China Gives Police New Powers To Spy On Foreign Firms

Uploaded on 2019-03-17 in INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

Security experts have warned foreign firms operating in China that new laws may give the authorities more power to spy on and censor them.

Issued in November last year were updates to the country’s infamous 2017 Cybersecurity Law, dubbed: Regulations on Internet Security Supervision and Inspection by Public Security Organs.

They give the Ministry of Public Security (MPS) sweeping new powers to conduct remote pen testing and on-site inspections of any company with five or more internet-connected computers, which means virtually every foreign firm operating in the country today, according to Recorded Future.

The MPS is allowed to copy user information and check for vulnerabilities, if necessary using third-party “cybersecurity service agencies” to help them, which will increase the risk of vulnerability discovery and data leaks, the vendor argued. The law also gives the MPS the authority to audit firms for prohibited content, effectively enabling it to act as censor under the auspices of cybersecurity.

“Since the scope of inspections is not limited in these new regulations, Article 16 may also empower MPS officers to access parts of the company’s enterprise not even related to or within territorial China,” the report warned.

“The implications for unlimited remote inspections on the networks of international corporations could be far-reaching and create significant risk for customers and international operations.”

The MPS is also under no obligation to notify an organization when it is under inspection or of the results of that inspection.

The updates to the law come on top of wide-reaching powers granted to the Ministry of State Security (MSS) under the original Cybersecurity Law to conduct ‘national security reviews’ of various firms, the results of which it could use to conduct espionage operations.

Recorded Future urged foreign firms in China to prioritise vulnerability scanning and patch management to prevent state inspectors from “easily gaining unwanted access or escalating privileges.”

“Recorded Future recommends that all international corporations operating in China take measures to evaluate their technology footprint within the country, their evacuation and government relations policies, and their system architecture to minimise the impact of the law and effectively address the worst-case scenario if subjected to an MPS inspection,” it added.

“Altering company system architecture to keep connections between Chinese and international operations as segmented as possible is important to prevent inspections from spilling into corporate networks or databases with no connection to territorial China.

Further, keeping one’s employees safe and informed of the inspections should remain a top priority for companies operating within the country.”

Infosecurity:

You Might Also Read:

China Security Bill Calls for ‘Cyber Sovereignty’:

 

 

« Protecting Personal Data
NATO Agrees Collaboration On Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Inspired eLearning

Inspired eLearning

Inspired eLearning deliver solutions that help clients nurture and enhance workforce skills, protect themselves against cyberattacks and regulatory violations.

PlainID

PlainID

PlainID provides IAM teams with a simple and intuitive means to control their organization’s entire authorization process.

Anect

Anect

Anect is a leading provider of ICT security and services for hybrid and cloud solutions.

ESL Bangladesh

ESL Bangladesh

ESL is the Largest IT Infrastructure & Telecom Service Provider in Bangladesh.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

CNA Insurance

CNA Insurance

CNA offers a market-leading suite of cyber liability insurance products and risk control resources for businesses of all sizes.

Insight Partners

Insight Partners

Insight Partners is a leading global private equity and venture capital firm investing in growth-stage technology, software and Internet businesses.

Basque Digital Innovation Hub (BDIH)

Basque Digital Innovation Hub (BDIH)

The aim of the BDIH initiative is to provide industrial enterprises, especially SMEs, with the technological capabilities needed to meet the challenges of industry 4.0.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

FINX Capital

FINX Capital

FINX strives to solve the cybersecurity issues with its proprietary technolog, FINX SHIELD, by utilizing big data, blockchain combined with artificial intelligence.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

CDS

CDS

CDS is a strategic change agency enabling organisations and businesses to create and build better services to meet the evolving needs of customers, employees and citizens.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.

Moonlock

Moonlock

Cybersecurity tech for humans. At Moonlock, we make software that seamlessly protects you and has your back as you live your life.

Velotix

Velotix

Velotix empowers organizations to maximize the value of their data while ensuring security and compliance in a rapidly evolving regulatory landscape.