China Gives Police New Powers To Spy On Foreign Firms

Uploaded on 2019-03-17 in INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

Security experts have warned foreign firms operating in China that new laws may give the authorities more power to spy on and censor them.

Issued in November last year were updates to the country’s infamous 2017 Cybersecurity Law, dubbed: Regulations on Internet Security Supervision and Inspection by Public Security Organs.

They give the Ministry of Public Security (MPS) sweeping new powers to conduct remote pen testing and on-site inspections of any company with five or more internet-connected computers, which means virtually every foreign firm operating in the country today, according to Recorded Future.

The MPS is allowed to copy user information and check for vulnerabilities, if necessary using third-party “cybersecurity service agencies” to help them, which will increase the risk of vulnerability discovery and data leaks, the vendor argued. The law also gives the MPS the authority to audit firms for prohibited content, effectively enabling it to act as censor under the auspices of cybersecurity.

“Since the scope of inspections is not limited in these new regulations, Article 16 may also empower MPS officers to access parts of the company’s enterprise not even related to or within territorial China,” the report warned.

“The implications for unlimited remote inspections on the networks of international corporations could be far-reaching and create significant risk for customers and international operations.”

The MPS is also under no obligation to notify an organization when it is under inspection or of the results of that inspection.

The updates to the law come on top of wide-reaching powers granted to the Ministry of State Security (MSS) under the original Cybersecurity Law to conduct ‘national security reviews’ of various firms, the results of which it could use to conduct espionage operations.

Recorded Future urged foreign firms in China to prioritise vulnerability scanning and patch management to prevent state inspectors from “easily gaining unwanted access or escalating privileges.”

“Recorded Future recommends that all international corporations operating in China take measures to evaluate their technology footprint within the country, their evacuation and government relations policies, and their system architecture to minimise the impact of the law and effectively address the worst-case scenario if subjected to an MPS inspection,” it added.

“Altering company system architecture to keep connections between Chinese and international operations as segmented as possible is important to prevent inspections from spilling into corporate networks or databases with no connection to territorial China.

Further, keeping one’s employees safe and informed of the inspections should remain a top priority for companies operating within the country.”

Infosecurity:

You Might Also Read:

China Security Bill Calls for ‘Cyber Sovereignty’:

 

 

« Protecting Personal Data
NATO Agrees Collaboration On Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

Apomatix

Apomatix

Apomatix is a platform that simplifies the complexity of cyber risk audit and management.

Vicarious

Vicarious

Vicarious identify the vulnerabilities in the software without involving the vendor and protect it before the hackers take advantage of it, even in compiled applications.

Future of Cyber Security Europe

Future of Cyber Security Europe

Future of Cyber Security Europe is a European wide event examining the latest cyber security strategies and technologies.

Emsisoft

Emsisoft

Emsisoft protects your devices against all types of malware, ransomware and other threats with no-bloat anti-malware & antivirus solutions.

SEPPmail

SEPPmail

SEPPmail is a patented e-mail encryption solution to secure your electronic communication.

TUV Rheinland Group

TUV Rheinland Group

TUV Rheinland Group is a testing services company with nearly 145 years of technological experience. We help you to protect your systems comprehensively, proactively and permanently.

Inpher

Inpher

Inpher has pioneered cryptographic Secret Computing® that enables advanced analytics and machine learning while keeping data private, secure, and distributed.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

Dasera

Dasera

Dasera’s Radar and Interceptor products deliver visibility, governance, and protection solutions for data-agile companies.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

Lancera

Lancera

Lancera provides growth accelerating Software Development, Web Presence and Cybersecurity Solutions with a focus on customer happiness.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.

Silent Circle

Silent Circle

Silent Circle is the leader in end-to-end enterprise solutions for secure mobile communications.