Published by the China Academy of Information and Communications Technology (CAICT), a think tank under the Ministry of Industry and Information Technology (MIIT), and the China Communications Standardization Association, which operates with MIIT support, this white paper is one of a series DigiChina is excerpting and translating for English-language audiences.
The paper summarizes the increasing prominence of blockchain applications around the world, outlining the global landscape for blockchain security standardization, before offering the section translated by DigiChina below on China’s own evolving efforts. The most concrete insight into Chinese blockchain security regulatory and standardization efforts comes in the paper’s delineation of several official research and standards-setting processes under section (2)(iii) below.
The remainder of the paper, not translated here, lays out a framework for measures on blockchain security that begins with a delineation of layers. Beginning from the bottom, they are: storage layer, protocol layer, development layer, and application layer. The paper then goes into relatively high levels of technical depth, describing specific potential threats to these layers and, in appendices, listing international and Chinese experiences with these challenges. Among the Chinese cases examined are China’s certificate authorities, the cybersecurity firm Qihoo 360, and Tencent.
Watch DigiChina for further white paper translations, and feel free to e-mail DigiChina Coordinating Editor Graham Webster with questions or comments.
Translation: Excerpts from “Blockchain Security White Paper—Technology Application Edition” (2018)
Published by the China Academy of Information Communications Technology (CAICT) and the China Communications Standardization Association (CCSA)
(2) China’s Development and Application(i) China’s technological ecosystem structure roughly identical to that of foreign countries; bright prospects for security-related services
Compared to foreign countries, China’s blockchain work began late in terms of technology development, policy guidance, and other aspects. However, in recent years, blockchain has received a high degree of attention from all walks of life as blockchain and related industries developed rapidly. While sufficiently absorbing foreign experience, China has at the same time actively explored combining blockchain technology with its own experiences. By the numbers, China has a great number of active blockchain projects; it accounts for 85.5% of the total projects in Asia and ranks number one in the world. From the perspective of the overall ecosystem, 55.4% of China’s projects focus on industry applications of blockchain, 31.6% of projects focus on base-level technology, 8.5% on hardware and infrastructure, and 4.5% on security services—overall basically identical to the global technological ecosystem structure.
Despite the fact that China has numerous blockchain enterprises, especially when it comes to industrial applications and the continuous exploration of modes for integrating blockchain with existing industry, there are also many industry scams like “blockchain pyramid schemes,” shanzhai currencies, and air currencies (空气币), as well as general industry chaos caused by false and exaggerated product claims. From the perspective of long-term market standardization and development, these issues need to be urgently addressed. In addition, since China’s blockchain development is focused on exploring industry applications, many blockchain technology developers, platform operators, and users generally have low awareness of security, and the demand for blockchain security products and services still does not have strong momentum [emphasis original throughout]. In small and medium enterprises, teams of entrepreneurs, and other enterprises where employees and other resources are limited, the development and project management personnel often do not have professional blockchain security knowledge and rarely establish professional teams dedicated to security management and technology, i.e. personnel that specialize in security development and control, security testing, security management, and related work. For a number of reasons, China’s blockchain security products and services market has not developed at scale.
As security incidents involving blockchain platforms, applications, and smart contracts increased in recent years, domestic enterprises have begun to pay attention to blockchain security issues. Traditional security enterprises and security teams have gradually begun the roll out of blockchain security, continuously carrying out relevant practices in the areas of probing smart contract vulnerabilities, auditing blockchain product code, and monitoring business security, and thereby raising application security levels and the ability to withstand attacks. Some enterprises and research institutions have also begun exploring application models based on “blockchain + cybersecurity” and are working to tap blockchain’s potential to upgrade data security storage and authentication security.
(ii) Policies focus on technology development and application deployment; guidance on security is beginning to take shape
In recent years, China has repeatedly pushed forward policy and has often stressed the value of blockchain applications at the national level, encouraging the development of blockchain technology and applications. The government first mentioned the need to strengthen basic R&D and advance deployment of strategic frontier technologies like blockchain in the December 2016 13th Five Year Plan for Informatization. During his speech at the 19th Meeting of the Academicians of the Chinese Academy of Sciences (CAS) and the Chinese Academy of Engineering (CAE) in May 2018, General Secretary Xi Jinping made clear the need to strengthen “accelerated breakthrough applications in new-generation information technologies, represented by AI, quantum information, mobile communications, Internet of Things, and blockchain.”
The security issues associated with blockchain have become clear as the technology and applications develop. At the same time, China has also begun to pay attention to blockchain security issues in policy formulation and has strengthened guidance on describing the security threats, constructing a security system, and issuing security response recommendations. In October 2016, MIIT’s Informatization and Software Services Department published the “China Blockchain Technology and Application Development White Paper,” which clearly pointed out that blockchain faces security challenges but also provides coping mechanisms. The report described the security features of blockchain and its shortcoming in terms of physical security, data security, application system security, encryption security, risk control mechanisms, etc. (See Figure 1.7).
