BETTER PROTECTED: Participants battle simulated attacks at an Internet security contest in Changchun, northeast China's Jilin Province, on April 27, 2013 (LIN HONG)
For the first time, cybersecurity has been included in the Chinese Government's annual work agenda. "We will safeguard cybersecurity," said Chinese Premier Li Keqiang in his government work report to this year's full session of the National People's Congress, China's top legislature, on March 5. The report outlined the top priorities for China's development in 2014 and beyond.
Before Li's remarks, President Xi Jinping pledged on February 27 to strengthen China's Internet security and build the nation into a strong cyber power at the first meeting of a central Internet security and informatization leading group, which he heads. Informatization is the extent to which information and communication technologies are utilized by a country in its economic, political and cultural fields and how much of a driving force it is behind each of these.
The group is designed to lead and coordinate Internet security and informatization work between different sectors, as well as draft national strategies, development plans and major policies in this field, according to Xi.
China has to balance its needs to develop IT technologies and safeguard Internet security, Xi said, who stressed their importance by describing the two issues as "the two wings of a bird and the two wheels of an engine."
A weak link
China has the world's largest Internet population. Statistics from the China Internet Network Information Center (CNNIC) showed the number of Internet users in China reached 618 million at the end of 2013, and the total market value of Internet companies exceeded $300 billion.
Meanwhile, the country is the world's second-largest target for hackers globally in terms of attack frequency, only slightly behind the United States, according to a report from the Web security company Beijing Rising Information Technology Co. Ltd.
According to Cai Mingzhao, Minister of China's State Council Information Office, more than 20,000 websites based in China were targeted by hackers in January-August 2013, and more than 8 million servers were compromised and controlled by overseas computers via zombie and Trojan programs at the same time, up 14 percent from the same period in 2012.
"These activities have caused severe damage to our economy and the everyday lives of the people," Cai said.
On January 21, tens of millions of netizens in China lost access to the World Wide Web due to a critical malfunction of the Domain Name System (DNS) infrastructure.
The snag, caused from a cache poisoning attack, was an unprecedented malfunction both in terms of the number of websites affected and the duration of the disruption. It left large numbers of top-level domains—including those ending in .com, .net and .org—out of commission and affected around two thirds of Chinese websites.
The DNS works as a navigator when people surf online, directing page view requests to their corresponding IP addresses.
Root name servers form the backbone of the DNS system and are responsible for returning addresses to Internet users when they visit a website. Without them, accessing the Internet would not be possible.
Hacking the DNS can trick the server into guiding requests to the wrong site. Technically, hackers can direct netizens to phishing websites. Such behavior can result in user information being compromised, said Zhao Wu, a website security expert with Beijing-based tech firm Qihoo 360 Technology Co. Ltd. He added that it is difficult to take precautions against such threats.
The January 21 incident, however, only led netizens to a blank page, and no leakage of information has been reported, according to Zhao.
Experts said that security awareness concerning DNS is weak in China and that most major domain name servers are poorly guarded.
"All the root name servers are located in the United States, Japan and European countries. A problem with them would affect all the domain name processes and websites in China," said Dong Fang, another website security expert with Qihoo 360.
CNNIC Executive Director Li Xiaodong admitted that China does not have the required conditions to set up a root name server. "The only way to improve the Internet's speed and stability is to introduce more root name server mirrors," he said.
Li called on the government to spend more on the country's DNS infrastructure and stressed that a quick-responding mechanism for emergencies is badly needed. "The country should see the DNS as a critical national strategic infrastructure because it is the foundation of the entire Internet," Li noted.
The January 21 incident has also spurred experts to reflect on whether China is ready for a possible cyber war, suggesting that the government learn from other countries' experience.