical performance of the process of challenging requirements, promote the growth of civilian high-tech enterprise technological innovation and high-quality scientific and technological talents. The development of civilian high-tech enterprises to grow, for the defense industry has laid a solid foundation, also contributed to the national economic development, and enhance the strength of the country.

(Iv) open defense procurement, maximize the use of civilian norms and standards

In order to promote the development of civil-military integration, many countries have carried out reforms to military standards, the equipment acquisition process and vigorously promote the use of civil standards and commercial specifications. US forces continue to pursue the reform of military standards, based on the past all military standards and specifications to conduct a comprehensive clean-up review, the repeal of the 4000 military specification remainder (including single-piece specification) and 300 remainder military standards, adopted the 1784 item civilian standards ( non-governmental standard), the equipment acquisition process, limit the use of military norms and standards, not only does the civil standard is available to meet the military requirements when considering the use of military standards, and the use of military standards must be approved or existing civilian standards can not. UK Equipment Acquisition management, not to military standards and military specifications and performance-based specifications proposed procurement requirements, given enough freedom and flexibility contractor. Japan 1999-2002 years, a total amend or repeal the military technical standards and technical specifications 10231 , accounting for all military technical standards 74 percent . In 2003 , the Defense Agency also proposed in its new weapons and equipment procurement policy making, instead of using civilian technology standard about 18,000 entries Defense Agency dedicated military standards and norms.

US defense scientist famous Gansler estimate, the implementation of civil-military integration, the United States Department of Defense Department of Defense procurement could save the equivalent of the total annual fee of 20% or more. Although the US military R & D expenditure of the United States the proportion of total funding from the last century, 60 years of 50% is reduced to the current 15% , but the US military technology but gained rapid development, mainly due to integrating the armed forces of the new system.

[To change the information into a new military and civilian military features, integrating the armed forces]

A new era of international competition, information into the characteristics of modern military equipment is becoming one of the core content of the new revolution in military affairs of States. An information era notable feature is the combination of surface defense economy and social economy more widely, military technology and civilian technology deeper degree of integration, association technological innovation and new revolution in military affairs increasingly tight. Developed countries have the information technology as a strategic national research priorities, the United States and Japan in the field of R & D investment in information separately account for the total R & D investment of 40% or more, the United States Department of Defense 2005 budget on science and technology information systems and sensors accounted for 35.7% .

(A) information technology in all areas of civil industrial technology is the most easy to achieve also the people’s army also

Information industry is large in scale compared to other industrial sectors and technology updates quickly, there is no other information technology fields like civil industry as more people realize also the military also. The United States since 1999 years has launched the “fast bird”, “Ikonos” and other dual-use high-resolution satellite, in 2001 in Afghanistan, “Operation Enduring Freedom”, the US “fast bird” and “Yi Kenuo Sri Lanka “satellite to 20 US dollars / km ² price to US Department of Defense provides photographic reconnaissance image related operations area. IT-based civilian battlefield information network in the Iraq war also played an important role, via satellite, drones and other airborne sensors to obtain information on a computer map updated every friendly and enemy positions every five minutes. The Pentagon claims that China and the US Air Force, the war in Iraq, the extent of information the Navy reached 70% , ground forces also up 50 percent or more. US information technology has made such rapid progress, China has played an important role in military technology.

(B) in the civilian market-wide test of IT applications in the military low-cost and reliable utility

Dedicated to the military use of information technology, although in training and military exercises, but without a real baptism after the test is limited. Civil information products market is large, hundreds of millions or even billions of people subjected to extensive tests using its technology, fierce competition in the market also contributed to accelerate its improvement and perfection, easy-to-use products, the cost to decline rapidly. From the military GPS and the Internet is a good example, which after a civilian market competition and popularity improvement to mature and reliable and cost-effective way reflect the greater value in military applications.

Performance information weaponry is much higher than the mechanized weaponry, but the development of high risk, high investment, an increase in its cost of IT accounts for a large proportion. Many civilian high-tech product development of low cost, standard upgrade quickly, just put a small amount of money to improve its performance can meet the requirements of military systems, make full use of civilian IT achievements can significantly reduce costs. United States, Britain, Japan and other developed countries in the development of information technology weaponry and equipment system, especially when a variety of military information systems, directly from the market civilian technology sector and corporate purchasing high-tech equipment, such as communications equipment, all kinds of computers, all kinds of computer software, security anti-virus software, satellite image analysis equipment to minimize the risk of national defense research and development investment. US Department of Defense contractor is due to the direct use existing commercial software and hardware, greatly reducing development time information Weapon System.

In addition, the use of information technology to transform and upgrade weapons systems is rapidly effective measures to improve the combat effectiveness. A typical weapon system development cycle for up to 7-15 years, the high cost of its replacement. The typical development cycle civilian IT hardware and software business a few months to a few years, mobile phones and PC replacement is faster, with a civilian rapid development of information technology to transform weapons and equipment, only a few funds, Every few years the performance of existing weapons and equipment will be able to a higher level, thereby prolonging the service life. Western countries show a measure of existing mechanized weaponry information transformation, the development time and cost required, roughly equivalent production of new weaponry 1/4 to 1/3 .

(D) The information construction in the military use of civil IT and products beneficial to the national defense mobilization

Army civilian information technology products through the use of these technologies to deepen understanding, familiar with the use of these products, once wartime there is a need to quickly collect a large number of civilian products, and in the armed forces of these products can be quickly effective. US troops in 95 percent of the computer is in the civilian military communications conducted online, with commercial networks linked up to 15 million units changed hand, the Iraq war, the US military also requisitioned and rented some commercial satellites and civilian information networks, in order to bridge the information transfer capability deficiencies. IT complexity it becomes replace the faulty equipment maintenance module, civilian technology products helps to reduce the use of troops and equipment spare parts inventory. In addition, the use of civil information technology products also provide the possibility for civilian IT enterprises to participate in military equipment maintenance, thus reducing maintenance costs of troops and equipment. 2003 , the United States in the Iraq war, has with the world’s four 10,000 manufacturers signed a 50 million copies of material support contract, “the contractor battlefield” socialization of military logistical support.

(E) The development of intellectual property in the competition for civil defense information technology helps improve information security

IT field of international, market-oriented walking in front of other areas, competition is quite fierce patents, the United States, Japan and other developed countries to ten in 2005 by the end of the cumulative patent applications in China in 46.27% concentrated in the field of information. Many IT even basic technology is also likely to be used in the military field, the developed countries are often incorporated into this limit exports of the column, especially China, and therefore unable to equip our troops or through the introduction of foreign advanced weapons systems procurement. At a critical time in international politics, the military situation changes, do not rule out the possibility of the introduction of certain key parts weaponry stuck or certain functional failure exists. On the other hand, China’s civilian IT through international competition, hard work, has been the rapid development, the domestic IT companies are also corresponding increase innovation capability, some of the technology has reached the world advanced level, such as third generation mobile communication TD-SCDMA . In order to compete and reduce costs needs, many domestic enterprises have developed information technology products dedicated chip, to change the long-standing dependence on foreign chip status, while developing the capability to rapidly increase, to undertake the task of developing national defense to lay a good foundation dedicated chip . These chips use civilian high-tech and specialized in military equipment in the army would avoid the kinds of information security with its own technology.

(F) make full use of local advantages of network professionals prepared to deal with cyber warfare preparation

Information is double-edged sword, information technology to improve the combat capability of the armed forces but also requires special attention to the information network security. An essential feature of cyberwarfare is asymmetric, low cost and easy to attack and attack and hard to defend, particularity cyber warfare means will lead to future war ” civilians ” trend, “hackers” may become a war hero. To prevent ” network’9.11′ incident , ” President George W. Bush early in 2002 on the release of the first 16 numbers , ” National Security Presidential Directive , ” the history of the formation of the US military is the world’s first network hacker troops – cyber warfare capabilities constitute the Joint Command, The Army and Navy also have a computer emergency response unit, the Air Force is responsible for the implementation of the establishment of a network of Air Force attack these troops from the world’s top computer experts and ” hacker ” , and currently has formally incorporated into the order of battle in Las Vegas on the largest computer exhibition, former US Assistant Secretary of Defense Sihamoni had in his speech on the ” hacker ” who said: ” If you considered the rest of his life to doing, make sure you do not forget the Department of Defense. ” In addition, the US military also hired some hackers specialize in computer vulnerability testing. 2004 In September , the US set up by 28 international industry consortium composed of major companies specialized home – NCW Industries Alliance, to strengthen the military and civilian aspects of the field of information technology coordination.

(G) make full use of scientific and technological resources of a strong army and civil service

It was reported that the US Air Force in terms of the lack of high-tech professional officer Capt up to two-thirds of the Army Navy also facing the same problem. US Department of Defense, NASA and other very seriously the role of the United States Academy of Engineering and universities and other research institutions and companies in the defense consulting RAND research and personnel training. According to foreign military experts estimate that the United States, Britain, France, Germany, Japan and other major developed countries developing high-tech weapons and equipment information required for 80-90% from local businesses, 10-20% from their military research institutes that the basis of dual-use items and technology sector may bear the civil, defense, science and technology department and the military technology sector specializing in purely military projects, and overall system project. US military reconnaissance plane EP-3 electronic information system consists of a variety of functional equipment components, many of them readily available on the market and are not necessarily technologically advanced products, but its integrated performance of the system on a higher level, visible integrated innovation You can increase the value.

The total amount of scientific and technical personnel and research and development staff accounted for the world’s first and second place, to make good use of the intellectual resources will significantly enhance our military’s strength in the balance of forces. Establish civil-military integration of scientific and technological innovation system, the development of military and civilian science and technology co-ordinate the project and reasonable deployment of dual-use items, do not repeat and can complement each other to achieve the optimal combination of scientific and technological resources of the country, at the same time vigorously develop local resources by means of force personnel to ensure national defense construction in a strategic initiative. The Central Military Commission in 2007 issued a “attract and retain high-level military professional and technical personnel provisions”, the increased focus on the introduction and use of high-quality human resources community efforts to further improve the policy mechanism innovation. System established academicians, academicians hired as technical adviser, full use of the state’s top talent and intelligence resources to better serve the army major decision-making advice, major scientific research and high-level personnel training; in preparation for military struggle and closely related major research projects (project) and key disciplines, a chief expert positions, for the community to hire high-level professional and technical personnel.

[Seize the opportunities of information technology, to promote civil-military integration, integrating the armed forces]

China’s national defense scientific research and industrial system is set up on the basis of the planned economy, the planned economy of management concepts and tools still play a leading role in the management and self-contained closed hinder the establishment of a market-oriented philosophy, is not conducive to cooperation and innovation culture the formation, performance assessment indicators of military units rely on the lack of industrial development and promote the civil requirements or mission, in research programs and equipment procurement in military and civilian disjointed. Since reform and opening, the defense industry began with the development of a single military structure structure change, the nuclear industry, shipbuilding industry, information industry to the military and civilian, to benefit from the transfer of military technology to civilian use, the radiation leading role in the defense industry to the local economy and society significantly enhanced, but these transfers have not yet risen to the institutional level. On the other hand, our country has grown to a group of innovative and industrial capacity of civilian high-tech enterprises, capable military mission, but the lack of demand for military communication channels norms, policies and regulations related to the imperfection of reason, basically it less involved in national defense tasks. If there are no civilian technology sector urgent national security needs, it is impossible to obtain in the areas of national defense and security level of strong support, it is difficult to play a greater role in supporting the civilian sectors to support and not to assume the task of training defense, nor conducive to its development and growth. Compared with developed countries, China’s military and civilian from positive interaction and coordinated development goals are still many gaps, more prominent is the lag corresponding laws and regulations and institutions. Military and civilian national behavior and reflects the will of the state, not only to rely on technological innovation, but also to rely on innovation and institutional innovation to achieve.

In the CPC Central Committee and State Council in 2006 issued in ” 2006-2020 National Information Development Strategy “, pointed out the global information technology are causing profound changes in today’s world, reshaping the world political, economic, social, cultural and military a new pattern of development. Accelerate the development of information technology, it has become the common choice of all countries. And clearly put forward the development of China’s information technology strategic approach – the overall planning, resource sharing, deepen the application, seek practical, market-oriented, based on innovation, military and civilian, safe and reliable.

In the implementation of the national development strategy, we need to learn from foreign ideas, to address the constraints of institutional issues from military and civilian regulations, coordination mechanisms, standards and procurement policies and other strategic height. The current need to establish and improve the bidding system, the formation of fair and equitable competition, maximize the use of mature private standards, guidance and encouragement to master innovative technology enterprises, especially small and medium sized companies to enter the defense sector, so as to form a new multi-vendor defense industry system, led military mission to enhance the level of civilian development, adding vitality to economic development, to achieve military and civilian interaction.

In an important experience in promoting foreign military and civilian aspects of the information is from the start. Revolution in military affairs in the world today, is the rapid development of information technology and its wide range of applications in the military field for direct power, high-tech advantages of local wars in conditions of informationization to be achieved, relying solely on national defense science and technology sector and the military system itself to be ineffective, soldiers and civilians combined, integrating the armed forces is the key, information technology is one of the important starting point. In the task of industrialization, information technology integration and development of our country with the military mechanization and informatization complex development goals, information technology has become a very good combination of points overall economic construction and national defense construction. In particular, most of the reform of the State Council, gave birth to the Ministry of Industry and Information Technology, not only from the organic unity of the organization will be industrialization and information management, and the civilian industry and the defense industry closely, from the institutional to seize information strategic opportunity to strengthen civil-military integration provides an important guarantee. Ministry of Industry and Information Technology at the same time implementation of national information technology and new industrial development strategy, will give full consideration to the development needs of the defense industry and the development of weapons and equipment, the establishment of military and civilian national level to promote policies and coordination mechanisms to promote industrialization, information technology and defense comprehensive and coordinated development and enhance the independent innovation capability of science and technology industry, and actively explore market-oriented approach combining military and civilian, military and civilian industries planning to achieve convergence between supply and demand docking and resource sharing [4] , two-way play the leading role, promoting the national economy and national defense modernization.

Seventeenth Party Congress report pointed out that “national defense and army building, we must stand on national security and the development of strategic height, overall economic development and national defense building” . “To attain the building computerized armed forces and winning the information war strategic objectives, accelerate composite development of mechanization and information, and actively carry out military training under conditions of informationization, build a modern logistics, intensify training a large number of qualified military talent, effectively change the mode of generating combat. ““Reform of the defense industry to adjust and of weapons and equipment procurement, improve weapons and equipment developed by independent innovation capability and quality benefits. Establish and improve military and civilian, combine military weaponry and equipment research and production system to the people, military personnel training and military security system , adhere to thrift and hard work, out of a Chinese characteristics, civil-military integration path of development. “Discuss these important military and civilian strategic approach is to achieve scientific development. We must seize the opportunities of information technology, integrating the armed forces to do this great article, make our country prosperous and our armed forces powerful while building a moderately prosperous society in all respects.

Original Mandarin Chinese:

【國外軍民結合的戰略[1]】

（一）以法律形式落實寓軍於民戰略

美國等發達國家十分重視寓軍於民的體制建設，將其作為國家戰略並以立法的形式加以推動。冷戰結束後，根據國際形勢的變化，美國國會和國防部出台了《國防授權法（1993）》和《聯邦採辦精簡法案（1994）》以法律形式肯定了軍民一體化的原則。美國先後頒布了《國防轉軌戰略》、《國家安全科學技術戰略（1995）》和《國防科學技術戰略（2000）》，其戰略目標是：“建立一個既滿足軍事需求又滿足商業需求的先進的國家技術和工業基礎”。美國防部於2003年發布了新版的DOD5000.1，強調“優先採用民用產品、技術和勞務”，規定“在可行的情況下，可修改任務要求，以促成民用產品、技術和勞務”的採購。英國國防部於2001年頒布了面向21世紀的國防科技和創新戰略，明確提出從國防科技的長遠發展來看，國防部必須吸引世界範圍內技術先進的民用部門參與國防科研開發，加快武器裝備的更新步伐。法國1994年公佈國防白皮書也明確提出“國防工業要考慮向軍民兩用方向發展，軍用研究和民用研究要盡可能結合”。

（二）從投資和組織機構兩方面促進軍民兩用技術的發展

世界主要國家啟動和加速推進新軍事變革和軍隊信息化建設，這是推行民技軍用戰略的重要背景。美國國防部於1995年發表《兩用技術，旨在獲取經濟可承受的前沿技術的國防戰略》，提出了對有重要軍事需求同時又具有轉移潛力的兩用技術，確實需要政府介入的，明確由政府進行投資開發。 1998年美國國防部頒布的《國防授權法》，要求軍方必須加大對兩用技術開發的投資，並規定了兩用技術項目經費的分攤原則。從20世紀90年代開始，美國還實施了多種專項計劃，支持軍民兩用技術開發。美國近年來大幅度增加國防預算，2007財年達到5064億美元，比2003年增加了1/3，國防預算中30-40%投資到國防工業，值得注意的是，美國國防部20世紀90年代末每年對信息技術的投資總額約為500億美元，2006年增至742億美元，重點支持軍民兩用信息技術的開發。美國國防部國防先進技術研究計劃局（DARPA）十分重視軍民兩用技術的開發和應用，其半數辦公室負責軍民兩用技術的發展。

為了推動軍民一體化的實施，美國於1993年成立了包括三軍和商務部、能源部、運輸部、國家航空航天局（NASA）以及國家科學基金會（NSF）等單位的“國防技術轉軌委員會” 。美國還制定了聯合研究和發展協議（CRADA），支持聯邦開發的技術轉讓給私營部門，鼓勵與工業界聯合投資和合作開發兩用技術項目。如果說機械化時代軍民技術結合占到全部軍事裝備技術的30-40%，那麼，信息化時代軍民技術融合將會占到80-90%。在美國國防部推選的國防關鍵技術與商務部列出的提高經濟競爭力的關鍵技術中就有約80%是重疊的。英國國防部與貿工部聯合投資開發包括航空領域在內的多項軍民兩用技術，英國還專門成立國防技術轉化局，管理民用科研機構從事國防項目的合同和經費，採用競爭機制，鼓勵具有較強技術力量的民用機構開發軍用技術。法國通過實施航天計劃、航空計劃、核能計劃和電子、信息與通信計劃等多項計劃來開發軍民兩用技術。日本國防採購主要著眼於利用國防合同作為一種手段，促進先進技術特別是具有民用或兩用用途的先進技術的發展。

發展軍民兩用技術在加速軍隊信息化建設的同時，服務於國民經濟，產生巨大的經濟效益，美國國會一份研究報告稱，航天技術的二次應用，每投入1美元，能產出7美元的效益[2]。 2006年初美國NASA戈達德航天飛行中心將所開發的一種簡單、安全且費用較低的單壁碳納米管製造方法的專利許可權授予ISM公司，形成了單壁碳納米管生產能力，這些納米管可廣泛應用於醫療、燃料電池、視頻顯示器、太陽能電池等各個領域，推動了美國經濟的發展[3]。

（三）改革科研項目的管理和裝備採購機制，鼓勵民用企業參與裝備科研生產

民用高新技術企業創新體系機制靈活，反應快，成果多。扶持民用企業為軍方開發產品，已成為美軍方的指導方針。 2003年出台的《國防工業轉型路線圖》強調，必須改變主承包商控制國防市場的局面，通過招標和政府採購形式鼓勵民用企業參與裝備科研生產，引導和鼓勵掌握創新技術的民用企業進入國防領域，從而形成大小兼備、眾多供應商的新型國防市場格局。例如，美國的通信設備生產商摩托羅拉公司就有獨立的軍事通信設備生產製造部門，美國波音公司既生產民航用機也生產軍用機，洛克希德－馬丁公司的主營業務就是系統集成、航空、航天和技術服務，都是軍民兩用的技術。為了扶持中小企業，美國還專門製定了小企業創新計劃。目前美國的科學家、工程師中有近半從事與軍事有關的研究，約有1/3的企業與軍工生產有關，而訂貨量約佔國防部總訂貨量的90%。英國改革軍用科研設施管理辦法，鼓勵民用部門利用軍用科研設施進行技術開發。法國成立了由國防部武器裝備總署、軍種參謀部、工業界組成的一體化項目小組，參與武器裝備採辦計劃的製定和項目的管理。法國國防部武器裝備總署及時向中小企業通報軍品發展計劃，專門留出採辦計劃的10%給中小企業，鼓勵他們參加武器裝備採辦的競爭。德國的武器裝備年度計劃是由總裝備部各業務局、各軍種局、國防技術採辦總署和工業界一起合作制訂的。德國製訂了《聯邦德國訂貨任務分配原則》，明確規定武器裝備的總承包商在承包國防任務後，必須用競爭手段向分包方分配軍工訂貨任務，以法規形式保護中小型企業參與國防科研任務的競爭。日本政府注意扶植有軍工生產能力的民間企業，日本有資格接受軍品訂貨的企業已達兩千餘家，基本形成了一個技術先進、門類齊全、潛力巨大的軍事科研生產體系。俄羅斯從兩方面建立軍民一體化國防科技工業體制，在實行國防工業集團化、組建大型軍工集團公司的同時，將部分軍工企業股份化、私有化，讓軍工企業在保留核心軍工生產能力的同時生產民品。

較大比例的軍工生產由民用企業承擔，有助於形成軍品招投標競爭機制，從而降低成本，提高質量，生產軍品的企業以民用產品公司面貌出現，便於進行國際技術交流，吸收國外先進技術。軍方通過採購訂貨，加強與民用高技術企業的合作，為其提供雄厚的資金或風險投資，這已成為發達國家在WTO時代政府支持本國戰略產業發展、提高國際競爭力的重要模式，另外，軍品對產品的工藝和技術性能提出挑戰性的要求，促進了民用高技術企業技術創新和高素質科技人才的成長。民用高新技術企業的發展壯大，為國防工業打下了堅實的基礎，也推動了國民經濟發展，增強了國家的實力。

（四）開放國防採購，盡量採用民用規範和標準

為了推動軍民一體化的發展，許多國家都紛紛對軍用標准進行了改革，在裝備採辦過程中大力倡導利用民用標準和商業規範。美軍不斷推行軍事標準改革，在對過去所有軍用標準和規范進行全面清理審查的基礎上，廢止了4000餘項軍用規範（含單篇規範）和300餘項軍用標準，採納了1784項民用標準（非政府標準），在裝備採辦過程中，限制使用軍事規範和標準，只有在確實沒有民用標準可用，或現有民用標準不能滿足軍事要求時才考慮使用軍用標準，而且使用軍用標準必須經過批准。英國在裝備採辦管理中，不以軍用標準和軍用規範而以性能規範為主提出採購要求，給予承包商足夠的自由度和靈活性。日本1999-2002年間，共修改或廢止軍事技術標準及技術規範10231項，佔所有軍事技術標準的74%。 2003年，防衛廳在其製定的新武器裝備採辦政策中又提出，用民用技術標準取代約18000項防衛廳專用的軍品標準和規範。

美國著名防務學家Gansler估計，實行軍民一體化，美國國防部每年能節省相當於國防部採辦費總額的20%以上。雖然美國軍事研發經費占美總經費的支出比例從上世紀60年代的50%減到現在的15%，但美國的軍事技術反而獲得了突飛猛進的發展，主要就是得益於寓軍於民的新型體制。

【以信息化為新軍事變革特徵的軍民結合、寓軍於民】

面對新時代的國際競爭，以信息化為特徵的軍事裝備現代化正成為各國新軍事變革的核心內容之一。信息化時代的一個顯著特點是國防經濟與社會經濟的結合面越來越廣、軍用技術與民用技術融合度越來越深，科技創新和新軍事變革的關聯越來越緊。發達國家紛紛將信息技術作為國家研究戰略重點，美國和日本在信息領域的研發投入分別占到總研發投入的40%以上，美國國防部2005年科技預算中信息系統與傳感器佔35.7%。

（一）信息技術是所有民用工業技術中最容易實現亦軍亦民的領域

信息產業規模大而且相比其他工業領域技術更新快，沒有其他民用工業領域的技術像信息領域那樣更易實現亦軍亦民。美國自1999年先後發射了“快鳥”、“伊科諾斯”等高分辨率軍民兩用衛星，在2001年的阿富汗“持久自由行動”中，美國的“快鳥”和“伊科諾斯”衛星以20美元/km²的價格向美國防部提供了有關作戰地區的照相偵察圖像。基於民用信息技術的戰場信息網絡在伊拉克戰爭中也發揮了重要作用，通過衛星，無人機和其他機載傳感器獲得情報，在計算機地圖上每五分鐘更新一次友軍和敵軍位置。美國五角大樓聲稱，伊拉克戰爭中美空軍、海軍的信息化程度達到70%，地面部隊也達50%以上。美軍信息化建設取得如此迅速的進展，民技軍用扮演了重要角色。

（二）在民用市場廣泛考驗的信息技術在軍事上應用成本低且可靠實用

專用於軍事的信息技術雖然在訓練和軍事演習中也使用，但未經實戰洗禮畢竟考驗有限。民用信息產品市場規模大，上億人甚至數十億人的使用使其技術經受廣泛考驗，市場的激烈競爭也促使其加快改進和完善，產品方便易用，成本迅速下降。源於軍用的GPS和互聯網是一個很好的例子，它們在經過民用市場的競爭和普及完善後，以成熟可靠和低成本的方式在軍事應用中體現更大的價值。

（三）信息技術的軍事應用可以迅速提高戰鬥力

信息化武器裝備的性能要比機械化武器裝備高得多，但開發風險高、投資大，在其增加的造價中信息技術佔很大比重。很多民用高技術產品開發成本低廉，標準升級迅速，只需投入少量資金提高其性能指標就能達到軍用系統的要求，充分利用民用信息技術成果可以顯著降低成本。美、英、日等發達國家在發展信息化武器裝備體系，特別是各種軍事信息系統時，都直接從市場上民用科技部門和企業採購高技術設備，如通信器材、各種計算機、各類計算機軟件、安全防病毒軟件、衛星圖像分析設備等，最大限度地減少國防科研開發投資的風險。美國防部承包商就是由於直接採用現成的商用軟硬件，大大縮短了信息化武器系統的研製時間。

另外，利用信息技術改造和升級武器系統是迅速提高戰鬥力的有效措施。典型的武器系統的研製週期長達7-15年，其換代的成本很高。典型的民用信息技術商業硬件和軟件的研製週期是幾個月到幾年，手機和PC的更新換代就更快，用快速發展的民用信息技術對武器裝備進行改造，僅需很少的經費，每隔幾年原有武器裝備的性能就能上一個台階，從而延長了服役年限。西方國家的一項測算表明，對現有機械化武器裝備進行信息化改造，其研製時間和所需的費用，大約只相當於生產新型武器裝備的1/4至1/3。

（四）在軍隊信息化建設中民用信息技術和產品的使用有利於國防動員

軍隊通過使用民用信息技術產品加深了對這些技術了解，熟識這些產品的使用，戰時一旦有需要可以迅速徵集大量民用產品，而且在部隊中這些產品能迅速發揮效用。美軍中95%的軍事通信是在民用網上進行的，與商業網相聯的計算機達15萬台之多，伊拉克戰爭中美軍還徵用和租用了部分商業衛星和民用信息網絡，以彌補信息傳輸能力的不足。信息技術的複雜性使其裝備的維修變為故障模塊的更換，民用技術產品的採用有利於減少部隊裝備備件的庫存。另外，民用信息技術產品的使用也為民用信息技術企業參與部隊裝備維修提供了可能，從而也降低了部隊裝備的維修費用。 2003年，美國在伊拉克戰爭中，先後同全球4萬個生產商簽訂了50萬份物資保障合同，“承包商上戰場”實現軍隊後勤保障的社會化。

（五）在競爭中發展的民用信息技術的自主知識產權有助於改進國防信息安全

信息技術領域國際化、市場化走在了其他領域的前面，在專利方面的競爭也相當激烈，美日等十個發達國家到2005年底累計在華申請的發明專利中46.27%集中在信息領域。很多信息技術即便是基礎技術也很可能用在軍事領域，發達國家往往將此編入限制出口之列，尤其是對中國，因此無法通過引進或採購國外先進的武器系統來裝備我們的部隊。在國際政治、軍事形勢變化的關鍵時候，不排除存在引進的武器裝備某些關鍵配件被卡或某些功能失效的可能性。另一方面，我國民用信息技術經過國際競爭的打拼，得到了快速發展，國內信息技術企業創新能力也相應提高，一些技術已經達到了世界領先水平，例如第三代移動通信的TD-SCDMA。為了競爭和降低成本需要，國內很多企業的信息技術產品都有自主開發的專用芯片，改變了長期以來依賴國外芯片的狀況，同時開發能力迅速提高，為承接國防任務開發專用芯片打下很好的基礎。這些民用高技術和專用芯片在部隊裝備中的使用將以其自主技術避免我軍信息安全受制於人。

（六）充分利用地方網絡人才的優勢做好應對網絡戰的準備

信息化是雙刃劍，軍隊的信息化建設在提高作戰能力的同時也需要特別關注對信息網絡的安全防護。網絡戰的一個基本特點是不對稱性，攻擊成本低且易攻難守，網絡戰手段的特殊性將導致未來戰爭的“平民化”趨勢，“黑客”有可能成為戰爭的主角。為了防止出現“網絡’9·11’事件”，布什總統早在2002年就發布了第16號“國家安全總統令”，組建美軍歷史上也是世界上第一支網絡黑客部隊——網絡戰聯合功能構成司令部，陸軍和海軍也各有電腦應急反應分隊，空軍則建立了專門負責實施網絡進攻的航空隊。這些部隊由世界頂級電腦專家和“黑客”組成，目前已經正式編入了作戰序列。在美國拉斯維加斯最大的計算機展覽上，美國前助理國防部長莫尼曾在演講中對“黑客”們說：“如果你們考慮過餘生要幹些什麼，請務必不要忘記國防部。”此外，美軍還僱用一些黑客專門從事計算機漏洞測試工作。 2004年9月，美國成立了由28家專業化大公司組成的國際工業財團——網絡中心戰工業聯盟，加強信息技術領域方面的軍民協調。

（七）充分利用民用科技資源為強軍服務

據報導美國空軍在高科技專業方面缺少的上尉軍官多達2/3，陸軍海軍也面臨同樣的問題。美國防部、航天局等很重視發揮美國工程院和高校等科研機構及蘭德公司等在國防諮詢研究和人才培養的作用。據國外軍事專家估計，美、英、法、德、日等世界主要發達國家發展信息化武器裝備所需要的高新技術80-90%來自地方企業，10-20%來自軍方自己的科研院所，即基礎和兩用項目可由民用科技部門承擔，國防科技部門和軍隊科技部門專攻純軍事項目以及系統總體項目。美軍的偵察機EP-3的信息電子系統由多種功能設備組成，其中不乏市場上隨手可得的且技術上不見得先進的產品，但其集成後系統的性能上了一個台階，可見集成創新能提高價值。

我國科技人員和研發人員總量分別佔世界第一位和第二位，利用好這一智力資源將在敵我對比中顯著增強我軍的實力。建立軍民融合的科技創新體系，統籌軍民科技項目的發展，合理地部署軍民兩用項目，做到既不重複又能互補，在全國范圍內實現科技資源的優化組合，同時藉助地方資源大力培養部隊人才，保證國防建設處於戰略主動地位。中央軍委於2007年發出《軍隊吸引保留高層次專業技術人才的規定》，著眼加大引進和利用社會優質人才資源力度，進一步創新完善政策機制。建立院士顧問制度，聘請兩院院士擔任技術顧問，充分利用國家頂尖人才和智力資源，更好地為軍隊重大決策諮詢、重大科技攻關和高層次人才培養提供服務；在與軍事鬥爭準備密切相關的重大科研項目（課題）和重點建設學科，設立首席專家崗位，面向社會聘用高層次專業技術人才。

【抓住信息化機遇，促進軍民結合、寓軍於民】

我國的國防科研與工業體係是在計劃經濟基礎上建立起來的，計劃經濟的管理理念和手段仍然發揮著主導作用，封閉管理和自成體系妨礙了市場化理念的建立，也不利於合作創新文化的形成，軍工單位的績效考核指標中缺乏依靠和帶動民用產業發展的要求或使命，在科研計劃和裝備採購中軍品和民品脫節。改革開放以來，國防工業開始由單一軍品結構向軍民結合型結構的轉變，核工業、船舶工業、信息產業等的發展，受益於軍事技術向民品的轉移，國防工業對地方經濟社會的輻射帶動作用明顯增強，但是這些轉移還未上升到製度層面。另一方面，我國國內已經成長了一批具有創新和產業能力的民用高新技術企業，能夠勝任軍品任務，但因缺乏規範的軍品需求信息溝通渠道、有關的政策法規不完善等原因，基本上很少介入國防任務。民用科技部門如果沒有國家安全的迫切需求，也不可能在國防安全領域方面得到國家層次的有力支持，難以發揮更大的支撐作用，民用產業部門得不到承擔國防任務的扶持和鍛煉，也不利於其發展壯大。與發達國家相比，我國離軍民良性互動、協調發展的目標尚有不少差距，更為突出的是相應的法規和製度的滯後。軍民結合是國家行為和國家意志的反映，不僅要依靠技術創新，而且要依靠體制創新和機制創新來實現。

在中共中央辦公廳、國務院辦公廳2006年印發的《2006-2020年國家信息化發展戰略》中，指出全球信息化正在引發當今世界的深刻變革，重塑世界政治、經濟、社會、文化和軍事發展的新格局。加快信息化發展，已經成為世界各國的共同選擇。並明確提出了我國信息化發展的戰略方針——統籌規劃、資源共享，深化應用、務求實效，面向市場、立足創新，軍民結合、安全可靠。

在落實國家信息化發展戰略中，我們需要藉鑒國外思路，從法規、協調機制、標準和採購政策等戰略高度解決制約軍民結合的體制問題。當前需要建立健全招投標制度，形成公正公平的競爭態勢，盡量採用成熟的民間標準，引導和鼓勵掌握創新技術的企業特別是中小型公司進入國防領域，從而形成多供應商的新型國防產業體系，以軍工任務帶動民品開發水平提升，為國民經濟發展增添活力，實現軍民良性互動。

國外在促進軍民結合方面的一個重要經驗是從信息化入手。當今世界軍事變革，是以信息技術的飛速發展及其在軍事領域的廣泛應用為直接動力，信息化條件下局部戰爭所要達成的高技術優勢，單純依靠國防科技部門和軍隊系統自身難以奏效，軍民結合，寓軍於民是關鍵，信息技術是其中的重要抓手。在我國國家工業化、信息化融合發展的任務與軍隊機械化、信息化複合的發展目標中，信息化成為統籌經濟建設和國防建設的很好結合點。特別是國務院的大部製改革，催生了工業與信息化部，不但從組織上將工業化與信息化的管理有機統一，而且將民用產業與國防科技工業緊密結合，從體制上為抓住信息化戰略機遇加強軍民結合提供了重要保證。工業和信息化部在落實國家信息化和新型工業化發展戰略的同時，將充分考慮國防工業和武器裝備研製的發展需要，建立國家層面的軍民結合促進政策和協調機制，促進工業化、信息化和國防科技工業的全面協調發展和自主創新能力的提高，積極探索軍民結合市場化途徑，實現軍工與民用工業的規劃銜接、供需對接和資源共享[4]，發揮雙向輻射帶動作用，推進國民經濟和國防現代化。

黨的十七大報告指出，“國防和軍隊建設，必須站在國家安全和發展戰略全局的高度，統籌經濟建設和國防建設”。 “堅持科技強軍，按照建設信息化軍隊、打贏信息化戰爭的戰略目標，加快機械化和信息化複合發展，積極開展信息化條件下軍事訓練，全面建設現代後勤，加緊培養大批高素質新型軍事人才，切實轉變戰鬥力生成模式”。 “調整改革國防科技工業體制和武器裝備採購體制，提高武器裝備研製的自主創新能力和質量效益。建立和完善軍民結合、寓軍於民的武器裝備科研生產體系、軍隊人才培養體系和軍隊保障體系，堅持勤儉建軍，走出一條中國特色軍民融合式發展路子”。上述重要論述是實現軍民結合科學發展的戰略方針。我們要抓住信息化的機遇，做好寓軍於民這篇大文章，在全面建設小康社會進程中實現富國和強軍的統一。

Original Source(s)

(1) http://www.cia.org.cn/subject/subject_08

(2) http://www.gov.cn/gongbao/content/2006/content

Red Dragon 1949 / 紅龍1949

Tag Archives: China’s Informatization – 中國信息化

中國新的網絡安全法 // Internet Security Law of the People ‘s Republic of China

中國新的網絡安全法 // Internet Security Law of the People ‘s Republic of China

China’s Civilian & Military Informatization Development Strategy 国家信息化战略中的军民结合

中國網絡衝突討論，信息與研究 // Chinese Cyber Conflict Discussions, Information & Research