China Cryptography TC holds a meeting in Beijing

25/09/2019

On August 28 to 29, 2019, the China Cryptography Standardization Technical Committee held a meeting in Beijing to review 31 industry standard development projects, which were all passed by voting. Mr. XU Hanliang, chairman of the Cryptography Standardization Technical Committee, presided over the meeting. Participants included cryptography experts and the leaders of various cryptography standard projects.

 

Out of the 31 industry standard projects, 15 are under development and 16 still require more research to reach the development stage. The standards are related to emerging fields such as artificial intelligence, cloud computing, big data, electronic bidding, intelligent transportation, smart lock, and video surveillance.

Background:

On October 2011, the Standardization Administration of China and the State Cryptography Administration approved the establishment of the “China Cryptography Industry Standardization Technical Committee”, which is under the leadership and management of the State Cryptography Administration. This TC in charge of drafting industry standards of cryptography, it has a secretariat and four working groups: General WG, Basic WG, Application WG and evaluation WG, which are composed of experts from the government, enterprises, research institutes, universities, testing institutions and trade associations and mainly deals with technology, products, systems and management of cryptography standardization.

 

SESEC’s Analysis on the WG-level and TC-level analysis of the Cryptography TC:

There are two membership levels in the Cryptography TC, one is the TC level membership and another one is the WG level membership.

The TC level members are called committee members; only experts who meet the following requirements are able to join. The WG level is composed of member organizations and observer organizations, not individual experts. The organizations who apply to join a WG of the Cryptography TC should be independent legal entities registered within China, with business related to cryptography products, services, research and development.

 

Industry standards and national standards published by the Cryptography TC:

The Cryptography TC has already published 80 industry standards, from which 11 became national standards. The development of these 11 national standards was led by TC260. The WG3 of TC 260 also deals with cryptography technical standards and is now open for FIEs to join; among the 47 members, there is one German company.

[IT/ICT news] China will develop the first national standard for edge computing

19/09/2019

Edge computing, which is generated from the rapid development of internet of things and big data, refers to analysing and processing data near the edge of its source, allowing for minimum delay and privacy security. The edge computing industry consists of relevant research institutions, chip manufacturers and equipment manufacturers, and because of its rapid development, it is necessary to carry out standardization work.

In July 2019, the Standardization Administration of China (SAC) approved the development and revision plan for the national standard Information Technology-Edge Computing-Part1: General Requirements, which is the first national standard for edge computing in China. It is a CESI-led standard which sets the general requirements and framework of edge computing deployed in IoT networks, platforms and terminal devices.

Apart from CESI, CCSA is now the main force behind standardization for edge computing in China, with its work mainly in CCSA/TC5 (wireless communication)/WG12 (mobile communication core network) and CCSA/ST8 (Industrial network)/WG2 (network connection). Their ongoing industry standard projects include:

  • Industrial Internet Edge Computing—Requirements for Edge Node Management Interface
  • Industrial Internet Edge Computing—Model and Requirements for Edge Code
  • Industrial Internet Edge Computing—Demand
  • Industrial Internet Edge Computing—General Framework and Requirements
  • Overall Technical Specifications for LTE Network-based Edge Computing
  • Overall Demand and Framework for Mobile Edge Computing (MEC) services for LTE-V2X

At the international level, IoT Requirements for Edge Computing, the international standard project initiated by China, is under development in ITU-T SG20 (IoT and Smart City Research Team of International Telecommunication Union). It is ITU-T’s first standard project for edge computing in the IoT field.

Although the standardization of edge computing in China is still in its infancy, it will witness a rapid development in the near future. Edge computing has already been considered as an important part in many standard systems according to governmental documents like Guidelines for the Construction of Industrial Internet Comprehensive Standard System and Guidelines for the Construction of National Smart Manufacturing Standard System, which means more edge computing standards are being or will be laid down. The rapid development of 5G, internet of vehicles, internet of things, industrial internet, smart manufacturing and other industrial applications also need the support of edge computing standards. In this process, European stakeholders should take an active role and contribute to it.

 

GB/T: Integration of Informatization and Industrialization Management System-Assessment Guidance

On 28th December, GB/T23000-2017: Integration of Informatization and Industrialization Management System-Assessment Guidance is published officially by SAMR and SAC. The assessment guide points out clearly organization, process and auditing requirements. The new standard could be applied together with other 3 previous standards on integration of informatization and industrialization management system (GB/T23000-2017, GB/T23001-2017 and GB/T23002-2017)

TC260 published 17 draft national standards for public comments

On 26th December, TC260 (National Information Security Standardization Technical Committee) published draft national standard “cyber security: guide on health care information security” for public comments. The feedback shall be emailed to wangjiao@cesi.cn before the 26th of December, 2018. Meanwhile the feedback deadline for the other 16 national standards listed below is 11th February, 2019.

  • “Information Security Technology- Entity Authentication Assurance Framework ”
  • “Information Security Technology- Certificate Request and Application Protocol Based on Multiple Channels”
  • “Information Security Technology- XML Digital Signature Syntax and Processing Specification ”
  • “Information Technology- Security Techniques- Message Authentication Codes (MACs)- Part 1 Mechanisms using a block cipher”
  • “Information Security Technology- Light Weight Authentication and Access Control Mechanism”
  • “Information Security Technology- Security Protection Technical Requirements and Testing and Assessment Approaches for Industrial Control Systems”
  • “Information Security Technology- Security Techniques Requirement and Evaluation Criteria for Server”
  • “Information Techniques- System Security Engineering Capability Maturity Model”
  • “Information Security Technology-Cybersecurity Vulnerability Identification and Description Specification”
  • “Information Security Technology- Guidelines for the Category and Classification of Cybersecurity Vulnerability”
  • “Information Security Techniques-Cybersecurity Vulnerability Management Specification”
  • “Information Security Techniques- Terminology”
  • “Information Technology- Security Techniques- Information Security Incident Management- Part 2: Guidelines to plan and prepare for incident response”
  • “Information Technology- Security Techniques- Guidelines for Information Security Management Systems Auditing”
  • “Information Security Technology- Guide for Health Information Security ”
  • “Information Security Technology- Requirements for Data Security Technology of the Government Information Sharing”

CAC released “Measures on Financial Information Services”

On 26th December, CAC (Cyberspace Administration of China) released officially the “Measures on Financial Information Services”
SESEC sorts pertinent explanation and analyzes as follow:
The definition of “financial information services” complies with WTO’s related agreements;
The measures if specification document aiming at detailed management and requirements;
The services online need to be qualified inspected by authority;
The measures are supplements to “Measures on Foreign institutions’ financial information services in China”.

China released new policies to European Union

In December, the Peoples’ Republic of China released the document of policies to European Union for the third time after 2003 and 2014. The new policies state the cooperative blue map between China and EU in the near future. China welcome EU and European countries to join and develop “Belt & Road” and together further and extend productive cooperation in each sector, such as the third-party market, interconnection, finance and digital economy to consummate “China-EU blue partnership”.

The document contains five crucial parts: guiding principles for China-EU relationship; politic, safety and defense cooperation; cooperation on trade, investment interconnection and finance; technical innovation, new emerging industries and sustainable development; society and humanity.

Emphatically, Standards, metering, certification and quality inspection are put forward in the third part of investment interconnection and finance. Both sides shall deepen exchanges and cooperation, give full play to the role of China-EU standards information platform to supply mutual enterprises timely effective and authoritative information.

IEC approved the first standard on informatization and industrialization integration

The plenary meeting and working group meeting of ITU-T SG20 (standardization Bureau of IEC) kicked off in Wuxi of Jiangsu Province, China. The informatization and industrialization integration standard, “Methodology for building Sustainable Capabilities during Enterprises’ Digital Transformation”, was approved officially and expected published on March 2019. The standard was developed by National Industry Cybersecurity Research Center under the guide of MIIT.

SESEC analyzes: the standard was organized on the base of China recommended national standards GB/T 23000-2017 and GB/T 23001-2017,clarifies accurately the definition and term of “informatization and industrialization integration”. The approval by IEC indicates a virtual step of internationalization of China standards.

TC of informatization and industrialization integration Standardization set up 5 working groups

Under the guide of MIIT, national technical committee of informatization and industrialization integration Standardization set up 5 new working groups, the first batch.

  • WG1: management system of informatization and industrialization integration
  • WG6: industrial internet management
  • WG7: industrial cybersecurity
  • WG10: digitalization quality management
  • WG14: new model of manufacture

SESEC marks: the national TC established in June 2018 authorized by SAC, otherwise directly supervised by MIIT.