国家网络安全审查制度若干法理问题之厘定

Determination on the legal principle issues of national cyber security review system

国家网络安全审查是我国提升网络安全保障能力的创新制度。但限于目前立法的原则性,网络安全审查制度在若干法理问题上还存在诸多争议,亟待予以澄清和修正。在制度概念方面,'信息安全'和'网络安全'并无本质区别,网络安全是信息安全在网络空间中的延伸;在制度独立性方面,网络安全审查与外资并购国家安全审查的审查重点、审查对象和审查内容均有区别,二者不应予以混淆;在制度价值方面,网络安全审查应以'风险控制'作为制度价值;在制度范围方面,网络安全审查应当将'终端产品和服务审查'扩展至整个信息技术供应链,兼顾人员审查和技术审查。

National Cyber security review is an innovative legal system to enhance the ability of cyber security protection. Due to the fuzziness of the current legislation,there are still many disputes on the legal issues of cyber security review system. This paper argues that, between 'information security'and 'cyber security ' there is no essential difference, and cyber security is the extension of information security in the cyber space;cybersecurity review and foreign acquisitions national security review have a lot of difference on review key point,review object and review contents,and they should not be confused;cyber security review should be based on 'risk control'as the value of the system;the scope of cyber security review should extend to the whole information technologysupply chain,including both staff vetting and technical review.