China Has A 3-Year Plan For Cyber Security

Uploaded on 2021-08-31 in INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW

China has published an administrative regulation on major IT infrastructure security, which will take effect from September.

In a related initiative, the Chinese authorities have released a three-year draft plan for the cyber security sector, aiming to create a nearly $39 billion market for an increasingly crucial part of China's broad efforts to strengthen data protection and ensure continued growth of the platform economy.

The regulation stipulates that key IT infrastructure projects, which refer to IT network facilities and information systems of major industries in key areas, will come under the country's special protection.

The country’s Ministry of Industry and Information Technology (MIIT) released the draft of its most detailed strategy yet for the development of China’s cyber security industry for public comment, mandating that key industries, including the telecommunications sector to  devote 10 per cent of their IT upgrade budget to cyber security by 2023.

Measures including monitoring, defense, and proper handling of cyber security risks and threats from both home and overseas will be carried out so as to ensure that relevant facilities are protected from attacks, intrusions, interference and sabotage.

The regulation came as the country's major IT infrastructure faces severe security challenges including frequent cyber attacks, according to a State Council statement.

The regulation also called on operators of major IT infrastructure projects to bear their primary responsibility of maintaining the integrity, confidentiality and availability of relevant data. Requirements for these operators include conducting security checks and risk assessments every year, and prioritising safe and creditable internet products and services in procurement.

Personal information and important data collected and produced by the operators during their operations within the Chinese mainland should be stored in the mainland, the regulation said, adding that security assessments will be necessary for business needs of providing such data overseas.

China's cyberspace authority last month solicited public opinion for a draft revision to the country's cyber security review regulations.

According to the draft revision, information infrastructure and data operators that possess over 1 million items of personal information shall be subject to cybersecurity review before seeking a listing abroad. Risks such as critical information infrastructure, core data, important data, or a large amount of personal information being influenced, controlled, or maliciously used by foreign governments after going public overseas will be evaluated in the review.

Last month, authorities launched a rigorous cyber security review by a joint team of regulators on the ride-hailing company DiDi Chuxing.Observers believe that efforts to balance development and security have become a major issue facing the country's digital and internet industries.

The cyber security related industry in China reached 170.2 billion Yuan (26.2 billion US dollars) in scale in 2020, according to the latest report issued at this year's China Internet Conference. Strengthened governance will provide a healthier environment for the development of the Internet sector with an emphasis on national security and user protection.

Global Times:      SCMP:    BigNewsNetwork:     Illinois News:    Taylor&Francis:   

Shanghai Image: Unsplash

You Might Also Read: 

EU & NATO Agree To Confront The Chinese Cyber Threat:

 

« Hackers Steal $100m From Japanese Cryptocurrency Exchange
Social Media Tries To Protect Afghan Users »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyfor

Cyfor

Cyfor provides digital forensics and eDiscovery in civil, criminal, intellectual property, litigation and dispute resolution investigations.

International Computer Science Institute (ICSI)

International Computer Science Institute (ICSI)

ICSI is a leading independent, nonprofit center for research in computer science. Research areas include network security and privacy.

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

OpenText

OpenText

OpenText is a leader in Enterprise Information Management software and a portfolio of related solutions for Information Governance, Compliance, Information Security and Privacy.

AKS IT Services

AKS IT Services

AKS IT Services (an ISO 9001:2015 and ISO 27001:2013 certified company) is a leading IT Security Services and Solutions provider.

CYSEC NG

CYSEC NG

Cyber Security Challenge Nigeria Initiative (CYSEC NG) is the first, and largest offensive premier Cyber Conference and Hacking event in Africa.

42Gears

42Gears

42Gears is a leading Unified Endpoint Management provider. Secure, monitor and manage tablets, phones, desktops and wearables.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

FortifyData

FortifyData

FortifyData is the next generation of cyber risk management–a comprehensive platform that continuously evaluates your third-party, internal and people risks.

KryptoKloud

KryptoKloud

KryptoKloud offer a suite of Managed Services including Security Monitoring and Incident Response as well as a full portfolio of Compliance, Governance and Audit solutions.

Data Computer Services

Data Computer Services

Data Computer Services provides professional tailored IT Support and IT Services for businesses throughout Edinburgh and the Lothians.

Amiosec

Amiosec

Amiosec is a British cyber innovation business specialising in delivering simple-to-use solutions to the complex problems of the modern world.

Kaine Mathrick Tech (KMT)

Kaine Mathrick Tech (KMT)

KMT deliver comprehensive cyber-first outsourced technology support and solutions that scale with your business.

Operational Systems (OpSys)

Operational Systems (OpSys)

OpSys is a leading Managed IT and Cyber Security provider protecting the critical elements of businesses across the globe.