GB/T 37027-2025 English PDFUS$519.00 · In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 37027-2025: Cybersecurity technology - Criteria for determing network attack and network attack incident Status: Valid GB/T 37027: Historical versions
Basic dataStandard ID: GB/T 37027-2025 (GB/T37027-2025)Description (Translated English): Cybersecurity technology - Criteria for determing network attack and network attack incident Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 26,237 Date of Issue: 2025-02-28 Date of Implementation: 2025-09-01 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 37027-2025: Cybersecurity technology - Criteria for determing network attack and network attack incident---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. GB/T 37027-2025 English version. Cybersecurity technology - Criteria for determining network attack and network attack incident ICS 35.030 CCSL80 National Standard of the People's Republic of China Replace GB/T 37027-2018 Cybersecurity Technology Criteria for determining cyber attacks and cyber attack incidents Released on 2025-02-28 2025-09-01 Implementation State Administration for Market Regulation The National Standardization Administration issued Table of ContentsPreface III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 1 5 Descriptive information elements 2 5.1 Network Attack 2 5.2 Cyber Attack Incidents 2 6 Judgment Condition 3 6.1 Determination Overview 3 6.2 Determination criteria for network attacks 4 6.3 Determination criteria for network attack incidents 6 7 Counting methods 7 7.1 Counting Overview 7 7.2 Count of network attacks 7 7.3 Network attack incident count 7 Appendix A (Informative) Typical Attack Target Types 10 Appendix B (Informative) Typical Network Attack Process 12 Appendix C (Informative) Typical determination methods for network attacks and network attack incidents 14 Appendix D (Informative) Overview of Cyber Attacks and Cyber Attack Incidents 15 Appendix E (Informative) Information elements and counting examples for describing cyber attacks and cyber attack events 16 Reference 18ForewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. This document replaces GB/T 37027-2018 "Information Security Technology Network Attack Definition and Description Specification" and GB/T 37027- Compared with.2018, in addition to structural adjustments and editorial changes, the main technical changes are as follows. a) The definition of cyber attack has been changed (see 3.1, 3.1 of the.2018 edition); b) Added the definition of cyber attack incidents (see 3.2); c) Changed the descriptions of “Attack technical means” and “Security vulnerability types” in “Cyber Attack” (see 5.1, 6.2 and 6.3 of the.2018 version); d) Added information description of network attack incidents (see 5.2); e) Added criteria for determining network attacks (see 6.2); f) Added the criteria for determining network attack events (see 6.3); g) Added counting method for network attacks (see 7.2); h) Added the counting method for network attack incidents (see 7.3). This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260). This document was drafted by. National Computer Network Emergency Technical Processing Coordination Center, National Computer Network Emergency Technical Processing Coordination Center Beijing Branch, China Electronics Standardization Institute, China Mobile Communications Group Co., Ltd., Venusstar Information Technology Group Co., Ltd. Co., Ltd., Antiy Technology Group Co., Ltd., Beijing Changting Technology Co., Ltd., National Industrial Information Security Development Research Center, Guoneng Digital Zhi Technology Development (Beijing) Co., Ltd., Zhengzhou Xindajiean Information Technology Co., Ltd., Beijing Topsec Network Security Technology Co., Ltd. Department of Information and Communications Technology, National Information Center (National E-Government External Network Management Center), China Academy of Information and Communications Technology, Guangdong Provincial Information Security Evaluation Center, National Engineering Research Center for Information Security Common Technology Co., Ltd., Hangzhou Anheng Information Technology Co., Ltd., Beijing Shengxin Network Technology Co., Ltd. Ltd., Qi'anxin Technology Group Co., Ltd., the Sixth Research Institute of China Electronics Information Industry Group Co., Ltd., Beijing Times New Prestige Information Technology Co., Ltd., Jiangsu Junli Huayu Information Security Technology Co., Ltd., Beijing Zhongce Anhua Technology Co., Ltd., China Electronics Technology Network Security Technology Co., Ltd., Beijing Shenzhou Green Alliance Technology Co., Ltd., 360 Digital Security Technology Group Co., Ltd., Hangzhou Deeptech Technology Co., Ltd., the Third Research Institute of the Ministry of Public Security, the Heilongjiang Branch of the National Computer Network Emergency Response Technology Coordination Center, Changan Communications TECHNOLOGY LIMITED. The main drafters of this document are. Yan Hanbing, Rao Yu, Guo Jing, Chen Liang, Zhao Yan, Zhou Yingying, Lu Wei, Xu Jian, Lü Zhiquan, Han Zhihui, Wen Senhao, Wang Huili, Zhu Xuefeng, Xu Yali, Li Yiming, Qiu Qin, Yang Tianshi, Liu Jianan, Yang Kun, Zhang Xiaofei, Niu Yuekun, Liu Weihua, An Gaofeng, Yan Guixun, Dong Hang, Zhen Zhuo, Hu Jianxun, Chen Yanyu, Bian Jianchao, Liu Yong, Zhao Yunlong, Wang Lianqiang, Jin Jianjun, Yan Momo, Cao Xubo, Xiao Yanjun, Geng Guining, Liu Jilin, Tao Yuan, Liu Kun, Zhang Luoshi. The previous versions of this document and the documents it replaces are as follows. ---First published in.2018 as GB/T 37027-2018; ---This is the first revision.IntroductionIn recent years, with the popularization and rapid development of network applications, the methods and forms of network attacks have become more complex and varied, causing great challenges to network security. Serious threat. The determination of cyber attacks and cyber attack incidents involves many factors, including. the difference between cyber attacks and cyber attack incidents; Definition and classification of cyber attacks and network attacks; roles, processes, key technologies, and consequence assessments involved in cyber attacks and network attacks; With the increasing number of cyber attacks and cyber attack incidents, Currently, there is no unified method for determining and counting network attacks and network attack incidents among various organizations, which leads to the fact that the methods used by various organizations to determine and count network attacks are inconsistent. There are large differences in the network attack situation, making it difficult to effectively share and accurately perceive the network attack situation. Therefore, it is necessary to conduct a comprehensive analysis of network attacks and network attack events. More accurate definitions and descriptions, unified classification, judgment and statistical criteria are given to lay a solid foundation for resisting network attacks and improve the network attack situation The perception effect can enhance network security protection capabilities. Cybersecurity Technology Criteria for determining cyber attacks and cyber attack incidents1 ScopeThis document establishes the information elements for describing, determining and counting cyber-attacks and cyber-attack incidents. This document is applicable to guiding organizations in carrying out activities such as monitoring and analysis, situational awareness, and information reporting of cyber attacks and cyber attack incidents.2 Normative referencesThe contents of the following documents constitute essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 20986-2023 Information security technology - Guidelines for the classification and grading of cybersecurity incidents GB/T 30279-2020 Information security technology - Guidelines for the classification and grading of network security vulnerabilities3 Terms and definitionsThe terms and definitions defined in GB/T 20986-2023, GB/T 30279-2020 and the following apply to this document. 3.1 network attacknetworkattack Through information network technology and various means, the security loopholes and security defects in the network are used to interfere with, control, Any behavior that affects the normal operation of the network, such as sabotage, etc., as well as any behavior that endangers data security, such as stealing, abusing, tampering, and damaging network data. 3.2 Network attack incident network attack incident Cyber attack (3.1) A security incident that causes or has the potential to cause business loss or harm.4 AbbreviationsThe following abbreviations apply to this document. APT. Advanced Persistent Threat ARP. Address Resolution Protocol (addressresolutionprotocol) AS. Autonomous system BGP. Border Gateway Protocol DNS. Domain Name System (domainnamesystem) HTTP. Hypertext Transfer Protocol IOC. indicators of compromise IP. Internet Protocol WLAN. Wireless Local Area Network (wireless local area network) ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 37027-2025_English be delivered?Answer: Upon your order, we will start to translate GB/T 37027-2025_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 37027-2025_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 37027-2025_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 37027-2025?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 37027-2025 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
