China Has A 3-Year Plan For Cyber Security

China has published an administrative regulation on major IT infrastructure security, which will take effect from September.

In a related initiative, the Chinese authorities have released a three-year draft plan for the cyber security sector, aiming to create a nearly $39 billion market for an increasingly crucial part of China's broad efforts to strengthen data protection and ensure continued growth of the platform economy.

The regulation stipulates that key IT infrastructure projects, which refer to IT network facilities and information systems of major industries in key areas, will come under the country's special protection.

The country’s Ministry of Industry and Information Technology (MIIT) released the draft of its most detailed strategy yet for the development of China’s cyber security industry for public comment, mandating that key industries, including the telecommunications sector to  devote 10 per cent of their IT upgrade budget to cyber security by 2023.

Measures including monitoring, defense, and proper handling of cyber security risks and threats from both home and overseas will be carried out so as to ensure that relevant facilities are protected from attacks, intrusions, interference and sabotage.

The regulation came as the country's major IT infrastructure faces severe security challenges including frequent cyber attacks, according to a State Council statement.

The regulation also called on operators of major IT infrastructure projects to bear their primary responsibility of maintaining the integrity, confidentiality and availability of relevant data. Requirements for these operators include conducting security checks and risk assessments every year, and prioritising safe and creditable internet products and services in procurement.

Personal information and important data collected and produced by the operators during their operations within the Chinese mainland should be stored in the mainland, the regulation said, adding that security assessments will be necessary for business needs of providing such data overseas.

China's cyberspace authority last month solicited public opinion for a draft revision to the country's cyber security review regulations.

According to the draft revision, information infrastructure and data operators that possess over 1 million items of personal information shall be subject to cybersecurity review before seeking a listing abroad. Risks such as critical information infrastructure, core data, important data, or a large amount of personal information being influenced, controlled, or maliciously used by foreign governments after going public overseas will be evaluated in the review.

Last month, authorities launched a rigorous cyber security review by a joint team of regulators on the ride-hailing company DiDi Chuxing.Observers believe that efforts to balance development and security have become a major issue facing the country's digital and internet industries.

The cyber security related industry in China reached 170.2 billion Yuan (26.2 billion US dollars) in scale in 2020, according to the latest report issued at this year's China Internet Conference. Strengthened governance will provide a healthier environment for the development of the Internet sector with an emphasis on national security and user protection.

Global Times:      SCMP:    BigNewsNetwork:     Illinois News:    Taylor&Francis:   

Shanghai Image: Unsplash

You Might Also Read: 

EU & NATO Agree To Confront The Chinese Cyber Threat:

 

« Hackers Steal $100m From Japanese Cryptocurrency Exchange
Social Media Tries To Protect Afghan Users »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BlackBag Technologies

BlackBag Technologies

BlackBag Technologies is an industry leading provider of forensics software, training, and eDiscovery solutions for Mac, iPhone, and Windows

Akin Gump

Akin Gump

Akin Gump practice areas include Cybersecurity, Privacy and Data Protection.

SAMATE

SAMATE

The Software Assurance Metrics And Tool Evaluation project is an inter-agency project between the US Department of Homeland Security and NIST.

Hague Security Delta (HSD)

Hague Security Delta (HSD)

The Hague Security Delta Campus is home of the leading cyber security cluster in Europe with an Innovation Centre, labs and training facilities.

Perception Point

Perception Point

Perception Point is a Prevention-as-a-Service company, built to enable digital transformation. Our platform offers 360-degree protection against any type of content-based attack.

Syhunt Security

Syhunt Security

Syhunt is a leading player in the web application security field, delivering its assessment tools to a range of organizations across the globe.

SBD Automotive

SBD Automotive

SBD Automotive are specialists in automotive technology providing independent research and consultancy to help create smarter, more secure, better connected, and increasingly autonomous cars.

NTIC Cyber Center

NTIC Cyber Center

NTIC Cyber Center is an organization dedicated to making the National Capital Region (Washington DC) more resilient to cyber-attacks.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

Open Raven

Open Raven

Open Raven is the cloud native data security platform that prevents breaches driven by modern speed and sprawl. Restore full visibility and regain control within minutes, without agents.

Mphasis

Mphasis

Mphasis is a leading applied technology services company applying next-generation technology to help enterprises transform businesses globally.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

Axur

Axur

Discover and eliminate digital fraud and risks on the web. Utilize Axur’s entire AI potential, along with thousands of bots dispersed throughout the surface web as well as the deep and dark web.

Panacea Infosec

Panacea Infosec

Panacea Infosec is a leading provider of information security compliance services. We help our clients in protecting their data, reducing security risks and fighting cybercrime.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.