China Gives Police New Powers To Spy On Foreign Firms

Uploaded on 2019-03-17 in INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

Security experts have warned foreign firms operating in China that new laws may give the authorities more power to spy on and censor them.

Issued in November last year were updates to the country’s infamous 2017 Cybersecurity Law, dubbed: Regulations on Internet Security Supervision and Inspection by Public Security Organs.

They give the Ministry of Public Security (MPS) sweeping new powers to conduct remote pen testing and on-site inspections of any company with five or more internet-connected computers, which means virtually every foreign firm operating in the country today, according to Recorded Future.

The MPS is allowed to copy user information and check for vulnerabilities, if necessary using third-party “cybersecurity service agencies” to help them, which will increase the risk of vulnerability discovery and data leaks, the vendor argued. The law also gives the MPS the authority to audit firms for prohibited content, effectively enabling it to act as censor under the auspices of cybersecurity.

“Since the scope of inspections is not limited in these new regulations, Article 16 may also empower MPS officers to access parts of the company’s enterprise not even related to or within territorial China,” the report warned.

“The implications for unlimited remote inspections on the networks of international corporations could be far-reaching and create significant risk for customers and international operations.”

The MPS is also under no obligation to notify an organization when it is under inspection or of the results of that inspection.

The updates to the law come on top of wide-reaching powers granted to the Ministry of State Security (MSS) under the original Cybersecurity Law to conduct ‘national security reviews’ of various firms, the results of which it could use to conduct espionage operations.

Recorded Future urged foreign firms in China to prioritise vulnerability scanning and patch management to prevent state inspectors from “easily gaining unwanted access or escalating privileges.”

“Recorded Future recommends that all international corporations operating in China take measures to evaluate their technology footprint within the country, their evacuation and government relations policies, and their system architecture to minimise the impact of the law and effectively address the worst-case scenario if subjected to an MPS inspection,” it added.

“Altering company system architecture to keep connections between Chinese and international operations as segmented as possible is important to prevent inspections from spilling into corporate networks or databases with no connection to territorial China.

Further, keeping one’s employees safe and informed of the inspections should remain a top priority for companies operating within the country.”

Infosecurity:

You Might Also Read:

China Security Bill Calls for ‘Cyber Sovereignty’:

 

 

« Protecting Personal Data
NATO Agrees Collaboration On Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

JumpCloud

JumpCloud

JumpCloud's Directory-as-a-Service (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business’s employees and the systems and IT resources they need.

Mexis

Mexis

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

Tehtris

Tehtris

TEHTRIS XDR Platform was developed to control and improve the IT security of private and public companies against advanced cyber threats such as cyber espionage or cyber sabotage activities.

SightGain

SightGain

SightGain is the only integrated risk management solution focused on cybersecurity readiness using real-world attack simulations in your live environment.

Antares NetlogiX

Antares NetlogiX

Antares Netlogix are a leading Austrian service provider for IT security, critical infrastructures and managed security services.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

Jamf

Jamf

Jamf is the only Apple Enterprise Management solution of scale that remotely connects, manages and protects Apple users, devices and services.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.

Vali Cyber

Vali Cyber

Vali Cyber was founded in 2020 with the mission of addressing the specific cybersecurity needs of Linux.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.

CyberAI Group

CyberAI Group

CyberAI's mission is to pioneer the evolution of the cybersecurity landscape globally, by strategically acquiring and elevating IT consulting firms into leaders of cybersecurity innovation.

Adili Group

Adili Group

Adili Group is a leading pan-African corporate advisory firm. We deliver tailored solutions in regulation and compliance, risk management, and improving business efficiency.