China Has A 3-Year Plan For Cyber Security

China has published an administrative regulation on major IT infrastructure security, which will take effect from September.

In a related initiative, the Chinese authorities have released a three-year draft plan for the cyber security sector, aiming to create a nearly $39 billion market for an increasingly crucial part of China's broad efforts to strengthen data protection and ensure continued growth of the platform economy.

The regulation stipulates that key IT infrastructure projects, which refer to IT network facilities and information systems of major industries in key areas, will come under the country's special protection.

The country’s Ministry of Industry and Information Technology (MIIT) released the draft of its most detailed strategy yet for the development of China’s cyber security industry for public comment, mandating that key industries, including the telecommunications sector to  devote 10 per cent of their IT upgrade budget to cyber security by 2023.

Measures including monitoring, defense, and proper handling of cyber security risks and threats from both home and overseas will be carried out so as to ensure that relevant facilities are protected from attacks, intrusions, interference and sabotage.

The regulation came as the country's major IT infrastructure faces severe security challenges including frequent cyber attacks, according to a State Council statement.

The regulation also called on operators of major IT infrastructure projects to bear their primary responsibility of maintaining the integrity, confidentiality and availability of relevant data. Requirements for these operators include conducting security checks and risk assessments every year, and prioritising safe and creditable internet products and services in procurement.

Personal information and important data collected and produced by the operators during their operations within the Chinese mainland should be stored in the mainland, the regulation said, adding that security assessments will be necessary for business needs of providing such data overseas.

China's cyberspace authority last month solicited public opinion for a draft revision to the country's cyber security review regulations.

According to the draft revision, information infrastructure and data operators that possess over 1 million items of personal information shall be subject to cybersecurity review before seeking a listing abroad. Risks such as critical information infrastructure, core data, important data, or a large amount of personal information being influenced, controlled, or maliciously used by foreign governments after going public overseas will be evaluated in the review.

Last month, authorities launched a rigorous cyber security review by a joint team of regulators on the ride-hailing company DiDi Chuxing.Observers believe that efforts to balance development and security have become a major issue facing the country's digital and internet industries.

The cyber security related industry in China reached 170.2 billion Yuan (26.2 billion US dollars) in scale in 2020, according to the latest report issued at this year's China Internet Conference. Strengthened governance will provide a healthier environment for the development of the Internet sector with an emphasis on national security and user protection.

Global Times:      SCMP:    BigNewsNetwork:     Illinois News:    Taylor&Francis:   

Shanghai Image: Unsplash

You Might Also Read: 

EU & NATO Agree To Confront The Chinese Cyber Threat:

 

« Hackers Steal $100m From Japanese Cryptocurrency Exchange
Social Media Tries To Protect Afghan Users »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Trend Micro

Trend Micro

Trend Micro is a leader in hybrid cloud, endpoint, and network security solutions.

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

ICS2

ICS2

ICS² is the first cyber security company focusing on protecting the control system of power, oil, gas, and petrochemicals plants.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

Subex

Subex

Subex leverages its award-winning telecom analytics solutions in areas such as Revenue Assurance, Fraud Management, Asset Assurance and Partner Management, and IoT Security.

SKKU Security Lab (seclab)

SKKU Security Lab (seclab)

SKKU Security Lab supports research and education in information security engineering. The lab is a part of the College of Software, Sungkyunkwan University.

Valtori

Valtori

Government ICT Centre Valtori provides sector-independent ICT services for the central government, while taking into account the special requirements related to security and preparedness.

Drootoo

Drootoo

Drootoo is transforming businesses and making them high performing entities with its unified cloud platform.

Spin Technology

Spin Technology

SpinOne is a SaaS data protection platform designed to monitor, secure, and back up your G Suite and O365 data, improve compliance, and reduce IT costs.

Norma Inc.

Norma Inc.

Norma provides the secured wireless environment (WiFi and Bluetooth) with the unauthorized AP detection, and secures your IoT assets from various threats.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.

Iconium Software

Iconium Software

DataLenz by Iconium offers continuous and real-time tracking of your data assets delivering you the tools you need to successfully reach and maintain your target security standards.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

Prompt Security

Prompt Security

Prompt Security provides an LLM agnostic approach to ensure security, data privacy and safety across all aspects of Generative AI.