China News, April 23 According to the WeChat public account of the Ministry of National Security, resource development, technological progress, and data flow are all deeply embedded in the invisible network of the industrial chain and supply chain. The security of the industrial chain and supply chain is related to the overall national economic security and high-quality development. In recent years, overseas espionage and intelligence agencies have become increasingly covert, professional, and systematic in their efforts to penetrate, sabotage, and steal secrets from my country's industrial and supply chains, posing a serious threat to my country's economic security, technological security, and data security.

The Bourne Supremacy in the Industrial and Supply Chains

——"Insider leaks" of semiconductor technology. Core technology is the "vital gate" of the industrial chain and is also a key target for criminals. Public cases show that Zhang, a former engineer at a domestic semiconductor company, violated confidentiality obligations after leaving his job and illegally provided core production processes and other trade secrets to overseas organizations. The outflow of process parameters and design drawings of core technologies will not only waste several years of R&D investment by companies, but may also weaken my country's voice in the global semiconductor industry chain. In the end, Zhang was severely punished by the law.

——"Parasite theft" of data resources. Data is the blood of the digital economy, and its supply chain security is related to the core competitiveness of the industry. Public cases show that a domestic company used technical means to parasitize the system of an e-commerce platform, stealing more than one million pieces of business data every day and illegally making tens of millions of yuan in profits. This behavior is not a simple commercial infringement, but an organized and industrialized data theft in an attempt to hollow out the platform's core business resources and destroy a healthy data ecology. In the end, the relevant persons involved were severely punished by law.

——"Confidential extraction" of key mineral information. Rare earths are strategic resources related to high-end manufacturing and national defense industry. Overseas countries have long paid close attention to the relevant procurement and storage situation, and have tried every means to obtain our internal data. Public cases show that an overseas non-ferrous metal company used its Chinese employee Ye Moumou to induce Cheng Mou, the deputy general manager of a domestic rare earth company, with money. In order to seek personal gain, Cheng violated regulations and illegally provided seven confidential state secrets in his possession, including the category, quantity, and price of my country's rare earth collection and storage, to overseas countries. In the end, both Ye and Cheng were severely punished by the law.

"Protective Countermeasures" for the Industrial Chain and Supply Chain

Faced with the severe and complex security situation of the industrial chain and supply chain, single-link repairs or passive responses are no longer able to cope, and a scientific and efficient protection system should be built.

——Strict hardware management. Strictly control access to key hardware such as chips, servers, and industrial control equipment, and implement supplier security review and traceability management; comprehensively inspect and disable equipment with security risks, establish supplier access and dynamic management mechanisms, and prevent people with ulterior motives from implanting secret-stealing devices and pre-installing spy firmware in hardware.

——Strict software management. Strengthen security management and control of software, open source components, and cloud services, conduct code audits and vulnerability inspections, and prevent malicious code and backdoor implantation. Strictly manage the full life cycle of confidential and sensitive data, core technologies, and commercial secrets, implement minimum permissions, end-to-end encryption, and cross-border data security assessment, and strictly prevent data theft, tampering, or illegal export.

——Strict personnel management. Implement anti-espionage security prevention responsibilities, conduct background checks and confidentiality training for key personnel, and strictly prohibit the processing of confidential information on non-confidential equipment. Standardize foreign-related cooperation, outsourcing, and outsourcing management, and prevent overseas espionage and intelligence agencies from stealing confidential and sensitive information through solicitation, instigation, and profit temptation.

Maintaining the security of the industrial chain and supply chain is not a "one-man show" for the government and enterprises. It is everyone's responsibility and everyone can do something. The whole society, especially practitioners in related industries, must be more vigilant, enhance their awareness of confidentiality and the concept of the rule of law, and build a solid national security defense line. If you find suspicious situations that endanger the security of our industrial chain and supply chain, you can report it through the 12339 national security agency report acceptance hotline, the online report acceptance platform (www.12339.gov.cn), the Ministry of National Security WeChat official account report acceptance channel, or directly to the local national security agency.