Chinese National Vulnerability Database

Last updated
China National Vulnerability Database
国家信息安全漏洞库
Chinese National Vulnerability Database logo.png
Agency overview
Formed18 October 2009;14 years ago (2009-10-18)
TypeCybersecurity Agency
Jurisdiction Mainland China
HeadquartersBuilding 1, No. 8 Courtyard, Shangdi West Road, Haidian District, 100085 Beijing, China
EmployeesClassified
Annual budgetClassified
Parent department Ministry of State Security
Website www.cnnvd.org.cn OOjs UI icon edit-ltr-progressive.svg

The Chinese National Vulnerability Database (CNNVD) is one of two national vulnerability databases of the People's Republic of China. It is operated by the China Information Technology Security Evaluation Center (CNITSEC), the 13th Bureau of China's foreign intelligence service, the Ministry of State Security (MSS). [1] [2] As of September 28, 2020, the database has 117,454 vulnerabilities cataloged with the first entry dated January 1, 2010. [3]

Contents

Organization

The organization is operated by the China Technology Evaluation Center (中国信息安全测评中心; Zhōngguó Xìnxī Ānquán Cèpíng Zhōngxīn, known in English as CNITSEC), which is a subsidiary office of the MSS, making the organization closely linked to the Chinese intelligence apparatus. [4] According to its official website, CNNVD performs "analysis and information communication of security vulnerabilities of information technology products and systems; security risk assessment of information networks and important information systems of party and government organs; safety testing and evaluation of information technology products, systems and engineering construction; competency assessments and qualification reviews for information security services and professionals; theoretical research, technology research and development and the development of standards" [5]

The agency has been criticized as a trojan horse manipulated by Chinese intelligence in order to take advantage of vulnerabilities in order to wage cyberwarfare against foreign targets.

According to Boston based cybersecurity firm Recorded Future, the MSS evaluates all submitted vulnerabilities before releasing them in order to determine if they can be used for the purposes of cyber-espionage; according to researchers this was demonstrated through extensive backdating of vulnerabilities. [6]

Related Research Articles

<span class="mw-page-title-main">University of International Relations</span> Public university in Beijing, China

The University of International Relations is a national public university in Beijing, China.

<span class="mw-page-title-main">.cn</span> Internet country-code top level domain for the Peoples Republic of China

.cn is the country code top-level domain (ccTLD) for the People's Republic of China. Introduced on 28 November 1990, the domain is administered by China Internet Network Information Center, a public institution affiliated with the Ministry of Industry and Information. The domain is the largest ccTLD in the world.

National Key Universities previously referred to universities recognized as prestigious and which received a high level of support from the central government of the People's Republic of China. The term is no longer in official use by 1990s. The term "zhòngdiǎn" 重点, translated here as "key," in this phrase can also be translated as "major," "priority," or "focal." The term "National Key Universities" then became defunct, and these schools are now normally referred to as "Double First Class Universities“, based on the China state Double First Class University Plan. However, it remains part of the vernacular, as evidenced by some Chinese media articles which still refer to "National Key Universities".

Geographic Information Systems (GIS) are an increasingly important component of business, healthcare, security, government, trade, media, transportation and tourism industries and operations in China. GIS software is playing an increasing role in the way Chinese companies analyze and manage business operations.

The 1995 Wuding earthquake occurred on October 23, 1995, at 22:46 UTC. The epicenter was located near Fenduo Village (芬多村), Fawo Township (发窝乡) of the Wuding County, Yunnan, China. The magnitude of the earthquake was put at Mw 6.2, or Ms 6.5. Fifty-three people were reported dead and 13,903 injured. Many houses and public buildings were damaged, including the Fawo Middle School (发窝中学) and the Fawo Township Office. This earthquake could be felt in southwestern Sichuan.

<span class="mw-page-title-main">Yantai Penglai International Airport</span> Airport in Shandong, China

Yantai Penglai International Airport is an international airport serving the city of Yantai in East China’s Shandong province. It is located 43 kilometres (27 mi) from the city center, near the Chaoshui town in Penglai District, a district in Yantai city.

The new areas or new districts of the People's Republic of China are new urban districts that are given special economic and development support by the Chinese Central Government or regional government. New areas are divided into two varieties: administrative or management and further divided into levels: state-level, provincial-level, and prefectural-level.

Bofan is a town in northeastern Hubei province, China, located just north of G70 Fuzhou–Yinchuan Expressway and under the administration of Anlu City, the centre of which lies 21 kilometres (13 mi) to the southeast.

<span class="mw-page-title-main">Li Keqiang Government</span> Chinese government headed by Premier Li Keqiang

The Li Keqiang Government was the Central People's Government of China from 15 March 2013, when Premier Li Keqiang took office, until March 2023. It succeeded the Wen Jiabao government. Premier Li is ranked only second to Party general secretary Xi Jinping among 7 members of the 18th and 19th Politburo Standing Committee, top decision-making body of the Chinese Communist Party (CCP).

<span class="mw-page-title-main">Chen Wenqing</span> Chinese politician

Chen Wenqing is a Chinese intelligence officer, politician and member of the Politburo of the Chinese Communist Party who currently serves as the secretary of the Central Political and Legal Affairs Commission. He previously led the Ministry of State Security.

Huai Jinpeng is a Chinese computer scientist and politician. He is the current Minister of Education, party secretary of the China Association for Science and Technology (CAST) and an academician of the Chinese Academy of Sciences.

He Dequan is a Chinese engineer specializing in information security. He is an academician of the Chinese Academy of Engineering (CAE) and serves as deputy director of the Advisory Committee for State Informatization (ACSI).

<span class="mw-page-title-main">Cybersecurity Law of the People's Republic of China</span> Law of China

The Cybersecurity Law of the People's Republic of China, commonly referred to as the Chinese Cybersecurity Law, was enacted by the National People’s Congress with the aim of increasing data protection, data localization, and cybersecurity ostensibly in the interest of national security. The law is part of a wider series of laws passed by the Chinese government in an effort to strengthen national security legislation. Examples of which since 2014 have included a Law on National Intelligence, the National Security of the People’s Republic of China and laws on counter-terrorism and foreign NGO management, all passed within successive short timeframes of each other.

OneConnect Financial Technology Co., Ltd. is a technology-as-a-service platform for financial institutions. The company was listed on the New York Stock Exchange in 2019. OneConnect is an associate of Ping An Group.

<span class="mw-page-title-main">Lu Li'an</span> Chinese professor and politician

Lu Li'an is a scholar of British literature, professor at Fudan University, and president of the Shanghai Taiwan Compatriots Friendship Association. Born in Taiwan, she moved to mainland China in 1997 to teach at Fudan University in Shanghai and became a citizen of the People's Republic of China (PRC). In 2017, she was a delegate to the 19th National Congress of the Communist Party of China, and the same year, the Republic of China (ROC) government revoked her registered residency in Taiwan.

Liu Yanping is a Chinese politician who served as vice minister of Public Security between 2013 and 2015. From 2015 onwards he served as the secretary of the Central Discipline Inspection Committee within the Ministry of State Security (MSS). In March 2022 Chinese state media reported that Liu had been placed under investigation by the CCDI for "violations of law and party discipline". He is the 12th high-ranking official in China to be targeted by China's top anticorruption watchdog in 2022. Liu crossed paths with Li Dongsheng, Meng Hongwei and Fu Zhenghua, and was known to be a close ally of Sun Lijun.

The Internet real-name system in China is a real-name system in which Internet service providers and Internet content providers in the People's Republic of China are required to collect users' real names, ID numbers, and other information when providing services. Since the implementation of the real-name system on the Internet may lead to the infringement and narrowing of the constitutionally protected speech space of Internet users, it has attracted concerns from all sides and generated much controversy in Chinese society. Only a few countries in the world, such as South Korea, have implemented a real-name system on the Internet.

The China Information Technology Security Evaluation Center is the cover identity of the 13th Bureau of the Ministry of State Security, the information technology component of China's civilian spy agency which houses much of its technical cyber expertise. The bureau manages much of the conduct of cyberespionage for the agency, and provides aid to the many advanced persistent threats (APTs) run directly by the agency, by its semi-autonomous provincial State Security Departments (SSD) and municipal State Security Bureaus (SSB), and by contractors. In support of provincial state and party leadership, the bureau also runs its own semi-autonomous provincial Information Technology Security Evaluation Centers (ITSEC) in collaboration with provincial counterparts. In the past these ITSECs have been identified collaborating with APTs run by provincial state security units. The bureau also manages the Chinese National Vulnerability Database (CNNVD), where it has been found to selectively suppress or delay public reporting of certain zero-day vulnerabilities.

References

  1. "国家信息安全漏洞共享平台". www.cnvd.org.cn. Retrieved 2020-09-29.
  2. Sass, Rami (2019-01-16). "Not all National Vulnerability Databases are created equal". IT Pro Portal. Retrieved 2019-06-03.
  3. "国家信息安全漏洞共享平台". archive.vn. 2020-09-29. Archived from the original on 2020-09-29. Retrieved 2020-09-29.
  4. "China's Ministry of State Security Likely Influences National Network Vulnerability Publications". www.recordedfuture.com. Retrieved 2022-08-14.
  5. "国家信息安全漏洞库". www.cnnvd.org.cn. Retrieved 2022-08-14.
  6. "China's national vulnerability database is merely a tool for its intelligence agencies". CyberScoop. 2018-03-09. Retrieved 2022-08-14.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.