11月27日下午，在2021亚洲青年领袖论坛“科技创新与智慧城市”主题论坛中，360集团总裁张备发表了题为《数字化时代的网络安全新挑战》的主旨演讲。

原文如下：

尊敬的各位领导、各位青年朋友：

大家下午好！

非常高兴，也非常荣幸出席这样一次论坛，今天结交了很多新朋友，也听到了很多新的想法，受到了很多启发。我是360集团的总裁张备。

当今世界百年的变局和新冠疫情的交织，对各国的经济发展、社会民生还有社会的治理提出了前所未有的挑战。同时我们看到，它积极的一面是大大地促进了整个国家和社会的数字化的转型，这一点在我们中国体现得尤为明显，各行各业从智慧化、智能化，再到数字化，不断地提速和迭代。

我们看到一个统计数据，2020年，中国数字经济的规模已经达到了41.36万亿元，占GDP的比重已经上升到40.7%，那么北京和上海在2020年数字经济的比重已经超过了50%。我们看到当数字化成为经济社会的主要趋势时，数字安全、数据安全的问题就成了关键的少数问题。在带来美好、便捷生活的同时，网络攻击的危害也放大了千百倍，随时可能发生难以预料的“黑天鹅事件”。因为我们看到在数字化的时代有三个特征：第一是一切皆可编程，第二是万物均要互联，第三是大数据驱动业务，这里面就蕴含着新的数字安全的脆弱性。

所谓一切皆可编程，意味着将来的世界，我们现在经常说的元宇宙，就是一个软件定义的世界，这里面的漏洞是无处不在的，没有攻不破的网络。

万物互联，意味着在原来虚拟的世界的攻击能够转化为物理世界的伤害。企业上云、工业互联网、车联网、物联网的普及带来网络边界的模糊，传统的隔离或者是网络防火墙等解决方案已经完全失效。

大数据驱动业务，意味着数据的安全变得前所未有的重要，数据成为新的攻击对象，直接攻击大数据将导致很多业务停摆。

所以我们说，当元宇宙的明天即将到来的时候，数字技术开始全面融入到我们的社会生活，安全风险也随着进入到所有的场景，包括我们的关键基础设施、工业生产、能源、交通、医疗、金融以及城市和社会治理等，也深刻地影响到国家的安全、社会的安全、经济的安全乃至人身的安全。而这些安全的新场景面临的不再是过去的简单安全问题，而是前所未有的复杂的挑战。

我们认为这其中的大数据安全、云安全、物联网安全、新终端安全、网络通信安全、供应链安全还有应用安全将是数字时代的七大基础性安全问题。可以说，我们从计算机安全时代进入到网络时代，网络安全时代又全面升级为数字化安全时代。如果把未来数字化的世界比作一个“木桶”，那么IOT、人工智能、5G、边缘计算等等技术都是这个桶的“边”，而安全是这个桶的“底”，桶中的“水”，就是数字经济和数字化生活的各种应用场景。如果这个底座不能得到保证，那么一滴水也打不上来，再多的美好设想，都只能是一场空。所以说数字安全，已经成为“数字化的底座”。

我们看到技术总是有两面性的，对风险既不能视而不见，也不能因噎废食，技术的问题是可以用技术的方法来解决的。面对复杂的安全挑战，更要立足系统性的思维去化解这些安全的问题。那么回望来路，360公司一直专注于实战化安全能力的培养，走出了一条不同于传统网络安全的新的路子。在计算机安全时代，我们推出了杀毒、安全卫士等多款国民级的产品，提升了中国全民计算机安全水平。依托“以安全支撑互联网、以互联网反哺安全”的独特商业模式，这十几年累计投入2000多亿元，培养和造就了一支200人以上的顶尖网络攻防的团队。

昨天我们看到一个新闻，中国排名前十的互联网公司，360在其中，同时我们也是这十家互联网企业里面唯一的一个数字化安全公司。在网络安全时代，我们意识到，只有汇聚全网、全维和全时空的安全数据，才能从大数据中建立起对攻击行为的全局视角。因此，我们利用常年处于攻防一线收获的世界规模最大的安全大数据和攻击样本库，分析提炼形成了全球独有的网络攻击知识库，建立了以安全大数据分析为核心的云端安全大脑，形成了强大的网络空间预警能力，解决了“看得见”高级攻击的难题。

今天，我们展望未来，在数字化安全时代，为了解决数字化复杂安全挑战，我们重塑网络安全，形成了对数字化的新战法、新框架、新技术和新能力，打造数字化安全能力新体系。新战法就是安全体系和数字体系相融合，攻防能力和管控能力相融合，核心就是要汇聚全网数据，建立全局视角，集中分析，达到攻防兼备、内外兼修的效果。同时，以新战法为指导，构建以安全大脑为核心的安全能力框架，包括攻击面防御、资源面管控、数据运维、专家运营等4大类基础设施。那么，新技术是我们多年来积累的为解决数字化安全挑战不断探索形成的原创技术和核心的技术专利。基于这些安全能力框架，构建一套可持续运营、可迭代成长的安全新能力，应对复杂的安全挑战和各种数字化场景的支撑。

目前，360的这套安全能力体系已经在重庆、天津、上海、苏州等10多个城市落地，也与90%的国家部委、80%的央企、95%大型金融机构和所有的电信运营商开展了网络安全的合作。我们衷心希望通过自己的实践和努力，能够让这个世界在迈向数字化的进程中更美好、更安全！ 

谢谢大家！


On 28 November, Zhang Bei, President of 360 Group, delivered a keynote speech titled “New Challenges of Cyber Security in the Digital Age” at the Technology Innovation and Smart City Forum of the Asia Youth Leaders Forum 2021.

The full speech is as below.

Distinguished leaders and young friends,

Good afternoon! It is a great pleasure and honor to be here at this forum. I've made a lot of new friends and heard a lot of new ideas today, which are quite inspiring. I'm Zhang Bei, President of 360 Group.

The dramatic changes over the century combined with the COVID-19 pandemic have posed unprecedented challenges to the economic development, livelihoods, and governance of societies, while at the same time we have seen the positive side of it, which is that it has greatly contributed to the digital transformation of entire countries and societies, especially in China. Every industry is changing from being smart and intelligent to being digital. The pace of this iterating process is becoming faster.

Statistics show that in 2020, the volume of China's digital economy reached 41.36 trillion yuan, accounting for 40.7% of GDP. In Beijing and Shanghai, the digital economy accounted for over 50% of the local economy in 2020. As we see, when digitalization becomes a major trend in the economy and society, digital security and data security will be two of the few key issues. Though digitalization makes our life today better and more convenient, the danger of cyberattacks has also been magnified a thousand times, and unpredictable "black swan events" could occur at any time. We see that the digital age has three characteristics: first, everything is programmable; second, all things are interconnected; third, big data drives business. That means arising vulnerabilities for digital security. The so-called “everything is programmable” means the world of tomorrow, like the oft-mentioned metaverse, will be a software-defined world. There are loopholes everywhere. There is no network that can't be cracked. All things are interconnected, and an attack in the virtual world can convert into real harm in the physical world. The popularization of cloud technology among enterprises, industrial Internet, Internet of Vehicles, and Internet of Things blurs the boundary of online networks. Traditional isolation and network firewalls don't work anymore. In terms of big data-driven business, data security has never been more important. Data becomes a new target of attack. Directly attacking big data can paralyze many businesses. So, we say, when the tomorrow of metaverse is approaching, digital technology is beginning to be fully integrated into our lives. Accordingly, security risks will emerge in all scenarios in terms of infrastructure, industrial production, energy, transportation, healthcare, finance, urban and social governance, etc., which bring profound impact to national security, social stability, economic security, and even personal safety. These new scenarios are no longer faced with simple security issues of the past, but with unprecedented and complex challenges. We believe that the seven fundamental security issues of the digital age are big data security, cloud security, IOT security, new terminal security, network communication security, supply chain security, and application security. It can be said that we have shifted from a computer-security age to a network-security age and now to a sheer digital-security age. If the future digital world is compared to a "barrel", IOT, Artificial Intelligence, 5G, edge computing, and other technologies will be the "staves" of the barrel, and safety is the "base", whereas "water" in the barrel is the application scenarios for the digital economy and digital life. If the base cannot be guaranteed, then it cannot hold a drop of water. No matter how great a vision is, all will be in vain. That’s why digital security has become the "base of digitalization".

We see technology always has two sides. Neither can we turn a blind eye to risks, nor can we abandon technology just because of these risks. Technological issues can be solved by technological solutions. Faced with complex security challenges, we need to solve arising security issues with a systematic outlook. Looking back on the path we've taken, we have always focused on the security capabilities in practice, embarking on a new path different from those taken by traditional network security enterprises. In the age of computer security, we launched a variety of popular products such as 360 anti-virus, 360 security guard, and so on, which have improved the level of computer security for everyone in China. With the unique business model of "supporting the Internet with security and ensuring security with the Internet", and with a cumulative investment of over 200 billion yuan over the past decade, we have cultivated a top cyberattack defense team with more than 200 members. Yesterday we saw a piece of news. We are among China's top 10 Internet companies, and we are the only digital security company among those top 10 Internet companies. In the era of network security, we realize that only by aggregating the security data of the whole network from all dimensions across time and space can we adopt a holistic approach to study attack behaviors. Therefore, we have the world's largest security big data and sample database of cyberattacks from our experiences in dealing with security issues. After analysis, we've established a globally unique knowledge base of cyberattacks, and set up a cloud-based security brain with big data analysis as its core. All these will develop a powerful early warning capability in cyberspace, thus dealing with "visible" advanced attacks.

As we look to the future, if we want to solve the complex security challenges of digitalization in the era of digital security, we have to reshape network security; develop a new strategy, new frameworks, new technologies, and new capabilities for digitalization; and create a new system of digital security capabilities. As for the new strategy, we have integrated security systems and digital systems, offensive and defensive capabilities, and control capabilities. The key is to gather data from the whole network, establish a global perspective, and centralize analysis to achieve both offensive and defensive as well as internal and external results. Guided by this new strategy, we've built a security capability framework with the security brain as its core and four major types of infrastructure including attack defense, resource management, data maintenance, and expert operation. As for new technologies, in order to address digital security issues over these years, we've made efforts to develop innovative technologies and obtained core technology patents. Based on security capability frameworks, we could develop a system with new capabilities that can be operated sustainably and grow continuously to address complex security challenges and support various digital scenarios. At present, our security capability system has landed in more than 10 cities, including Chongqing, Tianjin, Shanghai, and Suzhou. We've also cooperated with 90% of the national ministries and commissions, 80% of state-owned enterprises, 95% of large financial institutions, and all telecom operators on cyber security. We sincerely hope that through our expertise and efforts, we can help create a better and safer world on our march towards the era of digitalization. 

Thank you!