Research and suggestions on scientific data security standards
Scientific data is widely recognized as a strategic resource for research innovation and socioeconomic development.The progress of scientific research benefit from the openness of research resources including scientific data.The supporting role of scientific data for socioeconomic development in good alignment with national security concerns is increasing with the rapid development of trusted environments and tools to share data and IT services for the transition from information to knowledge.How to balance open data and security concerns is an urgent challenge for scientific data governance and services,among which,the construction and implementation of scientific data security standards is the core and outstanding weakness.This paper reviews the essential attribute of scientific data—An objective record of human scientific activities and discoveries,and the research achievements on new challenges and characteristics of scientific data security in recent years,especially in combination with the actual challenge of massive data loss to foreign countries in the current complex international situation.The authors propose the basic characteristics of scientific data security,including the data supply chain security in the global research ecology,the balance between data security and open data,traditional data security baseline threaten by the advanced new technology and the diversification of data sources,and the new security challenge on data fusion from multi-sources data.This paper definites scientific data security as the state of effective protection and compliant utilization of scientific data with the full protection of data security and privacy,social public interests,legitimate rights and so on.To meet the global trend of open science data and data security concerns,this paper proposes a basic framework of data security that covers the full life cycle dimension of scientific data and the security dimension which includes confidentiality,availability,integrity,traceability,controllability and non-repudiation,and the life cycle model conforms to the national"Measures for the Management of Scientific Data",which includes data collection,data storage,data processing,data transmission,data services and open sharing.This paper also puts forward a basic standard which is named general requirements for security management of scientific data,and this standard mainly specifies some requirements from the security dimension and the life cycle dimension,and the requirements include security management,life cycle security,and physical security of computer,storage media and its'environment,such as building,pickproof,waterproof and so on.In the classification standard for scientific data security,a three-dimensional classification of security,subject,and data stage is given,and the 4-level security model is determined based on the degree of damage to the affected objects of scientific data when the security attributes of scientific data are damaged,and in this standard open sharing of scientific data is clearly defined as an important level of 4-level security model.Finally,the article proposes some suggestions for scientific data security.In 2021,The UNESCO Recommendation on Open Science was released,which marks the official rise of the global Open science movement,and scientific data is one of the core knowledge resources.The research communities of China support the open sharing of scientific data to meet UNESCO Recommendation,and as practitioners of data centers actively participate in discussions and actions to ensure scientific data security and privacy through better data services or platforms with advanced technology.Scientific data security is a complex and comprehensive task that involves improper behavior by researchers or security challenges brought about by information technology,and these challenges require sufficient attention and further in-depth discussion.
scientific datascientific data securitystandard frameworkstandard systemdata security classification
廖方宇、胡良霖、王健、王志强、甘杰夫
展开 >
中国科学院计算机网络信息中心,北京 100083
国家基础学科公共科学数据中心,北京 100083
广州物联网研究院,广州 511456
中国农业科学院农业信息研究所,北京 100081
国家农业科学数据中心,北京 100081
中国标准化研究院,北京 100181
中国网络安全审查技术与认证中心,北京 100013
展开 >
scientific data scientific data security standard framework standard system data security classification
NETL
NSTL
万方数据
