Ecosystem of humans and machines key to ensuring cybersecurity

The development of science and technology, including information and communications technology (ICT) and artificial intelligence, has had a huge impact on industries, making life more convenient for people. But it has also created security challenges, at the domestic as well as the transnational level.

China, which has been participating in global cybersecurity governance, has taken many measures to not only advance research and development in science and technology but also maintain cybersecurity.

In the tech sector, the evolution of malware and viruses, coupled with the increasingly sophisticated nature of cyberattacks, including ransomware encrypting user data, poses significant threats. Advanced persistent threat attacks are highly covert with a long dormancy period, while zero-day exploits — attacks on previously unknown software flaws that hackers use before developers can issue a patch — are catching defenses off guard.

Emerging technologies bring new risks such as data storage, and managements' reliance on third-party platforms raises concerns over data security and privacy in cloud computing. The vast amount of user information in big data, if leaked, could have disastrous consequences, while the sheer number of internet of things devices, with varying levels of security, makes them prime targets for hackers.

As AI advances, threats including data poisoning (deliberate injection of malicious or misleading data into a training set of AI models), adversarial attacks (crafting subtle input perturbations to fool AI models into making incorrect predictions), and model inversion (retrodicting sensitive training data or inferring model parameters by querying the AI system) have become major concerns for AI and machine learning systems.

Encryption, a cornerstone of data security, faces challenges, too, from quantum computing, which could potentially crack existing algorithms, prompting researchers to explore more secure quantum encryption techniques.

The management sector faces challenges as well. Many cyberattacks succeed because of user negligence, such as clicking on suspicious links or using weak passwords, while employees lacking cybersecurity awareness could increase vulnerabilities.

Besides, incomplete security management systems, and ineffective implementation of security policies and procedures make cybersecurity measures inadequate, as inter-departmental collaboration on information security is often difficult while the lack of a unified coordination mechanism affects overall defense effectiveness.

Amid the rising cyber threats, China has a shortage of cybersecurity talents — because it started making efforts to spread cybersecurity education later than many other countries. As a result, its comprehensive planning and top-level design are not up to the level of countries like the United States.

As for the legal and regulatory sectors, they face the challenge of incomplete laws and regulations, and find it difficult to enforce the existing laws. Although China is gradually establishing a cybersecurity legal framework, it needs to improve specific regulations and supporting measures. On the other hand, since cybercrimes can be transnational, traditional global criminal justice cooperation mechanisms are inadequate to deal with them, especially because new global cyber regulations are yet to make significant progress.

Additionally, China faces serious cyber-warfare, blockades and public opinion battles, including organized cyber-attacks and espionage, from certain countries. These countries have also politicized and weaponized social media platforms in order to trigger public opinion wars against China.

China's critical information infrastructure has been under increasing attack, which has disrupted its normal operations and data security. In the era of cybersecurity, informatization and AI, building a harmonious ecosystem, a safe cyberspace and a supportive environment is crucial to tackling the challenges.

Imparting and enhancing public cybersecurity education and training is an important way of raising public awareness about the issue. While improving the cybersecurity talent cultivation system will help produce more high-quality professionals, establishing incentive and restraint mechanisms to reward those who contribute to cybersecurity and/or report vulnerabilities and punishing those involved in cybercrimes will create a deterrent effect.

Continuously strengthening R&D and promoting innovation in cybersecurity technology are also crucial for better safeguarding the information infrastructure.

Furthermore, to improve the legal and regulatory frameworks, China needs to accelerate the formulation and refinement of cybersecurity laws and regulations so it can make clear the rights and obligations of supervisors, and strengthen cybersecurity supervision.

Equally important, China should foster international cooperation and exchanges, continue participating in global cybersecurity cooperation so as to promote fair, reasonable and effective international cyberspace governance rules, and collaborate with other countries and international organizations to address cybersecurity threats. And it should promote the benign and orderly development of cyberspace, strengthen network infrastructure, improve network service quality, and better manage online content to help build a progressive cyber-culture.

The author is director of the Human-Computer Interaction and Cognitive Engineering Laboratory at Beijing University of Posts and Telecommunications.

The views don't necessarily reflect those of China Daily.