1. The status quo of my country’s cyber security industry

From a relatively narrow and rigorous perspective, the cybersecurity industry is mainly composed of cybersecurity companies and related professional service organizations. Among them, cybersecurity companies are corporate legal persons that provide customers with cybersecurity products or services and obtain revenue. The network security industry is an integral part of the IT industry, or a subset of the IT industry.

The network security industry meets the security needs of most individuals and commercial organizations for information applications, and also undertakes security assurance work for many government departments and some special industries. The network security industry has also absorbed the vast majority of practitioners engaged in network security technology product research and development, service assurance, and business operations. Objectively speaking, the cyber security industry is the foundation and an important force for maintaining national cyberspace security and ensuring the healthy development of the information society.

my country officially connected to the Internet in 1994. In 1995, Tianrongxin, the first network security company, was established, ushering in the era of the development of China’s network security industry. China’s cyber security industry has grown from scratch, from small to large, constantly improving and growing. According to statistics from the China Cyber ​​Security Industry Alliance (CCIA), in 2019, the size of my country’s cyber security market was approximately 47.8 billion yuan. In the first half of 2020, a total of 3,589 companies in my country will carry out cyber security services. As of the end of 2020, there were 30 Shanghai and Shenzhen A-share cybersecurity listed companies.

With reference to the industry life cycle theory and model, combined with the characteristics of cyber security companies, the life cycle of the cyber security industry can be divided into 5 main stages: budding stage, preliminary development stage, rapid growth stage, maturity stage, and decline stage (or metamorphic development stage) . From the concentration of the cybersecurity industry, the overall ranking and number of innovative cybersecurity companies, industrial structure, product competitiveness, vulnerability mining and advanced persistent threat (ATP) research capabilities, the scale and operation of top cybersecurity companies, and customer maturity, The proportion of cybersecurity investment in total informatization investment and other dimensions have been compared and analyzed. Compared with the first international cybersecurity group in the United States, my country’s cybersecurity industry has a staged gap in the industry life cycle. The US cybersecurity industry is already in the “mature” stage of the industry life cycle; China’s cybersecurity industry has surpassed the “initial development period” stage and is entering the “rapid growth period” stage. (See below)

Feature | Thoughts on the development planning of the network security industry during the “14th Five-Year Plan” period

Cybersecurity industry life cycle

Since the 18th National Congress of the Communist Party of China, the Party Central Committee has attached great importance to cybersecurity work. General Secretary Xi Jinping has issued an important instruction of “No cybersecurity, no national security”, integrated cybersecurity into national security work for deployment, and started a new cybersecurity business. stage. Since 2016, a series of major regulations, including the Cybersecurity Law of the People’s Republic of China, the Cryptography Law of the People’s Republic of China, the National Cyberspace Security Strategy, the “Thirteenth Five-Year” National Cybersecurity Plan, and the Cyberspace International Cooperation Strategy The planning documents have been issued and implemented successively, providing policy guarantees and legal support for the healthy development of the network security industry, and providing valuable opportunities for network security technological innovation and network security enterprises to become bigger and stronger. my country’s cyber security industry has entered a golden period of development. Innovative companies and innovative technologies continue to emerge, the industrial ecology continues to improve, and a relatively complete technology industry system has been formed. my country’s independent technology cyber security is active in every important technical field. enterprise. This has laid a solid foundation for the industrial system architecture for my country’s network security industry to achieve leapfrog development, catch up with developed countries such as the United States, and build a network power.

IDC predicts that in 2021, China’s overall network security market spending will reach 10.22 billion U.S. dollars, and the compound annual growth rate (CAGR) for the forecast period from 2020 to 2024 will be 16.8%, and the growth rate will continue to lead the global network security market.

2. Guiding ideology and goals for the development of the network security industry during the “14th Five-Year Plan” period

The “14th Five-Year Plan” period is the first five years after my country has built a moderately prosperous society in an all-round way and achieved its first centenary goal. It is of great significance to do a good job in economic and social development during the “14th Five-Year Plan” period. At present and for a period to come, our country is still in a period of important strategic opportunities, with new developments and changes in both opportunities and challenges. The international environment is becoming more and more complex, and the uncertainty of instability has increased significantly.

Study and understand the “Proposals of the Central Committee of the Communist Party of China on Formulating the Fourteenth Five-Year Plan for National Economic and Social Development and the Long-term Goals for 2035” (hereinafter referred to as the “Proposals”) and ten The “Fourteenth Five-Year Plan for National Economic and Social Development of the People’s Republic of China and the Outline of Long-Term Goals for 2035” (hereinafter referred to as the “Planning Outline”) passed by the Fourth Session of the Third National People’s Congress voted for the “Fourteenth Five-Year Plan” It is of great significance to accelerate the development of network security industry in the period of network security work. The guiding ideology, principles that must be followed, strategic orientation, main goals, and related planning content in the “Recommendations” and “Planning Outline” are the basic compliance and guidance requirements of the cyber security industry development plan. Proceeding from this, a preliminary discussion can be made on the network security industry development plan during the “14th Five-Year Plan” period.

1. Adhere to systems thinking, vigorously develop the network security industry, and strengthen system capacity building

The “Recommendations” and the “Planning Outline” have incorporated “coordinated development and security” into the guiding ideology of my country’s economic and social development during the “14th Five-Year Plan” period, and set a special chapter for strategic deployment, highlighting the role of national security in the overall situation of the party and the country. important position. The “Recommendations” and the “Planning Outline” clearly stated that “resolutely maintain the security of national power, system, and ideology, and comprehensively strengthen the network security guarantee system and capacity building.” Cyberspace has become a new field of human activities that is as important as land, ocean, sky, and space. National sovereignty extends to cyberspace, and cyberspace sovereignty has become an important part of national sovereignty. General Secretary Xi Jinping pointed out: “Without network security, there will be no national security, there will be no stable economic and social operation, and the interests of the broad masses of people will not be guaranteed.”

“Adhere to the system concept” is one of the five principles that must be followed in the “Planning Outline”. To develop the cybersecurity industry and do a good job in cybersecurity, we must be guided by an overall national security concept and a correct cybersecurity concept, establish a dialectical and holistic thinking, and actively promote cybersecurity assurance systems and capacity building.

We must adhere to the overall national security concept. General Secretary Xi Jinping pointed out that it is necessary to build a national security system that integrates political security, homeland security, military security, economic security, cultural security, social security, technological security, information security, ecological security, resource security, and nuclear security. With the in-depth integration of information technology and social economy and the rapid development of digital economy, the corresponding relationship and supporting role of network security and various aspects of the national security system have become more clear and important. The cyber security industry should actively respond to major national needs and provide strong guarantees for technical products, solutions, and security services in key areas and important scenarios.

In his “4·19” speech, General Secretary Xi Jinping pointed out that in order to establish a correct view of network security, it is necessary to realize that: network security is integral and not fragmented, network security is dynamic rather than static, and network security is open. Network security is relative rather than absolute, and network security is common rather than isolated. These five aspects are a systematic summary of the basic characteristics of network security, a scientific manifestation of system thinking in network security work, fully grasping the basic laws of cyberspace development and information technology development, and also advancing the development of the network security industry and the practice of security construction. Important guidance and effective grasping hand.

Comprehensively strengthening the construction of the network security guarantee system requires the participation of the government, enterprises, social organizations, and the majority of netizens to jointly build a line of defense for network security. Cybersecurity companies, especially leading companies, should actively cooperate with upstream, midstream and downstream enterprises and institutions in the industry while doing a good job in technology research and development, product and service guarantees, and actively carry out the popularization and promotion of customers and the public’s cybersecurity awareness and skills. Deeply participate in the planning and construction of major national and industry projects and basic platforms, so as to build an ever-evolving network security systemization capability and a good ecological environment conducive to industrial development.

Comprehensively strengthening the construction of cyber security assurance capabilities requires grasping the laws of information technology development and the characteristics of cyberspace development. Cyber ​​security companies must fully embody confrontational awareness and offensive and defensive thinking in technology research and development and business development. On the one hand, they must address the weak links of cyber security and the improvement of new scenarios. To complement security capabilities, on the one hand, we actively develop special technical advantages, strive to cultivate the “long board” of capabilities, and continue to improve offensive and defensive capabilities, so as to “make the barrier move forward and prevent problems before they occur.”

The three synchronization requirements of “simultaneous planning, simultaneous construction, and simultaneous use” proposed in Article 33 of the “Network Security Law of the People’s Republic of China” not only embody system thinking, but also conform to the guiding ideology of integrated development and security in the “Planning Outline”. In the informatization construction, the effective implementation of the three synchronization requirements is a strong guarantee for comprehensively strengthening the network security guarantee system and capacity building. Cyber ​​security companies should actively participate in the security planning of informatization construction of infrastructure, key industries, and important departments, and strive to avoid the double-layered situation of network security and informatization construction, promote the integration and coordination of network security construction and main business, and better Give full play to the effectiveness of network security investment.

2. Persist in innovation and breakthroughs, actively play the role of the enterprise’s innovation main body, continue to forge core capabilities, meet new needs and cope with new challenges

The term innovation appears 161 times in the “Planning Outline”. Innovation is one of the cores of the new development concept and an important prerequisite for promoting high-quality development. The “Planning Outline” proposes to improve the market-oriented mechanism of technological innovation, strengthen the position of the enterprise as the main body of innovation, promote the concentration of various innovative elements in the enterprise, and form a technological innovation system with enterprises as the main body, market-oriented, and in-depth integration of industry, university, research and application. Core technology is the foundation of the competitiveness of network security enterprises, and innovation is the fundamental driving force for the development of the network security industry.

Without core technology, there will be no industry leadership; without innovation and breakthrough, there will be no high-quality development. Only when Chinese cybersecurity companies have mastered the core technologies can they have the right to compete with international cybersecurity industry giants, and can realize the industrial leap from technology follow-up, to gradual substitution, to partial leadership, to full catch-up and overtake. Learning international advanced technology and experience is by no means simply imitating. Following the old ways of others, it is difficult for the cyber security industry to achieve differentiated competitive advantages, and it is also difficult for companies to grow bigger and stronger. Network security companies should actively seek innovative breakthroughs in security technology, security concepts, and security systems.

Achieving independent and controllable network security industry is one of the important goals of insisting on innovation and breakthrough. To test whether it is truly autonomous and controllable, there is a basic standard-core technology is not controlled by others, and industrial development is not controlled by others. On the one hand, cyber security companies master key cyber security technologies and new security technologies through independent research and development, and strive to break through core technologies, so that they can face the actual requirements of cyber offense and defense, and provide customers with technical products, solutions and security services that meet business characteristics and development needs. ; On the other hand, we must objectively face my country’s current relatively weak position in the IT infrastructure industry chain, vigorously develop a localized network security industry ecosystem, and forge network security products and solutions with complete systems, reliable performance, and supply chain security; on the other hand The cybersecurity industry should vigorously strengthen the security assurance capabilities of domestic basic software and hardware, improve the endogenous security capabilities of domestic basic software and hardware, and establish a rapid response mechanism and security assurance system for cybersecurity incidents.

The “Planning Outline” puts forward important development goals for accelerating digital development and building a digital China. The work related to the cybersecurity industry includes: fostering and expanding emerging digital industries including cybersecurity industry, and ensuring public security while improving the level of digital government construction. Data security, creating a good digital ecology. Among them, around the improvement of the digital element market mechanism, the relevant work content is proposed, including: strengthening the data protection involving national interests, business secrets, and personal privacy, accelerating the advancement of basic legislation in the fields of data security and personal information protection, and strengthening the life of data resources Cycle safety protection. Improve the data classification and hierarchical protection system applicable to the big data environment. Strengthen data security assessment and promote the safe and orderly flow of data across borders.

The “Planning Outline” has made a specific plan for promoting the digital transformation of the industry. Among them, the construction of the industrial Internet platform and the digital transformation promotion center is one of the key tasks. In response to the needs of industrial Internet security construction, the network security industry needs to vigorously promote in terms of core technology breakthroughs, product solutions, platform construction support, and industrial ecological construction.

In order to strengthen the protection of network security, the main content of the “Planning Outline” involving the network security industry includes: strengthening the security of important areas of data resources, important networks and information systems. Establish and improve the protection system of critical information infrastructure, improve security protection and maintain political security capabilities. Strengthen network security risk assessment and review. Strengthen the construction of network security infrastructure, strengthen cross-domain network security information sharing and work coordination, and improve network security threat detection, monitoring and early warning, emergency command, and attack source tracing capabilities. Strengthen the research and development of key cyber security technologies, accelerate the innovation of artificial intelligence security technologies, and enhance the comprehensive competitiveness of the cyber security industry. Strengthen network security publicity and education and personnel training.

In summary, the theme of innovation runs through the relevant development goals and work content of the cyber security industry in the “Planning Outline” and is the top priority of the industry’s development. In response to new IT technologies and new applications, cyber security companies should actively deploy research and development of new technologies such as artificial intelligence, 5G and future networks, blockchain, quantum information, new cryptography, and industrial Internet security.

3. Conclusion

This year is the first year of the “14th Five-Year Plan”. With the full implementation of the “Planning Outline”, the network security industry will inevitably usher in great development. It will surely be a new journey for the comprehensive construction of a modern socialist country and the realization of the second centenary goal. Make a significant contribution.

The Links:   G101UAN020 LQ121S1LG44