隨著經濟社會的快速發展,服務外包成為眾多單位最佳化資源配置、提升運營效率的重要手段。對於涉密機關、單位而言,服務外包在帶來便利的同時,也暗藏著失洩密隱患。
▌疏於管理釀大案
某重要涉密單位長期將辦公樓物業管理外包給某物業服務公司運營,並未對該公司開展必要的保密監管。該公司保潔人員段某為滿足個人私慾主動聯絡境外間諜情報機關,後經指使借從事保潔服務之機,透過盜取、偷拍等方式為境外間諜情報機關提供1項機密級、2項秘密級國家秘密及其他6項情報,造成重大失洩密,危害我國家安全。
A key secret-related unit outsourced its office building management to a property service company without necessary security oversight.The cleaning staff member surnamed Duan employed by the property service company, in order to satisfy personal desires, actively contacted foreign espionage intelligence agencies. Under the spies' instructions, Duan stole and secretly photographed documents, providing one classified-level and two confidential-level state secrets, along with six other intelligence items, to the foreign intelligence agencies. This resulted in a significant leak of confidential information, posing a serious threat to national security, according to China's Ministry of State Security (MSS).
▌審查不嚴有隱患
有關部門在工作中發現,有網民在文庫類網站出售5份涉密檔案。經查,某公司不具備涉密檔案數字化資質,騙取多個機關單位檔案管理部門信任後,承包檔案資料數字化業務。該公司員工蔣某利用工作便利,先後竊取、複製檔案資料中幾十份涉密檔案並帶回家中,為謀取私利,又將其中幾份放在網際網路上出售,致使國家秘密洩露。
In another case, authorities found that a netizen was selling five classified documents on a document-sharing website. Upon investigation, it was found that the company involved did not possess the qualifications for the digitization of classified archives. But the company deceived multiple government agencies' archive management departments and contracted to handle the digitization of archive materials, according to the MSS. An employee from the company, surnamed Jiang, stole and copied dozens of classified documents from the archives and brought them home. In pursuit of personal gain, Jiang then posted several of these documents online for sale, leaking state secrets, said the MSS.
▌合圍拉攏遭攻陷
小李是某郵件系統廠家運維人員,具備遠端管理賬號和系統管理員賬號許可權,負責為客戶的郵件系統提供技術支援。為圖方便,小李經常在個人電腦上記錄甲方客戶的賬號密碼和系統管理員賬號密碼。
境外間諜情報機關利用開源情報資訊鎖定了小李運維人員身份,並對小李的電腦進行了網路攻擊,竊取了其電腦中的客戶賬號密碼資訊,進而透過網路跳板,對上千家重點要害部門郵件系統實施竊密,獲取了大量重點要害部門內部郵件資料,造成了嚴重的現實危害。
Li is an operations and maintenance staff member at an e-mail system manufacturer, who has remote management and system administrator account privileges and is responsible for providing technical support for clients' e-mail systems, said the MSS. Li often records client account passwords and system administrator passwords on a personal computer for convenience.The overseas espionage intelligence agencies targeted Li and launched a cyberattack on Li's computer, stealing the clients' account password information stored on it. They then used the information to conduct espionage on the e-mail systems of more than 1,000 key departments through network pivots, obtaining a large amount of internal e-mail data from these critical departments, according to the MSS.
服務外包中的失洩密隱患不容忽視,涉密機關、單位必須時刻保持警惕,加強管理和防範,確保國家秘密安全。
The MSS warned that potential leaks in service outsourcing must not be overlooked. Confidential agencies and institutions must maintain constant vigilance, strengthen management and preventive measures to ensure the security of state secrets.
夯實責任防風險。涉密機關、單位應夯實保密管理主體責任,明確“發包”部門監管責任,簽署協議時應在外包協議中明確自身的保密監管權力和承包方的保密管理義務。
強化監督堵漏洞。涉密機關、單位應會同承包方建立健全各項規章制度和安全操作規範,並採取切實有效的措施確保落實到位。應積極構建人防、物防、技防“三位一體”安全防護體系,多措並舉,築牢安全保密防線。
加強教育保安全。涉密機關、單位應落實上崗審查要求,加強對服務外包人員的背景審查,確保其具備相應的專業技能和從業資格。
來源:國家安全部 環球時報
推 薦 閱 讀
